Create an Account
username: password:
 
  MemeStreams Logo

Curiouser and Curiouser

search

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
(Technology)

support us

Get MemeStreams Stuff!


 
Current Topic: Technology

BFO: Attackers favor compromise over creation
Topic: Technology 1:01 pm EST, Jan 24, 2008

For the first time, legitimate Web sites compromised by attackers made up the majority of sites used to spread malicious programs, security firm Websense said in a report published on Tuesday.

In the past, massive attacks aimed at Web sites typically involved defacements by online vandals. Yet, as online crime increasingly becomes motivated by profit, defacements have given way to finding ways to insert iframe redirection code or compromise a site to host malicious software. Earlier this month, for example, security firm Finjan warned that hackers had bypassed security on at least 10,000 legitimate domains to install the Random JS infection toolkit.

Which should be no surprise to anyone. We moved from kids using pings-of-death, DoS, system vandalism and general mischief to complex rootkits that own the box, evade defenses, and keep it a viable platform for attacks that generate criminals revenue. Why would the evolution of the motivation for web attacks follow a different path?

BFO: Attackers favor compromise over creation


Japan: 1 win and 1 loss
Topic: Technology 11:08 pm EST, Jan 23, 2008

Alright Japan, the cuteness of your Foxkeh has helped assuage the creepiness of your Maid Cafes. I guess we can call this one square.

Japan: 1 win and 1 loss


RE: ASP.NET Internals Spelunking
Topic: Technology 10:10 pm EST, Jan 23, 2008

Worthersee wrote:

I was only poking around with Reflector before, but thanks to Dominick Baier for reminding me that I can now hook a debugger to the code I previously couldn't.

Bryan did some work with Silverlight where he could decompile the assemblies, and load them in Visual Studio 2005. There is a option where the source code lines of breakpoint must match exactly (something along those lines). By disabling that option, Bryan and I got Silverlight assemblies running in a debug mode in VS2005.

Not quite the same as setting break points in the CLR, but it shows that you can uses reflector + VS voodoo to debug any .NET assembly with various degrees of success.

RE: ASP.NET Internals Spelunking


Sudoku as a SAT problem
Topic: Technology 9:50 pm EST, Jan 22, 2008

Sudoku is a very simple and well-known puzzle that has achieved international popularity
in the recent past. This paper addresses the problem of encoding Sudoku puzzles into conjunctive
normal form (CNF), and subsequently solving them using polynomial-time propositional
satisfiability (SAT) inference techniques.

Sudoku isn't the only thing that you can use a SAT solver on ;-) Luckily I wrote a SAT Solver in college which uses a modified DLPP algorithm with back propagation and some heavy preprocessing for initial value selection.

Sudoku as a SAT problem


HTML 5 differences from HTML 4
Topic: Technology 2:57 pm EST, Jan 22, 2008

Client-side storage (sessionStorage and globalStorage) as well as offline application support (including client-side databases, offline content serving/manifests, eventing, etc) have all been codified into HTML5. Not a super big surprise because they've been in WHATWG spec for a while but certainly plan for them to take on a larger role in web apps then when they were simply implemented in Mozilla (DOMStorage) or as a browser plug-in (Google Gears)

Attacks and defense against these features is discussed in chapters 8 and 9 of our book.

Remember folks, its only an increased attack surface ;-)

HTML 5 differences from HTML 4


Comparison of science and technology funding for DOD’s space and non-space programs
Topic: Technology 9:30 am EST, Jan 18, 2008

At your request, the Congressional Budget Office (CBO) has analyzed whether a difference exists between the Department of Defense’s (DoD’s) funding for science and technology (S&T) activities supporting unclassified space programs and its funding for S&T activities supporting other (nonspace) programs. The enclosed report indicates that funding for S&T activities supporting unclassified space programs has been less than S&T funding for other defense programs and that DoD’s plans for the future maintain that difference in funding. (Because of a lack of information, CBO’s analysis does not address the extent to which classified research might be supporting unclassified space programs.)

It is hard to extract meaning from this. The DoD is spending more money on other things than funding non-classified space research. Ok, makes sense. However we have no idea hwo much money they are spending on funding for classified space researcher. Given China's publicly broadcast ability to blow shit out of space, you have to hope there is some classified research going on.

Comparison of science and technology funding for DOD’s space and non-space programs


Ajaxian » Book recommendation: Ajax Security by Hoffman and Sullivan
Topic: Technology 2:23 pm EST, Jan 16, 2008

Our book, Ajax Security, made the front page of Ajaxian today. I'm so pleased it is finding traction on the mainstream Ajax new sites.

Reviewers overuse the phrase “required reading,” but no other description fits the new book “Ajax Security” (2007, Addison Wesley, 470p). This exhaustive tome from Billy Hoffman and Bryan Sullivan places the specific security concerns of the Ajax programming model in historical perspective. It demonstrates not only new security threats that are unique to Ajax, but established threats that have gained new traction in the Web 2.0 era. It then details both the specific technical solutions and - more importantly - the mindset that are necessary to combat such threats.

Because so many developers have historically overlooked the importance of security, the authors approach their topic for what it is: a remedial subject. They take pains to explain the basic mechanisms by which hackers have exploited insecure web applications over the last decade: cross-site request forgeries, denial of service attacks, cross-site scripting and SQL injection. Then they explain how those mechanisms have changed thanks to the rise of xmlHttpRequest, public APIs, mash-ups and aggregators. If you’ve ever read a Douglas Crockford rant about the “brokenness” of the web security model and wondered why the guy was such an alarmist, Hoffman and Sullivan are only too happy to provide you with a much-needed wake-up call.

The rest of the review if here.

Ajaxian » Book recommendation: Ajax Security by Hoffman and Sullivan


Like a kid in a candy store
Topic: Technology 9:25 am EST, Jan 15, 2008

and today, from the "Truly good intentions but WTF are you thinking" category

Representatives from MySpace and the attorneys general of 49 states are announcing a new partnership to fight sexual predators and clean up social networks.

Among the dozens of measures MySpace has agreed to take, the social network will let parents submit the e-mail addresses of their children, so the company can prevent anyone from using that address to set up a profile.

MySpace doesn't have a stellar history when it comes to security (sorry Ramsey, I know you are trying, but you all aren't there yet). This database is a gold-mine for marketers and pedophiles alike, and I'm a little concerned about its existence.

Like a kid in a candy store


Earphone Sounds Like Ocean
Topic: Technology 3:07 pm EST, Jan 12, 2008

The Noisy Instrument won't hook into your iPod, but it will, completely without a power source, reproduce the soothing sounds of the ocean at any time and any place (ala seashell).

Earphone Sounds Like Ocean


Styrofoam Plane + Rocket Engine + SPI = teh awesome!
Topic: Technology 5:09 pm EST, Jan 11, 2008

This is what happens when you strap rocket engines to a styrofoam plane. Filmed at SPI Dynamics

Styrofoam Plane + Rocket Engine + SPI = teh awesome!


(Last) Newer << 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 ++ 19 >> Older (First)
 
 
Powered By Industrial Memetics
RSS2.0