Every once in a while Jan Schaumann writes a long Twitter thread and saves it in a blog post. Always good ways to learn. This time it was no different: [Wayback/Archive] DNS Response Size started with
Archive for the ‘Power User’ Category
Guess the maximum DNS Response Size… (by Jan Schaumann)
Posted by jpluimers on 2023/12/26
Posted in Communications Development, Development, DNS, Internet, Internet protocol suite, IPv4, IPv6, Power User, TCP, tcpdump, UDP, Wireshark | Leave a Comment »
Hello “SMTP Smuggling” information released days before the Holiday season to open source SMTP server teams
Posted by jpluimers on 2023/12/24
Jan Wildeboer was mad for good reasons, though the open source projects didn’t yet seem to publicly have show their real madness, just bits like [Wayback/Archive] oss-security – Re: Re: New SMTP smuggling attack:
I'm a little confused by sec-consult's process here. They identify a problem affecting various pieces of software including some very widely deployed open source software, go to the trouble of doing a coordinated disclosure, but only do that with...looking at their timeline... gmx, microsoft and cisco?
“SMTP Smuggling” is bad, and big open source SMTP server projects like exim, postfix and sendmail needed to assess and fix/prevent the issue on very short notice: effectively confronting them with a zero-day less than a week between the information got released and the Holiday season.
That gives “deploy on Fridays” a totally different dimension.
How bad? Well, it already managed to reach this Newline – Wikipedia entry:
The standard Internet Message Format[26] for email states: “CR and LF MUST only occur together as CRLF; they MUST NOT appear independently in the body”. Differences between SMTP implementations in how they treat bare LF and/or bare CF characters have led to so-called SMTP smuggling attacks[27].
The crux of the problem is very well described by the “Postfix: SMTP Smuggling” link below: recommended reading, and the middle of [Wayback/Archive] SMTP Smuggling – Spoofing Emails Worldwide | Hacker News
…
TLDR: In the SMTP protocol, the end of the payload (email message) is indicated by a line consisting of a single dot. The line endings normally have to be CRLF, but some MTAs also accept just LF before and/or after the dot. This allows SMTP commands that follow an LF-delimited dot line to be “tunneled” through a first MTA (which requires CRLF and thus considers the commands to be part of the email message) to a second MTA (which accepts LF and thus processes the commands as real commands). For the second MTA, the commands appear to come from the first MTA, hence this allows sending any email that the first MTA is authorized to send. That is, emails from arbitrary senders under the domains associated with the first MTA can be spoofed.
…
Here are some links to keep you busy the next hours/days/weeks:
- [Wayback/Archive] CVE-2023-51764 postfix
- [Wayback/Archive] CVE-2023-51765 sendmail
- [Wayback/Archive] CVE-2023-51766 exim
- [Wayback/Archive] hannob/smtpsmug
Script to help analyze mail servers for SMTP Smuggling vulnerabilities.
And the toots linking to background information:
Share this:
Posted in *nix, *nix-tools, Communications Development, Development, exim mail, Internet protocol suite, postfix, Power User, Python, Scripting, sendmail, SMTP, Software Development | Leave a Comment »
Print large PDF in Preview over several pages… – Apple Community
Posted by jpluimers on 2023/12/22
Summary of [Wayback/Archive] Print large PDF in Preview over several pages… – Apple Community:
- Preview cannot
- Acrobat Reader (formerly Adobe Reader) can; it is called “Poster” (also on Windows)
Via [Wayback/Archive] macos print pdf scaled over two pages – Google Search.
–jeroen
Share this:
Posted in Adobe, Adobe Acrobat, Apple, Mac OS X / OS X / MacOS, PDF, Power User, Windows | Leave a Comment »
b0rk does fun things with DNS: CNAME records at the root of the domain; technically not allowed, definitely not recommended, but somehow work for web browsing
Posted by jpluimers on 2023/12/21
[Wayback/Archive] 🔎Julia Evans🔍 on Twitter: “I’ve always heard that you can’t create CNAME records at the root of the domain. But apparently you can? It seems to work fine as far as I can tell but I’m curious about the possible consequences. (yes, I registered cnameroot.com just to make this tweet) “
Share this:
Posted in Cloud, Cloudflare, DNS, Infrastructure, Internet, Power User | Leave a Comment »
Kortepodcast.nl: Onderdeel van De Staat van Stasse en Audiocollectief Stereotiek
Posted by jpluimers on 2023/12/20
Ik ga Stefan Stasse en Tim Daemen missen op NPO Radio 2.
Hier voor mijn linkarchief een site met herineringen: [Wayback/Archive] Kortepodcast.nl: Onderdeel van De Staat van Stasse en Audiocollectief Stereotiek
En natuurlijk de pagina De Staat van Stasse – Wikipedia
Ook om niet te vergeten: de all-time-classic [Wayback/Archive] Enjoy and Fuck The System Ringtone [Wayback] https://kortepodcast.nl/wp-content/uploads/2022/05/enjoy-and-fuck-the-system-harder.mp3
--jeroen
Posted in Audio, Media, Power User | Comments Off on Kortepodcast.nl: Onderdeel van De Staat van Stasse en Audiocollectief Stereotiek
A great source to learn about JavaScript element enumeration and modification: iamadamdev/bypass-paywalls-chrome
Posted by jpluimers on 2023/12/19
Sometimes one bumps into a Google Chrome extension that is both useful from a practical perspective as insightful on learning from how it is done.
This is one: [Wayback/Archive] iamadamdev/bypass-paywalls-chrome: Bypass Paywalls web browser extension for Chrome and Firefox.
It supports many sites (including more than a dozen Dutch ones) for which it is not easy to justify creating separate accounts for them (just the risk of them leaked into Have I been Pwned? is large, despite GDPR) and staying logged on for each of them. I have dozens of listings of my email addresses at haveibeenpwned.com, so I am a lot more careful making accounts than in the past despite assigning unique email addresses for each account (which is part of the burden).
Share this:
Posted in Chrome, Development, HTML, JavaScript/ECMAScript, Power User, Scripting, Software Development, Web Browsers, Web Development | Leave a Comment »
De meeste fietsers worden doodgereden door chauffeurs van auto’s, vrachtwagens en busjes. Doodgaan als fietser zonder tegenpartij komt nauwelijks voor.
Posted by jpluimers on 2023/12/18
[Wayback/Archive] Lennart Nout on Twitter: “@BouwmanEnergie @saskiakluit Mensen die doodgaan in het verkeer zonder “tegenpartij” zijn echt niet de grootste groep. De meeste fietsers worden doodgereden door auto’s, vrachtwagens en busjes.”
Share this:
Posted in LifeHacker, Power User, Traffic | Leave a Comment »
Forgot where I found it, but for posterity: bitnet-links-Bitnet-Network-Definition-verison-89.xlsx
Posted by jpluimers on 2023/12/15
I forgot where I originally downloaded bitnet-links-Bitnet-Network-Definition-verison-89.xlsx from, but for posterity, here it is:
[Wayback] bitnet-links-Bitnet-Network-Definition-verison-89.xlsx
Related blog posts:
- xyzzy, Relay Conferencing before IRC even existed
- Ancient history – found back one of my earliest email messages dated in februari 1989!
- Where My Delphi Life Began – via David Millington and Simon Stuart #DelphiWeek
- 15 years of xs4all internet provider membership
–jeroen
Share this:
Posted in BITNET Relay, Chat, History, Internet, InternetArchive, Power User, SocialMedia | Leave a Comment »
Reminder to self: pointers to recovering “The Great Suspender” suspended URLs (after in 2021 Google booted it from Chrome for being malware)
Posted by jpluimers on 2023/12/14
I was a long term user of “The Great Suspender”. It was a cool little Chrome Extension that would auto-suspend Chrome tabs that had not been used for a while and resume them when the tab did get accessed again thereby greatly reducing the horrible Chrome CPU and memory footprints.
During my year+ long treatment against metastasised rectum cancer I had suspended or hibernated most of my physical and virtual machines. So there was not just the surprised during the recovery of those that The Great Suspender had been kicked of the Chrome extensions, but also the problem of getting all the suspended tabs back of machines that eventually would be awoken out of sleep: I keep tabs open on stuff that I was working on or investigating for future blog posts, so these somehow could be important.
For now, I am not using anything as a replacement just to experience how well Chrome has evolved to suspend inactive tabs itself.
Now Chrome seems to do this well, as this post is based on an old VM that I have now unsuspended which had [Wayback/Archive] “the great suspender” “malware” – Google Search and the below links open in a mid-February 2021 state but not all archived in the Wayback Machine or Archive.is (some I did archived in February-May 2021).
The links are about why it got removed, how to recover lost suspended tabs and a possible alternative in case current Chrome suspend behaviour is not good enough.
Share this:
Posted in Bookmarklet, Chrome, Development, Google, HTML, JavaScript/ECMAScript, Power User, Scripting, Software Development, Web Development | Leave a Comment »
Why can’t we have nice things: ZorgDomein email subject has no ID in them, nor responds on Social Media on improvement suggestions
Posted by jpluimers on 2023/12/13
The drawback sending out emails all with the same subject is that the receiver is having a hard time setting them apart.
Especially in the work or medical realm this makes people miss crucial information.
Worse are organisations broadcasting on Twitter, but not responding at all to improvement suggestions. [Wayback/Archive] @ZorgDomein / Twitter gets both wrong (and is also unusually hard to find phone contact information for on their web-site):
Share this:
Posted in Back-End Development, Development, eMail, Health, LifeHacker, Power User, SocialMedia, Software Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 