John Adams’ views on emerging technologies, software engineering, and various hacks
I’m announcing the release of mod_memcache_block, a distributed IP blocking system for Apache, with rate limiting based on HTTP request code.
For many years I’ve had a need for a module like this — A distributed blocking system which could operate across large web serving clusters and register hits in a central store. With rate limiting, [...]
Often on our local network, someone will start using up all of our outbound Internet bandwidth, and this leads to the network administrator’s dilemma:
How do we find the user in question so we can thump them on the head to make them stop?
This is a basic exercise in information gathering. For the most part, [...]
I’m heading to Defcon 16 on Thursday to talk to some fellow hackers, meet colleagues, and to hopefully, not lose my shirt in Vegas. I think I’ll be much too busy to gamble, really.
For a conference that is so technically minded, they didn’t post the conference schedule in a useful format (HTML only! ew!), so [...]
If you’re responsible for DNS at your organization, I urge you to immediately download updates for your DNS servers and patch them, today. Dan Kaminsky and other members of the DNS community announce that they are releasing patches for an extremely serious cache resolver issue impacting many vendors of DNS software, including ISC BIND and [...]
Many Unix users are familiar with the system-wide english dictionary, known as /usr/dict/words. Nearly every word in /usr/dict/words has been registered by domain squatters, and most variants of the words are already in the brains of every automated password cracker on the planet.
This wordlist is a source when performing research on frequency tables and [...]
Over at Chris Shiflett’s blog (he’s the author of Essential PHP Security) he’s got a nice writeup on foiling cross-site scripting attacks on web sites.
While this is an older article ( from 2004 ), it still addresses many dangerous issues that developers continue to create in production code.
One of our developers here recently wrote a [...]
