I upgraded wordpress on my uniform server to 2.0.3 and got stuck in an endless loop stating that I needed to upgrade. Solved by running the upgrade url in ie instead of firefox.
Month: June 2006
Having said that, it doesn’t look that malicious – you would have to be tricked into entering data into one page, which can then be sent to the malicious site at the same time, so you are probably only at risk if you do random surfing or surf in dodgy web site areas in the first place – and if you are doing that then I really hope you are not running internet explorer (or as an admin!)
After attending a Vista Management webcast yesterday I was all fired up to install Vista on one of my older pc’s – unfortunately it was only open to msdn subscribers (which my company is) but I didn’t have the information to download it. However, thanks to the JCXP I’ve got my own copy as it was released today. Currently downloading the ISO now. Not sure how long it will take and I hope that the huge thunderstorm we are having right now doesn’t take the powerout at 99%
I setup my wrt54g with openvpn support and enabled the OpenVPN server as per the wiki documentation and it works great.
Now I just need to ensure that my web browsing is being tunneled through this interface when connected remotely and I’ll be able to surf remotely and securely.
I discovered that there is a replacement to cacls called xcacls.vbs which can be downloaded from kb article 825751 which has instructions on how to use it. Not sure why there is a new version, but the output from the vbs script does look a lot nicer than cacls. Hopefully it doesn’t blow up permissions like cacls did for me once.
I was initially under the impression that only 10.1 was vulnerable to the new exploit that went out, but apparently it’s almost every 10. version of the software. The web page at symantec’s sym06-010 page is good for providing links on what needs to be upgraded to what version. This is something that symantec is VERY poor at doing – I’ve never received a new patch level notification or anything, apart from the marketing push to upgrade to the latest version – but even then the latest versions that I’ve been sent haven’t been the latest version and have needed patching!
I got asked a question at work today that had me stumped (although spf might be a solution).
The scenario:- The spammer create a spam email and spoofs the from email address. The From email address is set to be a spamtrap email address – one of the emails that will blacklist your domain if you send email to it.
The email then gets sent out to a million people – several of whom have out of office assistants turned on, and so they reply to say they are out of the office.
The result:- The spamtrap email address gets an email from your domain and your domain gets blacklisted. Your users can’t send emails to valid recipients and spamcop takes forever (12-24 hours on the best of days) to get your machine white listed again.
So my question is – how do you solve this problem or work around it? You need to keep out of office on so that genuine users will know if their email is going to get read or not. I was thinking that possibly spf would work. A user who is likely to check spamcop for blacklists is also likely to check spf records. If you have spf records set, then the spoofed email would not be accepted in the first place…… The only flaw with this is that it relies on both the relay machine AND the recipients to do spf checking – and not a lot of people do that.
I contacted 1&1 the other day to see if I could set up spf records for helsby.net but they don’t support it on any of their packages – seems a shame, but also seems to be in keeping with their policy of not letting you getting your hands dirty in the real management of the network and making everything gui-ized.