Lockheed Martin Attacked – Follow-up of RCA Attack

31. May, 2011

It seems that hackers got more out of the RSA attack one month ago. Apparently, they got access to so called “seeds” which allows them to create valid “one-time passwords” (OTPs).

They are now using those to attack highly secured networks like the one of military equipment producer Lockheed Martin.

FAIL

Another great example why security by obscurity doesn’t work.

Related articles:


Mocking AJAX in jQuery

31. May, 2011

When developing small web applications, it would be great if I could mock AJAX requests.

Apparently, Jonathan Sharp had the same problem and created a solution: Mock Your Ajax Requests with Mockjax for Rapid Development

Very nice. Thank you!

 

 

 


Spray Graphiti – Xtext for the Eyes

30. May, 2011

I’ve come to love Xtext. It’s powerful out of the box, simple enough to grasp and the rough edges cut you just once (i.e. after you put tape over them, the hurting stops).

But sometimes, a picture says more than a thousand words. Unfortunately, creating a graphical editor is still a daunting task. Which probably explains why most graphical editors aren’t worth the shadow the mouse pointer casts over them.

If we only had a compact language to define UI editors … but wait, we have. Or rather we could have with a bit of help with Xtext.

Welcome project Spray. Spray is a DSL to create Graphiti editors.


Allied Telesis Security Blunder

27. May, 2011

Another reason why security by obscurity is bad: Allied Telesis builds network components. While this page was loaded in your browser, there is a chance that equipment of them was involved somewhere.

Those components have access protection with the common user/password scheme. If you lost your password, the support could tell you the name and password for a backdoor, that is a login that would always work but one that isn’t visible when you, say, request a list of all known users.

Sounds good? It is. Saves a lot of hassle.

The problem? Someone posted the details for all backdoors in the public support section. Which means that crackers all over the globe now have free reign over them.


Efficient CSS

26. May, 2011

Is “.first” faster or slower than “li.first”?

This blog post has some answers: Efficiently Rendering CSS


Another Example for Sony Arrogance

23. May, 2011

The German Bundesamt für Sicherheit in der Informationstechnik (BSI) isn’t taken serious by Sony, according to heise online.

When the security specialists of the German government wanted to know more about the theft of 100 million customer records, “Sony didn’t want to answer due to ongoing technical analysis.” They are still refusing to agree to a follow-up meeting.

If the German government isn’t important enough for Sony to waste some of their precious time …


Running C Code in a Java VM

19. May, 2011

If you ever need to run C Code in a Java VM, have a look at NestedVM. It’s a MIPS CPU emulator. All you need is a GCC cross compiler, then you can compile your C sources to MIPS assembler code and execute it with NestedVM.


Embedded Java 1.4 Compiler

19. May, 2011

If you need a small, fast Java 1.4 compiler that you can embed in your application, try Janino.


Hudson and Jenkins Won’t Merge

18. May, 2011

There has been recent discussion about a merge between Jenkins and Hudson, after Oracle pushed the dead weight to Eclipse.

My prediction: Won’t happen.

Why not? Because Eclipse is run by lawyers and developers hate lawyers.

Exhibit A: “Is the Eclipse process so bad? … Yes. It’s very bad (for developers). Bad enough to end many contributions.”  (https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+Hudson+Reconciliation+Requirements)

Exhibit B: “MIT (or MIT-ish, e.g., ASL, BSD, EDL) license” (same page)

Exhibit C: To work on Eclipse projects, you must become a committer (http://wiki.eclipse.org/Development_Resources). That means signing a contract. You have to have an IP Log. All projects on eclipse.org must submit to the Eclipse Public License (http://www.eclipse.org/legal/).

Why is that? Because IBM is rich and Kohsuke Kawaguchi is poor. So trolls are suing IBM and they won’t sue Mr. Kawaguchi. Which is why IBM is raising their barriers and why Jenkins isn’t.

The projects won’t merge


Publishing Your Passwords on The Internet

17. May, 2011

Would you tell your GMail password to a friend? Your colleagues in the office? Publish it on the Internet?

If the answer to any of these is “NO“, you should turn off automatic synchronization on your Android smartphone and never use it in open Wifi networks.

The reason is that Google uses something called a “token” to allow apps your smartphone to connect to Google services like your mail box, your calendar, etc. The token is like a key on your keychain: Anyone who has the key can open the door it fits. Unlike keys on your key chain, anyone who can pick a token out of the air knows where that door is!

Related article: Catching AuthTokens in the Wild


Follow

Get every new post delivered to your Inbox.

Join 327 other followers