Security
Should we release 5.3 with the pppd vulnerability intact?
http://people.freebsd.org/~delphij/patch-pppd
参与评论Fighting against spamming
It seems that my blog get spammed by various parties. I hereby declare a war against spamming, also for e-mails.
You’re being watched and identified from this point on. Once you spam my blog, I guarantee that your activations are being tracked and analyzed with my knowledge base system and finally I will be able to keep everything from you off my site.
参与评论不按RFC走?那你必然会遇到麻烦
RFC也许有时让人觉得过分冗长,但是如果你没有耐心去完全实现它,它就会在不经意间突然咬你一口。
可怜的端木就被咬了……
今天这家伙发了一封邮件给我。
嗯?3.5分?
阅读全文…Solving issue appeared after Windows XP SP2
Windows XP SP2 is an important update and have introduced many security improvements. However, after installing Windows XP SP2, some graphical identity systems will be rendered to be useless.
The root cause is that these systems makes use of a special MIME type: x-xbitmap, or so called “XBM”.
XBM is originally developed by the X community. Presently it is uncommon on the web. However, banks like China Merchant Bank utilizies this format for authentication.
阅读全文…Finally got FreeBSD Handbook's Security chapter translated!
Finally done my task! So glad to announce this ;-)
参与评论25 letters left before Bayesian system can functional again on beastie.frontfree.net!
It seems that I still need 25 spams before I can get beastie.frontfree.net’s Bayesian system to be functional again. This really took me long time because nowadays PhantasmMail has much better spam dealing policies.
参与评论Seems that Windows XP SP2 CHS has not released after ENU edition released for 13 days
It seems that Microsoft is still testing/finalizing the Windows XP SP2 release. Up to today’s check, it is not released here. Interestingly, a Korean edition (Korean is another asian language, which is usually listed with Chinese) has been released much more earlier, even before Japanese and Chinese (both Simplified Chinese and Traditional Chinese) editions.
阅读全文…Aha... MD5 is vulnerable
Researchers have announced preliminary indications of previously unknown vulnerabilities in popular security algorithms that could permit hackers to easily install undetectable back doors into computer code or to counterfeit electronic signatures. French computer scientist Antoine Joux reported on Aug. 12 his discovery of a flaw in the MD5 algorithm, which is often used with digital signatures. The algorithm is known as a hash function, which extrapolates from all input a unique fingerprint; however, if a hacker could produce the same fingerprint with a different input stream, then the resulting hash collision would authenticate software as safe to download and execute even though it contains a back door. MD5 is employed by the open-source Apache Web server product as well as Sun Microsystems’ Solaris Fingerprint Database, and the flaw Joux uncovered means that a hacker can produce one hash collision in a few hours on a standard PC. Meanwhile, four Chinese researchers issued a paper reporting that the SHA-0 Secure Hash Algorithm could be subverted, while Israel Institute of Technology researchers Eli Biham and Rafi Chen revealed at the Crypto 2000 conference on Aug. 17 that they were investigating possible flaws in the SHA-1 algorithm, the only signing algorithm approved for use in the U.S. Digital Signature Standard. SHA-1, which is incorporated into popular programs such as SSL and PGP, is thought to be secure because knowingly producing hash collisions via existing methods is impossible. SHA-1 depends on a computer executing a routine 80 times as it tries to create a unique fingerprint, and Biham declared that he was able to copy the fingerprint for 36 of those 80 executions. If SHA-1 shares similar vulnerabilities with SHA-0, then attempts to falsify a fingerprint would be sped up about 500-fold.
阅读全文…New anti-spam mechanisms (a.k.a. the antispam component of "delphijmail" 3.0) deployed on beastie.frontfree.net
For those who is interested, I have deployed the stuff after 3 months’ test.
The major difference between traditional Frontfree Mail System and this is:
阅读全文…有意思的新闻
http://computer.online.sh.cn/computer/gb/content/2004-07/01/content_888740.htm
你能相信一个连自己老窝都罩不住的操作系统吗?你能相信一群连自己老窝都守不住的人研制的内核吗?
哦,咳,咳,咳,听说了么?那个去年搞得GNU FTP差点彻底玩完,自己的bk服务器被人家添进奇怪代码的操作系统内核,又蹦出来拯救世界了!
阅读全文…