Assessing someone’s technical skill level is a quite difficult thing when one only has 30 minutes. Let me start by saying I am no expert at how to do this, but I would like to share my favorite interview question for assessing a developer’s experience the question is targeted for C# developers. However, most of it the question is applicable to Java developers as well. Read the full post »
How to remotely crash Lotus Notes
Here is a fun little vulnerability that lets you remotely crash Lotus Notes on demand.
- Set your Sametime status to a REALLY, REALLY long value without any white space in it. (I use a string that is 200,000 characters long)
- Message the person whose Lotus Notes instance you would like to crash
- DONE!
Now this does not really crash Lotus Notes, rather it puts Lotus Notes in an infinite loop making it unusable until it is restarted. My present theory is that Lotus Notes is trying to figure out how to word wrap the super long status and is looking to replace space characters with newline character. As it can’t find any spaces to replace it just keeps trying forever. (But this is only my theory.)
Posted by Jmaxxz on May 2, 2012
http://jmaxxz.com/blog/?p=393
Site Security
One of the major disadvantages to using a popular CMS like Joomla or WordPress is that the popularity of the platform means that it is also a popular target for black hat hackers. Until recently I was using Joomla to manage all the content on my website during this 5+ year time period my site was hacked twice. The first time the site was defaced by an attacker who used an SQL injection attack against the Joomla password reset page to deface the site. This was far from a targeted attack against my site rather the attacker seems to had a script that searched for any site running Joomla and attacked it. My site fell to this attack a mere 14hrs after Joomla published an updated to close the hole. The second time my site was hacked it was also done via a non targeted attack. This time it was a worm which had been infecting WordPress sites and Joomla sites. I am not sure what vulnerability the worm used to get into my site, but once in it injected every php file in the user account that the site was running under. The following are things which I learned from both attacks to help prevent and make cleaning up a future attack easier
Posted by Jmaxxz on March 18, 2012
http://jmaxxz.com/blog/?p=337
New Site
I finally decided to put my old site to rest (mostly because it was defaced thanks to yet another security hole in Joomla), please bare with me as I move all the content over. I apologize in advance for any broken links.
Posted by Jmaxxz on March 16, 2012
http://jmaxxz.com/blog/?p=331
Bruce Schneier Quotes
A couple good quotes from a great article from Bruce Schneier.
“Security is a mindset, and looking for vulnerabilities nurtures that mindset. Deny practitioners this vital learning tool, and security suffers accordingly.”
…
“Anyone can design a security system that he cannot break. So when someone announces, “Here’s my security system, and I can’t break it,” your first reaction should be, “Who are you?” If he’s someone who has broken dozens of similar systems, his system is worth looking at. If he’s never broken anything, the chance is zero that it will be any good.”
http://www.schneier.com/blog/archives/2008/05/the_ethics_of_v.html
Posted by Jmaxxz on September 26, 2011
http://jmaxxz.com/blog/?p=327
Ostrich Based Security
Security, it is one of those hot button issues. Lots of companies like to pretend they are security conscious. One particularly troubling trend is the suppression of vulnerabilities which are discovered during development. It is a nice story for a company to be able to go to be able to say to potential users, “We have no known vulnerabilities.” This statement is actually meaningless:
Posted by Jmaxxz on August 30, 2011
http://jmaxxz.com/blog/?p=326
Cheating Linq
A couple days ago I had a fun idea running through my head. What if one could take the standard linq function Concat() and have it “consume” its own output as the input which created the output, a paradoxical call if you will. This can be represented with the following F# like pseudo-code:
Let y be 1…100
Let x be y.Concat(x)
Posted by Jmaxxz on February 19, 2011
http://jmaxxz.com/blog/?p=325
Airborne Mouse
Airborne Mouse is an Android application designed to work with the Logitech Touch Mouse Server. Letting you control your computer with your Android phone. Airborne Mouse is unique in that it allows users to install a single piece of software on their computer and control it with either an iPhone/iTouch/iPad or an Android phone.
Posted by Jmaxxz on February 13, 2011
http://jmaxxz.com/blog/?p=324
NotNull sounded good, but was not
A couple weeks back I published Jmaxxz.Deet, a software library which brought reference types to the C# language which were guaranteed never to be null. While I maintain that null references are an indication of poor design and should be avoided at all cost, I am forced to admit that Jmaxxz.Deet is not the answer. Over the course of the week following its release I adopted into all my code. I found that the syntactical complexity it added significantly reduced the readability of my code. This added a certain level of cost to maintaining any code written using Deet. In my estimation this cost is not worth the benefit of formal declarations of the nonnull state of reference types. The only way something like Deet become a reasonable solution is if it has first class compiler support, or through the use of a tool like PostSharp to add it in as a post compile step so as not to pollute the code-base with noisy declarations.
Posted by Jmaxxz on February 12, 2011
http://jmaxxz.com/blog/?p=322
Jmaxxz.Deet 98.9% null proof
I am happy to introduce Jmaxxz Deet. The Deet assembly contains a single struct, NotNull. This struct provides a mechanism to formally specify that a reference can NEVER be null. This ability is present in both Spec# and Sing#. However, for those of us still making use of VB, C#, F# and other traditional .Net languages still do not have a mechanism to do so. NotNull brings this capability to all of those languages.
Posted by Jmaxxz on January 27, 2011
http://jmaxxz.com/blog/?p=321