Security

How to disable Outlook's level 1 attachment blocking feature

I’d say I really dislike this feature, it always prevent me from being able to receive attachments and does not actually block virii since I have some carefully designed security mechanisms installed on my computer.

Of course someone may say “Outlook sucks, don’t use it!” but I won’t say that. Outlook is a great product that is very safe if you have configured it *CORRECTLY*. The feature of the attachment blocking, while may be useful for not experienced users, will harm users that is experienced and is highly security-aware when communicating with non-experienced folks.

我不是都说了吗……连自己的老巢都让人端了的系统你没法相信

于是他们又来了。

如果你正在用Linux kernel 2.2.x，2.4.x(从开始到2.4.29-pre3)，2.6.x(从开始到2.6.10)，那么你就有事干了。通过合理地注入代码，任何人都可以拿到root，因为kmem_cache_alloc()的执行过程被打断，则VMA的红黑树可能会在不希望的地方插入一个节点，并进而通过LDT调用门获取CPL0特权。

关掉了publisher ping

昨天下午接到通知说这台机器不能往外主动建连接了，本来想说道两句，但后来觉得其实有几个能连出去的端口就足够了，终于等到这一天啦，更何况我觉得那个服务没给我带来任何好处，没有也就没有了，还什么XML RPC，搞笑，traceback是什么呀？申请了没有？

其实不能连出去挺好的，再也不用担心像从前公司的服务器突然被告知「连接了某某网站，根据某某部门的要求，现停闭你公司服务器，特此通知」的事情了。

jdk 1.4.2 patchset 7 released

This should be considered as a “security release” somewhat. I’m building package for it at company’s buildbox, and it would be deployed internally.

delphij.net part on cnftp nuked

I’ve finally decided to move out from cnftp as I can’t figure out when, what and why its configuration that can influence my site keeps changed from time to time. Everything pulled out, and the httpd configuration has been removed to reflect this without misleading people who has decent DNS records cached in their DNS mirrors.

Still don’t know why a simple upgrade will cause GB2312 to represent in UTF8 errornously. Maybe when I have time, but not now.

OpenBSD has netcat in their base...

And seems that they have re-implemented it… Why netcat… I can’t understand it…

正式部署了反垃圾comment插件

实在是不得已而为之，spammer越来越过分了。comment插件一口气删掉了将近300条垃圾comment。

Kill spam!!

看了看ACM发来的spam专刊

感觉现在反垃圾技术发展到了一个坎上，短期内恐怕不会什么大的技术突破。基本的技术就是黑白名单、内容分析、特征分析。垃圾邮件发送的技术最近也没什么大的进展，目前我能够做到的漏判大约是万分之七，误判万分之五左右，前一阵考虑的技术还没有时间去做……

[RESOLVED] Strange issue that ntpdate can't sync time

So, it’s in security category.

With ntpdate time-a.nist.gov I got “No server suitable…”.

And then I have asked my network administrator.

Then I got a point that there’s some rules in filter.

But ntpdate -d works.

Then I tried ntpdate -u.

Then, it works…

Fast jail vs qmail

It seems that the official FreeBSD qmail port’s disable-qmail (as well as the Live with Qmail documentation) will need write access to /usr/bin and /usr/libexec, and hence the “fast jail” script I have written has been rendered useless :-(

I will investigate the issue this weekend and hopefully I will be able to work around the issue.

• ← 上一页
• 下一页 →