I've got a few interesting links that I thought I'd share.
Up first is a map with the location of Google Data Centers (via Google Blogoscoped). This is actually pretty cool to check out.
Next is OpenPacket.org, which I'll probably do a post about again sometime soon. For now a brief intro though. This is a great concept... a place where people can upload their packet captures, so that others can download and view them. This can be used by everyone... students, researchers and enthusiasts. I think first and foremost, it's a great learning tool, however if a certain level of quality is maintained, everyone will benefit from this project.
The last, and probably most interesting, is a Google XSS that Billy Rios blogged about. The XSS takes advantage of the fact that certain browsers (IE was used, but it was mentioned that others can be affected by this) don't always use the content-type suggested by the server. In many cases the browser will attempt to determine the content-type on it's own. This means that enough HTML in a response with content-type: text/plain will be rendered by IE (and in some cases other browsers) as HTML.
That's all for now...
Some new software shipped that I should have mentioned, and apparently it go past me..
The first is OpenSSH 5.0, release quite shortly after OpenSSH 4.9 (I believe it was 4 or 5 days). The following was attached to the release notes:
We apologise for any inconvenience resulting from this release
being made so shortly after 4.9. Unfortunately we only learned of
the below security issue from the public CVE report. The Debian
OpenSSH maintainers responsible for handling the initial report of
this bug failed to report it via either the private OpenSSH security
contact list (firstname.lastname@example.org) or the portable OpenSSH Bugzilla
The security issue in question was CVE-2008-1483.
The second piece of software is W3AF Beta 6. The Web Application Attack & Audit Framework is designed to create an extensible framework for finding and exploiting web application vulnerabilities. Beta 6 introduces a GTK UI, new plugins and bug fixes.
A few days ago I updated the site, and I must say... WP2.5 is awful... I'm actually disappointed that I had to upgrade. Having used typepad, WP, Greymatter, blogger and Serendipity... I was actually a really big fan of WP and thought it was about as good as they come. Now I'm not too sure about that. The user back end on 2.5 is awful... It's slower than the old UI was, it's not laid out nearly as conveniently (yes they made it less intuitive) and it's ugly... I realize it's an attempt to go more Web 2.0ish, but they failed miserably... In all the time that WordPress has powered this blog, this is the first time I've been completely disappointed and considered moving to new software.