OK, so I turn javascript off, turn cookies off and hide my user-agent, try and get all my browser details then.

I like them printed and bound, then converted into a film :) brings a whole new dimension to the original book with the film visual effects / characters.

I have multiple mail servers from different companies from which I check the SPF lookups via the logs but, if I was having problems, I would use the soft fail. As yet, I've not had to. I Agree with you, the time for excuses are past.

Clearly I do not suffer from "Asperger's Syndrome" lol, and I do actually ask the question as to why it's needed, which the comment below happy provides :)

I also use SPF records for all my domains, most are simply: "v=spf1 a mx -all". "-all" as in hard fail. I don't know why there is a soft fail "~all" option, if it's not from a known host / IP, it should fail. What's the point in returning an unknown response? Like as if there was no SPF record in the first place? It's amazing how many domains actually use soft fail. Anyone know why? They only help stop backscatter and other IPs from sending emails from @youdomain.com as long as the other mail server does a SPF lookup. We have become dependant on the email protocol and the way it works, pitty it's in such a mess :( Damn you SPAMBOTS!!!

Totally agree, it's a pitty out of the 132,000 hacked sites that are written in Classic ASP that the coders havent done this :) It totally depends on the methods used in the code and, unfortuntly, there is A LOT of bad ass coding about :( Example: http://www.w3schools.com/ADO/ado_update.asp Checkout the second window, "UPDATE customers SET...", oh dear!! BAD coding and w3schools is well recognized! I bet a lot of coders have fallin into this HUGE hole.

Exactly!! It's depends on the methods used. You'll be amazed how many people just shove the code in and don't check. I've seen lots of code from companies that would execute the above like: Dim sSQL, sLastName, cmd sLastName = Request.Form("txtLastName") sSQL = "SELECT * FROM Customer WHERE LastName = " + sLastName + ";" Set cmd = Server.CreateObject("ADODB.Command") cmd.ActiveConnection = cn Set rs = cmd.Execute(sSQL) cmd.Close Set cmd = Nothing --------- Lets say sLastName = '; DELETE FROM [Customer] Oops!! There goes the [Customer] table. To find the table name in the first place you can inject sql queries like this as much as you like.

Very true, at which point this function simply doubled up the string delimiters, breaking the SQL injection. The major problem with Classic ASP was the casting of variables, if not done properly you were asking for it. If it's numeric, check it. .NET does not suffer from this problem unless the coder specifically passes a numeric value thou to an SQL statement as a string, which would be stupid. If everyone used stored procedures to deal with the SQL data, none of this would happen. My above checks alert you to the fact that someone if having a go, you can't do that when checking for string delimiters as they are valid characters, but yes, if your code uses a shitty "execute" command, check it. If you use proper stored procedures, this will no affect you.

Lame coders who either 1) Just don't understand, so are fucking stupid! 2) Just don't care, so are fucking stupid! Note: I'm a coder, but I've always taken security very seriously, hence I get emails everytime someone trys :) and the sites I manage are OK.

Lame, or just to stupid to understand! OK, I'm a coder but I take security very seriously. Why are sites still prone to this type of attack? I used to work with Classic ASP scripts, (I use .NET now obviously), which were very prone to SQL injection attacks but I had no problems, mainly because on all pages, I simply check the query string for the following: char( cast( convert( If it contained any of these, add IP to bad list and redirect to /banned.htm page. SIMPLE!!

I should know, I do deauthentication attacks against WPA-PSK encrypted networks, hence my site has a few captured packets then need cracking: http://www.md5decrypter.co.uk/forum/forum_topics.asp?FID=9 I currently only have 1 cracked but tbh, as long as you use a very good password, no one is going to crack it. We'll all have to wait until someone figures out a major hole like in the WEP encryption ;) 5-10 mins, no problem!!

I've seen ads delaying page loads numerious times, classic is what they have said further up this page, white screen with "connecting to foo.ads.doubleclick.com" in the status bar >:( The page data should be rendered anyway and then the images loaded, but it's not always the case.

Firefox + ABP = No ads.