月度归档:2015年05月

很多人都是看《越狱》后才正式接触美剧,而我接触的第一部美剧在印象中是《迷失》,至今还记得第一集开始那段飞机失事时的场面,太引人入神,开始时还以为它是一部电影,因为那个时候根本想不到一部连续剧会有这么大的场面与资金投入。这部剧集当初是在亚视明珠台上播放,由于时间的关系最后没有追完。

然后第二部美剧还记得非常清楚是《兄弟连》,看完了《兄弟连》后,国内的那些战争片从此不再入目。这部美剧是通过市场上购买DVD光盘在电脑上看完。那时候才知道战争片是可以这样拍的,战争片不是什么地道战和铁道游击队,更不是什么“为了新中国冲啊…”,战争只有死去与坚强地活动,它是残酷无情的。 继续阅读

对于有轻度强迫症我,曾何时对博客中文字体排版要求挺高的,比喻默认字体、字体大小、行距宽度等,都有自已的一套要求。也是因为这些要求,令我与很多优秀的博客主题插肩而过,今天在“黄启福”博客看到一文:“Chrome已支持中文两端对齐”,根据教程设置后,中文显示更为美观了。IE、Chrome等主流浏览器都已支持该属性,效果如何?请看本人博客。

Chrome已支持中文两端对齐全内容部份转载 继续阅读

以下这封邮件是来自ICDSoft,从这个地方也可以看出ICDSoft是一体值得信赖的主机提供商。Sucuri安全公司的研究人员发现,所有使用genericons图标字体数据包的WordPress插件或主题均受到基于DOM的跨站脚本漏洞,原因是genericons中包含一个不安全的文件example.html。但请根据这封邮件的提示,升级你的WordPress或者删除这个文件。

Dear xxx,

Recently, a critical 0-day vulnerability was discovered in the Genericons package, which comes with the popular Jetpack plugin and the TwentyFifteen theme of WordPress. The latter is installed by default with all recent WordPress installations/updates. The vulnerability represents a DOM-based XSS (cross-site scripting), and it allows attackers to modify the execution of scripts in the user/visitor browser. For example, if a site administrator is tricked to click on a link while logged in to the WordPress site, the attacker could gain control over the site.

As the vulnerability affects millions of sites on the Internet, we took proactive steps to secure automatically all WordPress installations on our servers. On May 6, we set permissions 000 to the "genericons/example.html" files on your accounts, and later deleted these files from the server. A full list of the affected files can be found below.<!--more-->

The "example.html" file is not necessary for the operation of a WordPress installation.

A general security precaution is to always keep your software up to date, along with its plugins and themes.

If you need any additional information, you can always contact us through our support site http://www.suresupport.com.

Best regards,
ICDSoft Team


----------------------

Domain name xxx.com:
- /home/xxx/xxx/www/wp-content/themes/twentyfifteen/genericons/example.html

----------------------

NOTE: This message comes from a "noreply" mailbox. Please do not reply directly to it. If you need to get in touch with us, please use our support ticketing system at http://www.suresupport.com.

如果你也是ICDSoft的用户,那你放心吧,客服已帮你清除此脚本漏洞。