Made to Order Software Corporation Logo

Alexis Wilke's blog

Make sure your Thunderbird does not use SSL to avoid POODLE attack

A few days ago the news that SSLv3 was no good came out. The protocol allows for patterns that can be used by a hacker to decipher an encrypted message without the need for the private key. In other words, encryption using SSLv3 is no good (anymore--it never was, but we know this only now.)

We fixed our Apache2 settings, for those interested, you just have to turn off SSLv3 with the following setting:

SSLProtocol all -SSLv2 -SSLv3

Although to really remove all the encryption methods that are not that secure (can easily be cracked) you also want to change the list of ciphers with:

 ...

Another reason to like SeaMonkey!

As I mentioned before, I like to use SeaMonkey. In general, browsing wise, it is very much like Firefox so that's good for those people who like Firefox, they can switch without losing much else than the location where the toolbar buttons are (Quite a few are in different places).

The thing I discovered today, though, is really cool. I put a path to an email saved on my disk to see whether the HTML in that email was valid or not and it loaded at once. Just before hitting Enter I though, wait... I probably should remove the email header. Nope. No need. It actually recognized the data and ...

CAPTCHA is not working against all robots anymore but...

Also many reCAPTCHAs are being bypassed, it still work against robots.

The main reason for the bypass is the fact that some people get paid to resolve those reCAPTCHAs. In other words, some people are offered a job to do just that! They go to a computer, resolve many reCAPTCHAs and get paid something like 2 cents per successful resolutions. The result is that websites with reCAPTCHAs still receive a lot of spam!

Yet, when a stupid robot (opposed to a person) access the site, the robot tries again and again from the same computer. This means we'll get many failures from the same IP ...

US Zip Code overlay on Google Maps

Today I had a need to find out a set of zip codes that would match a delivery area for one of my customers. I was wondering how could I find out all the zip codes over a given area...

Searching a little bit I found a website named zipmap which actually does just that. The entire US is covered and you can navigate it just like you navigate a regular Google Map view. Very practical!

You can easily move around, zoom in and out, and you even see the map with street names in the background.

Bad Google Indexing "Secure" Pages...

About a week ago I got a customer who started having their website appear in Google with HTTPS (the secure version of the site.) The pages are served securily, but it uses our website certificate so you get a big bad error saying that everything is broken and if you proceed you'll know what hell is like.

"This Connection is Untrusted" by FireFoxThe fact is that this customer never had a secure certificate. In other words, there is no reason for the site to have been referenced with HTTPS unless someone typed a link to their site and inadvertendly entered https://... instead of http://...

I checked a few of the pages where there ...

Alan Turing Centenary

Starting tomorrow, Jun 23, 2012, many countries are to celebrate the centeray birth year of Alan Turing. Alan created the Turing machine concepts and formalized algorithm and computation that are now in use in all our computers (including your portable phone and your electronic watch.)

He actually participated to the creation of the first electronic computer during second world war in England. His algorithms and knowledge of cryptography gave him the necessary skills to crack the encoding of the German Enigma Machine (a form of printer that would encode messages with a level of complexity too ...

Getting Rid of Deactivated Facebook Friends

I was slowly nearing 5,000 friends when all of a sudden I had 5,089!

Wondering what was happening, a post on the Blackhat World forum caught my eye as someone mentioned the fact that he had 5,700 friends. The answer was that deactivated friends do count (they are counted as part of your friends even though they do not have an account anymore!)

I went on asking how I could get find those and you actually simply have to look at your list of friends and deactivated accounts have no picture and no "Friend" button to the right. The following picture shows you what I'm talking ...

1930 Domain Names Proposed to ICANN

This year ICANN offered businesses to proposed top level domain names to add to the existing top level domain names such as .com and .info. It received 1930 propositions. Some are regional such as .alsace and others are brands such as .google and others are broad names such as .cart and .art.

Now comes the work of choosing which names will indeed make it and which will be dropped. Plus some names such as .app were proposed by multiple companies and that means additional deliberations to know who will be awarded that TLDN.

The following table defines all the names. The table is nearly 500Kb ...

CSS3 media queries

CSS is improving with the introduction of CSS3.

Contrary to the previous version, CSS3 supports selections that are very advanced, offering capabilities close to what you could write in JavaScript.

Today I wanted to talk about the Media Queries because that can be used to very much optimize the list of links used to load your CSS data.

In HTML, you can use a <link ...> to add a CSS file to your page.

<link rel="stylesheet" type="text/css" href="style.css" />

In this case, the file style.css will always be loaded, whatever the media being used.

South Sudan top-level domain is .ss

Very recently, Sudan was split in the northern and southern part. The southern part has a new name: South Sudan. It is now official and the new ISO country code given to this new country is SS.

This means their country top-level domain name will be .ss.

Assuming they open their domain name to all world wide, this is going to be quite interesting! There are many words in the English language that end with .ss such as dre.ss, and stre.ss, and le.ss...

If you're in the domain name business, look out for those! If it works like other top-level domains, these will go really quick and make ...

Syndicate content Syndicate content