My friend Paul tweeted about a new URL shortener like bit.ly and is.gd but with one major difference.  The domain for this shortener is only 2 letters "t-o" and they're not separated by a dot.  The link to the shortener was posted as http://to./ which appears to be an invalid link since it has no top level domain (com, net, org etc.) but low and behold, it worked.

Another letter to Steve Gibson that I'm reposting here in case it's not read on Security Now.

Hey Steve,

Just finished SN200. That was a good one. Just wanted to add a bit of info that you've never mentioned and might be valuable to your listeners.

Leo mentioned that his port 22222 is forwarded to his Skype machine and Skype is listening on that port so he feels it's safe about that hole. What may not be known to some listeners is that good-behaving programs will not bind to a port on which another process is already bound. In other words, if Skype is listening on 22222 then other, possibly exploitable, processes like Windows service host will not be listening on 22222.

It is possible for malware or security tools to listen in on bound ports which is why I said "good-behaving programs" but if you've got malware it's already too late.

Update 2009/07/07

I realized later that I neglected protocols. It's possible to have one process listening on TCP 22222 while another process listens on UDP 22222. Forwarding both TCP and UDP ports 22222 to your local IP when only one is "bound" by a known process is a security risk since the other could be open to exploits.

Building a home firewall router is a right of passage for any geek. We all start out with a retail device from one of the major vendors like Linksys or Netgear but soon outgrow the limited capabilities.

For many geeks the next level is flashing their router with a custom firmware such as the popular DD-WRT. This unlocks the full potential of the router's hardware but still don't offer the features and flexibility of an enterprise class firewall.