Recently, Thursday 11/5/09, a few folks over on the IETF mailing list went public with a limited Man-in-the-Middle attack on SSLv3 and TLS. There has been quite a bit of press coverage on this issue's severity. However, the way this attack can be used is proving to be more dangerous in specific contexts...
In Part 1 of the series on interesting headers, I talked about leaking hostnames. In Part 2 , it was PHP errors. In Part 3 I bring you... the funny stuff. Not funny, like how Mark Mcgwire's rookie card is now $5 on ebay compared to the hundreds it once was (and that I have 5 of them for some reason...
While my rookie Mark McGwire cards aren't appreciating at all, my header collection is. Check these actual headers out: php warning: Unknown(): Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20020429/mysql.so' - Cannot open "/usr/local/lib/php/extensions...
Some people collect coins, DVDs or comic books. Others collect cars or Star Wars toys. Among other things, I like to collect HTTP headers. They take up a lot less space than cars, and can have a much higher return value than Mark McGwire's rookie card--as long as you something interesting. From time...
Sun Microsystems announced today that Netscape Enteprise Server, one of the original grand-pappys of "modern" web servers (which excludes NCSA--sorry fanboys... I know you're out there), has been released under the BSD license. This isn't the really old one that (hopefully) no one uses...
IE dropped support for URL authentication (e.g., http://user:pass@example.com/ ) around 2004. There are plenty of discussions out there about the merits and problems with URL authentication, so I won't comment on it yet again. However, it is still in the RFC . If you try to load a URL with authentication...
I’ve been running a lightweight web crawler for a while just to look for interesting things. Recently I’ve noticed several web sites with hyphens at the beginning or end (or both) of their subdomain names/labels. The first time I saw it, I chalked it up to a link error, but after noticing it a few times...
You have likely been tracking the mass SQL Injections that are currently sweeping through the net. Just last night I was shopping on www.ihomeaudio.com when I noticed they had been injected (they have since fixed their site). HP started to observe these attacks in January. They spread to over 500,000...