Thinking Outside the Box

When desiging software, one of the questions an architect should be asking is "How could this be bypassed?" or "What am I not thinking of?". The easiest way into any system is to avoid the security mechanisms. That's why social engineering is, comparatively, so much more effective than traditional hacking: the attacker is building trust with humans rather than fighting mathematical battles with computers... much easier.

Major ASP.NET Security Vulnerability Revealed

This is a big deal: a security hole has been found in ASP.NET encryption that may lead to the easy compromise of hundreds of thousands of sites around the world. If the initial analysis is correct, in under an hour an attacker can break into sites from online shopping to banks, due to the way security errors are communicated between clients and servers.

The Dire Consequences of Not Taking Security Seriously

I know, I know, taking the time to get security right is hard.

Well, the consequences can be enormous. Take this example from Australia, where scammers impersonated the owner of several large properties long enough to sell a property out from under him and nearly complete a second sale before anyone caught on. The only thing they hacked was his email address... the rest was simple social engineering (the easiest way to get anything from anyone).

Java 4-Ever

You ever feel like you're fighting an uphill battle? Right now the war between Java programmers and .NET programmers is becoming a David vs. Goliath conflict matching the Mac vs. Windows debate of 20 years ago. Ultimately, both will have their place. Each is better for different reasons, so it's not right to say one is specifically the 'right' answer for software development.

With that background, this faux movie trailer sums it up humorously. Beware, it's not work-safe due to a four second clip near the end.


Subscribe to RSS - Development