Lockheed Martin Attacked – Follow-up of RCA Attack

31. May, 2011

It seems that hackers got more out of the RSA attack one month ago. Apparently, they got access to so called “seeds” which allows them to create valid “one-time passwords” (OTPs).

They are now using those to attack highly secured networks like the one of military equipment producer Lockheed Martin.

FAIL

Another great example why security by obscurity doesn’t work.

Related articles:


Mocking AJAX in jQuery

31. May, 2011

When developing small web applications, it would be great if I could mock AJAX requests.

Apparently, Jonathan Sharp had the same problem and created a solution: Mock Your Ajax Requests with Mockjax for Rapid Development

Very nice. Thank you!

 

 

 


Spray Graphiti – Xtext for the Eyes

30. May, 2011

I’ve come to love Xtext. It’s powerful out of the box, simple enough to grasp and the rough edges cut you just once (i.e. after you put tape over them, the hurting stops).

But sometimes, a picture says more than a thousand words. Unfortunately, creating a graphical editor is still a daunting task. Which probably explains why most graphical editors aren’t worth the shadow the mouse pointer casts over them.

If we only had a compact language to define UI editors … but wait, we have. Or rather we could have with a bit of help with Xtext.

Welcome project Spray. Spray is a DSL to create Graphiti editors.


Allied Telesis Security Blunder

27. May, 2011

Another reason why security by obscurity is bad: Allied Telesis builds network components. While this page was loaded in your browser, there is a chance that equipment of them was involved somewhere.

Those components have access protection with the common user/password scheme. If you lost your password, the support could tell you the name and password for a backdoor, that is a login that would always work but one that isn’t visible when you, say, request a list of all known users.

Sounds good? It is. Saves a lot of hassle.

The problem? Someone posted the details for all backdoors in the public support section. Which means that crackers all over the globe now have free reign over them.


Efficient CSS

26. May, 2011

Is “.first” faster or slower than “li.first”?

This blog post has some answers: Efficiently Rendering CSS


Another Example for Sony Arrogance

23. May, 2011

The German Bundesamt für Sicherheit in der Informationstechnik (BSI) isn’t taken serious by Sony, according to heise online.

When the security specialists of the German government wanted to know more about the theft of 100 million customer records, “Sony didn’t want to answer due to ongoing technical analysis.” They are still refusing to agree to a follow-up meeting.

If the German government isn’t important enough for Sony to waste some of their precious time …


Running C Code in a Java VM

19. May, 2011

If you ever need to run C Code in a Java VM, have a look at NestedVM. It’s a MIPS CPU emulator. All you need is a GCC cross compiler, then you can compile your C sources to MIPS assembler code and execute it with NestedVM.


Follow

Get every new post delivered to your Inbox.

Join 340 other followers