 |
Archive for the 'Security' Category
Anyone who is into computer security and software development should read this paper by Daniel J. Bernstein, the man behind qmail. My favorite part of the paper:
To this very day, idiot software managers measure
‘programmer productivity’ in terms of ‘lines
of code produced,’ whereas the notion of ‘lines of
code spent’ is much more appropriate.
—Dijkstra in [9, page EWD962–4]
No offence to managers who may be reading this, but please do not be one of those described by Dijkstra. Some readers may argue that the paper is outdated because the modern day non C++ languages are spared from certain classes of bugs related to C/C++.
I beg to differ because no programming language can preempt and prevent user’s stupidity and laziness.
Yahoo Messenger users please take note… http://www.heise-security.co.uk/news/94443
http://blog.washingtonpost.com/securityfix/2007/08/new_tool_automates…
An automated tool was demonstrated at a hacking conference that capable of hijacking any webmail account that is not secured with SSL. A gmail account was hijacked during the demonstration. It doesn’t mean gmail is the only service that is vulnerable, any other web services that use non-SSL connections are vulnerable, especially so in a Wi-Fi setting.
For gmail users, remember to use or bookmark https://mail.google.com/ ! Also turn off your Google gmail notifier since it also uses non-SSL connection to check for mail.
 |
|
I rarely find an IT security book that is not thicker than an inch. Just borrowed this interesting looking book from the regional library. It offers quite a good coverage and starting point for those who seek to write secure applications. It is concise but provides useful citations for the reader who digs deeper. To summarize, the “Original Sin” I believe, would be laziness (which I am guilty of); inadequate input checks, handling of errors and assuming the world is kind. |
Entries (RSS)