funkatron.com

I’ve been getting a lot of comment spam lately, so I’ve installed Bad Behavior, which takes a different approach to spam blocking:

Bad Behavior was designed and built by watching actual spambots which harvested email addresses, posted comment spam, and used fake referrers. By logging their entire HTTP requests and comparing them to HTTP requests of legitimate users, it is possible to detect most spambots.

Let me know if you have any problems. I’ll post some impressions after I’ve used it a bit.

I did a seminar today on web app security. I’ve got the slides up over here:

http://homes.cerias.purdue.edu/~coj/

The video should be back to us next week. I’ll post it then.

I wish I had more time. I had seen these seminars go 1:20 before, but I guess this year they have another class in the same room, so I only had 50 minutes firm. I really had to rush through everything. It was pretty broad, and a lot more depth could have been given.

Worst. SQL. Injection. Vulnerability. EVAR.

Blake Ross on Firefox and Beyond » The new Firefox tag line

“Firefox?” The Rabbi stops and thinks for a minute, rubbing his beard. “Ah yes! The one that blocks all the schmutz.”

WordPress 1.5.1.3 Available:

…an important security issue was brought to our attention which required an update for our users. The problem is not yet public but you should update your blog as soon as possible to 1.5.1.3. If you are unable to do upgrade in the short-term you may protect yourself by deleting the xmlrpc.php file from your WordPress directory.

Obviously if you use the XML-RPC interface (for posting from client apps and external services like flickr), deleting the xmlrpc.php file is gonna be less than appealing.

• Get WP 1.5.1.3