6 posts • joined 9 Jan 2009
Too much info in too few X-Spam headers
Trevor, if I may:
The solution should have been to have a separate X-Spam header that *only* carries the black-or-white status of YES or NO, and no other information.
X-Spam-Flag, X-Spam-Is-It, or whatever.
But I'm way too late to help you :)
Imagine a Beowulf cluster of those!
Sorry, sorry, this just hasn't been said in a long time, has it?
I'll get my coat.
TimThumb is not a WordPress plugin.
It is more commonly a part of themes and other WordPress plugins, so you won't know that your TimThumb is out of date. You have to trust that the WordPress plugin creators provide an updated version.
Unfortunately, many of the plugins and themes using TimThumb are commercially paid editions which are not managed directly by WordPress' own plugin database, you download and install them semi-manually or fully manually.
Also, these plugins and themes rarely publish which TimThumb version they use, they don't publish security advisories or notes regarding their products, and and and.
Nevermind that the entire concept of TimThumb is b0rken, technically speaking. :)
Generally, allowing pluggable PHP code is a Bad Thing security wise.
And we never did!
That is, at home we started with a 5 MB HDD connected to the dual-drive IBM PC. We never managed to fill that disk, and couldn't see how it would even be possible.
Later, we upgraded to an IBM PC XT with a 10 MB HDD, and then we filled it, of course. :)
Yes, Flash 10 is vulnerable.
The link IS in the advisory that El Reg links to, but the iDefense advisory sucks royally.
"iDefense has confirmed the existence of this vulnerability in latest version of Flash Player, version 22.214.171.124. Previous versions may also be affected."
Well, that's not the latest version of Flash Player, not by a long mile. This marks down iDefense as an unreliable source for advisories in my book.
It's not as if botnets ...
... have much CPU power available for massively parallel computing, now is it?
- One HUNDRED FAMOUS LADIES exposed NUDE online
- Google flushes out users of old browsers by serving up CLUNKY, AGED version of search
- China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
- GCHQ protesters stick it to British spooks ... by drinking urine
- Twitter: La la la, we have not heard of any NUDE JLaw, Upton SELFIES