Published: December 28, 2016
Titles like “Critical PHPMailer Flaw leaves Millions of Websites Vulnerable to Remote Exploit” or “PHPMailer Bug Leaves Millions of Websites Open to Attack” are great if you’re looking for clicks. However, when you take a closer look, you’ll see that these aren’t exactly accurate.
Blast radius of phpmailer was greatly hyped by bug author: requires app to use fairly sophisticated mail address validation (or none at all)— Kenn White (@kennwhite) December 27, 2016
Here, I’ll take a level-headed look at recent vulnerabilities found in PHPMailer, CVE-2016-10033 and CVE-2016-10045.
Published: December 23, 2016
Between massive log files and big code bases, if you’re a developer, there’s a good chance you spend a lot of time searching.
grep is typically the old standby here. I know I’ve used it just about every day for as long as I can remember.
However, there’s a new kid on the block that goes by the name of
ripgrep (executable as
rg) that’s really stirring things up. Let me show you what there is to like about
Published: December 21, 2016
When writing an ordered list, numbers usually go sequentially up from 1, to 2, to 3 and so on. Anyone with the most basic knowledge of HTML knows that these lists should be represented with the
However, what happens when you want to skip a number?
In this post I’ll outline why one might want to do this and provide the solution for achieving the desired result.
Published: December 20, 2016
A while back, I added emoji support to this blog. I’ve used it here and there since then, but not extensively. However, the addition got me interested in how other technical bloggers are using emoji on their sites.
Just for fun, I decided to do a deep dive on that topic, parsing through the source code of hundreds of blogs published on GitHub. There were three basic questions that I wanted to answer…
- How often are technical bloggers using emoji?
- Which emoji are used most frequently?
- How are emoji used into blog posts?
Here, I’ll share the results of this digging for anyone else who is interested in this topic.
Published: December 16, 2016
In a recent blog post, I mentioned that I had learned about CIDR notation while mitigating malicious website activity that originated from a range of IP addresses. Another networking concept that I learned about at that time is ASNs (Autonomous System Numbers).
In this post, I’ll explain what ASNs are, and offer a few tidbits on how to make use of them.
Published: December 15, 2016
Recently, I was involved in mitigating malicious scripted activity against a site that was found to be coming from a range of IP addresses.
whois is a useful tool when dealing with this type of an issue. It can provide a network range for a given IP address.
$ whois 126.96.36.199 NetRange: 188.8.131.52 - 184.108.40.206 CIDR: 220.127.116.11/20 NetName: NET3-INC NetHandle: NET-104-232-32-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: AS36352, AS62584, AS55286 Organization: Net3 Inc. (NETIN-11) RegDate: 2014-10-27 Updated: 2014-10-27 Ref: https://whois.arin.net/rest/net/NET-104-232-32-0-1 OrgName: Net3 Inc. OrgId: NETIN-11 Address: 8195 Sheridan Drive City: Buffalo StateProv: NY PostalCode: 14221 Country: US RegDate: 2013-07-10 Updated: 2015-08-14 Ref: https://whois.arin.net/rest/org/NETIN-11 OrgTechHandle: NOC13226-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-289-408-9989 OrgTechEmail: [email protected] OrgTechRef: https://whois.arin.net/rest/poc/NOC13226-ARIN OrgAbuseHandle: NOC13226-ARIN OrgAbuseName: Network Operations Center OrgAbusePhone: +1-289-408-9989 OrgAbuseEmail: [email protected] OrgAbuseRef: https://whois.arin.net/rest/poc/NOC13226-ARIN OrgNOCHandle: NOC13226-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-289-408-9989 OrgNOCEmail: [email protected] OrgNOCRef: https://whois.arin.net/rest/poc/NOC13226-ARIN
I provided the range of IP addresses (18.104.22.168 - 22.214.171.124) to the hosting company to block at the firewall. However, in their correspondence, they began referring to the IP address range in a way I wasn’t familiar with. It looked like this:
Curious as always, I did a little investigation and found out that this way of referring to networks is called CIDR notation. I became interested and decided to learn a little more about CIDR notation…what is it used for and why? Here, I’ll share my learnings for anyone else who is curious.