Category: Security

Link: JSESSIONID considered harmful

Craig Condit makes a strong case against JSESSIONID in JSESSIONID considered harmful. And I just learned that it is disabled by default in Grails 1.1.

Tagged with: , ,

Prodigy Infinitum, SMTP through port 25, botnets and such

After pulling my hair for a couple of days I just realized that my DSL provider is blocking all outgoing connections to port 25 with an ICMP Unreachable packet, which translates as a totally bogus “no route to host” message

Tagged with: , , , ,

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

What’s so special about this number? How is it different from -say- 0x09F911029D74E35BD84156C5635688BF or from 0x09F911029D74E35BD84156C5635688C1? More importantly: can someone copyright a freaking number? Read rudd-o’s Spread this number post and find out why 0x09F911029D74E35BD84156C5635688C0 is so important.

Mitigate the .WMF vulnerability with Exim, Squid and SquidGuard

Unless you’ve been on holiday leave you’ve probably heard about the WMF vulnerability by now. Everything seems to indicate that Microsoft won’t take action to patch this gaping hole before January 9th, so here are a few measures to be