.
Bitland.Net Security Notes            Comments? email jwilkins-at-bitland*net
More information on the author at Jonathan Wilkins's home page
RSS feed available at http://www.bitland.net/index.rss               Add to Google
Archives: 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000
Multiple Instances of Portable Firefox  |  (2006/12/04 20:20)

Firefox Portable is great when you want to test against prior versions of the browser, but by default it doesn't allow multiple instances. This means you can't run it alongside your current version of Firefox or under different profiles simultaneously. In order to fix this, just copy the file FirefoxPortable.ini from the Other subdirectory of your portable Firefox installation to the same directory as FirefoxPortable.exe and change the AllowMultipleInstances line to true.

+digg  |  +del.icio.us   |    [Web ]   |   Permanent link
Only allow GET and HEAD requests under Apache  |  (2006/12/04 19:00)

Disallowing TRACE under Apache is a standard requirement for most sites these days due to Cross Site Tracing (XST). Most pages that make this recommendation suggest using mod_rewrite (./configure --enable-rewrite) and an entry in httpd.conf like the following: 
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]

This is fine, but lots of times the other verbs aren't needed anyway. Given that, why allow them?

Here's a better ruleset: 
    RewriteEngine on                                                            
    RewriteCond %{REQUEST_METHOD} !^(GET|HEAD)                                  
    RewriteRule .* - [F]

You may need POST or other methods, but it's simple to add them. Also note that if you're using virtual hosts, you have to place this in each VirtualHost section as it's not inherited by default.
+digg  |  +del.icio.us   |    [Web ]   |   Permanent link
Tinfoil Hats *Magnify* Radiation  |  (2006/12/04 12:00)

Just linking this piece of silliness because I read it over the summer and then lost it and needed it in a conversation recently.

MIT grad students investigate the effectiveness of tin foil hats "Overall, the foil effectively weakened radio waves by up to 10 decibels over most of the frequency spectrum (there were no significant differences among helmet shapes). But at 1.2 and 2.6 GHz which fall within the band reserved for government satellites, GPS systems and mobile phone corporations passage through the foil amplified these waves by 20 to 30 decibels"
+digg  |  +del.icio.us   |    [Weird ]   |   Permanent link
RSS feed available at http://www.bitland.net/index.rss