Posted on June 24th, 2009 at 18:43 by fr3@K
又被 hack 了, (上一次的紀錄) 這次的狀況跟 這邊 說的一樣. 準備升級至 Wordpress 2.8.
一直用的 foundation theme 早已是個孤兒沒有人維護, 換哪個 theme 才好呢?
Blog Pwnd, Again
Posted on June 24th, 2009 at 18:43 by fr3@K
Posted on June 24th, 2009 at 18:43 by fr3@K
Author of NoScript Apologized
Posted on May 7th, 2009 at 11:38 by fr3@K
Posted on May 7th, 2009 at 11:38 by fr3@K
Giorgio (author of NoScript) apologized and explained things from a somewhat different (i.e. his) perspective.
As Giorgio said himself, it was wrong and there is no excuse. Though, from a user’s point of view, I do not agree with his doings in this instance. However, from a geek’s (i.e. my) point of view, they were not unthinkable.
My take, Giorgio was hacking, not for the greater good obviously, but there was no intention to takeover the world (or helping bad guys doing so) neither. That is if it is his true thinking that he told us.
For now, I am keeping NoScript.
NoScript Gone Bad!? WTF!
Posted on May 5th, 2009 at 0:55 by fr3@K
Posted on May 5th, 2009 at 0:55 by fr3@K
Users of NoScirpt, read this (in Chinese) and this (in English)!
I am researching for alternatives to NoScript, if anyone has any idea, please drop me a line.
[Update]
Author of NoScript apologized.
A Productive Day
Posted on September 27th, 2008 at 22:02 by fr3@K
Posted on September 27th, 2008 at 22:02 by fr3@K
今天真是多產的一天啊, 連這篇也算的話今天已經寫了四篇文字. (文字的內容與品質則是另外一回事) 這該是個人最高紀錄了吧! 這代表了一件事情 – 我實在是太不務正業了!
昨晚開始拜讀 Rootkits, 加上今天上廁所的時候看了幾頁, 目前進度只有二十來頁. 怎麼說這都是我現階段要拿來吃飯的傢伙, 不能擺爛啊. 只是手邊積了幾篇寫了一半的文字, 不把它們寫一寫, get them out of the system, 老是覺得不是很自在.
這本書作者的寫作功力跟技術實力都很強, 雖然主題與我傳統上的興趣沒什麼相干, 但目前為止讀起來很好玩. 看來我很可能會上鉤, 以後又多個題目玩耍了.
拼一下看睡前能寫多少算多少, 明天繼續 root.
Security Enhanced CRT, Safer Than Standard Library?
Posted on September 15th, 2008 at 0:48 by fr3@K
Posted on September 15th, 2008 at 0:48 by fr3@K
In a blog post Danny Kalev published earlier this year on InformIT, an example was presented demonstrating how one could write valid but insecure code involving vector and auto_ptr which compiles without any warning, despite other warnings Micorsoft’s recent compilers would’ve issued against standard compliant code. Along with other points he made in the post, Danny suggests Micorsoft doesn’t really care about your code safety. I couldn’t have agreed with him more, and would like to contribute my own analysis (aka. my two cents) in support of Danny’s finding.
(more…)
iGoogle, Not Safer than Anything Else?
Posted on August 10th, 2008 at 17:51 by fr3@K
Posted on August 10th, 2008 at 17:51 by fr3@K
Some of my friends use iGoogle as a portal for handling daily office routines. They had been selling me the solution for a while. They were able to get me to give iGoogle a test drive a few weeks ago.
(more…)
Knock Knock, You’ve Been Hacked!
Posted on April 6th, 2008 at 7:31 by fr3@K
Posted on April 6th, 2008 at 7:31 by fr3@K
I received an email yesterday afternoon, informing me this blog has been hacked:
Regarding fsfoundry.org,
This email is not an April’s fools email and it has been sent to notify you that your blog’s version is old and needs to be updated ASAP as it was hacked.
While tracking some Viagra spammers I have come accross several links coming from your blog and, after testing it, it appears your blog is 2.1.* generation hence vulnerable to SQL injection blind-fishing attacks. Search Google to learn more. In a few words: spammers can take full control of your blog in a matter of minutes and deface it at will.
These attacks are as serious as they can get as the spammers have full access to your blog and add hidden HTML elements to mask their links.
You MUST update your blog to the latest official WordPress version and manually clean your last 5-10 posts of the parasite links which you will only see in HTML view.
Not doing so may attract severe search engine penalties as you are currently linking to sites with VERY bad reputation.
Hoping you will take required action,
A.S.S. (Anonymous Security Specialist)PS: I got your email address from your Dashboard / Users Management Section. I have warned many during the past months regarding the vulnerable blogs, being a blogger myself, but it seems I haven’t warned everyone. Lateste WordPress is secure.
PPS: Your login name is XXXX and password hash is XXXXXXXXXXXXXXXXXX
SiteMeter is Now SpyMeter?
Posted on April 26th, 2007 at 23:45 by fr3@K
Posted on April 26th, 2007 at 23:45 by fr3@K
SiteMeter 是一個提供幫助 web master 了解 viewer 瀏覽網站行為 服務的 provider. 有太多網站, 尤其是個人網站與部落格 (包括 COdE fr3@K) 使用他們的 free package.
大約幾周前, 除了原有的 SiteMeter, 我在站上另外加裝了 StatCounter (一個較少人使用, 提供類似服務的 provider). 今天有空看了StatCounter 的 一篇 blog, 才驚覺 SiteMeter 可能已經被 SpecificClick Network (一家專門側錄分析使用者在網上行為的公司) 收買. 雖然 StatCounter 沒有指名道姓, 但很容易就能猜到說的是 SiteMeter.
只用密碼而沒有用戶名?
Posted on October 1st, 2006 at 12:07 by fr3@K
Posted on October 1st, 2006 at 12:07 by fr3@K
只用密碼認證? 非常有趣的 idea. 我不是 security 專家, 但還是覺得這篇 blog 不全然是在胡謅一通.
只是這樣不反而造成前人需要更改密碼的機會大大增加了?
密碼改了幾次, 還能記得嗎?
為了要確保能記住密碼而用了身份證號碼, 爸爸的手機, 媽媽的生日, 女朋友的三圍做密碼…. 這樣密碼還安全嗎?
SSHing Hosts with Different Usernames
Posted on September 28th, 2006 at 20:43 by fr3@K
Posted on September 28th, 2006 at 20:43 by fr3@K
應該有不少人跟我一樣, 有好幾個在不同的地方 shell 帳號. 有自己的機器上的, 有公司的, 有花錢租的 virtual host, 有參加 FOSS 相關計畫用的. 這些帳號 (login name) 常不一樣.
當我在這些機器上 ssh 過來 ssh 過去的時候, 常得多敲好幾個鍵, 把 login name 餵給 ssh. 今天被這事情搞煩了, 認真把 ssh_config 的 man page 看了, 產出就是 ~/.ssh/config:
# Office
Host office-domain.name *.office-domain.name 192.168.* some-office-machine-name
User login-name-at-office
# Some project
Host shell.foss-project.org
User another-login-name
