$baseUrl = 'https://www.example.com/gakkk/';
// several lines later...
24 August 2011
14 July 2011
Vulnerability scans sometimes find that an SSL-enabled service allows clients to connect using ciphers which have key lengths shorter than 128 bits. Most services have configuration directives to disable these connections. Here's how to test a service for key length (without doing a new nessus scan, or whatever).
openssl ciphers -v
This gives a list of ciphers that the openssl client can use, and the output indicates the key length. openssl's s_client command can take an argument which specifies the cipher(s) to use. So after reconfiguring the server, run the following two commands (the first should fail, and the second should succeed):
openssl s_client -ign_eof -connect target:port -cipher RC4-MD5
openssl s_client -ign_eof -connect target:port -cipher DHE-RSA-AES256-SHA
(You should replace target:port with something like www.example.com:443)
04 February 2011
<style type="text/css" media="screen">@import "styles.css";</style>
Firefox and Internet Explorer are forgiving about a missing semi-colon, but Safari won't load the stylesheet without it.
And by default Safari has only limited support for tabbing through Web pages (something that's probably pretty important to keyboard users). The default setting will allow you to tab from form field to form field, but you can't focus on links by tabbing. You can enable this behavior (which is behavior I've come to expect from using Firefox and Internet Explorer) by going to the Advanced tab of the Preferences menu and clicking the checkbox that says something like "Press Tab to highlight..."