How to remotely crash Lotus Notes

Here is a fun little vulnerability that lets you remotely crash Lotus Notes on demand. Set your Sametime status to a REALLY, REALLY long value without any white space in it (this should work). Message the person whose Lotus Notes instance you would like to crash DONE! Now this does not really crash Lotus Notes, […]

Site Security

One of the major disadvantages to using a popular CMS like Joomla or WordPress is that the popularity of the platform means that it is also a popular target for black hat hackers. Until recently I was using Joomla to manage all the content on my website during this 5+ year time period my site […]

New Site

I finally decided to put my old site to rest (mostly because it was defaced thanks to yet another security hole in Joomla), please bare with me as I move all the content over.  I apologize in advance for any broken links.

Bruce Schneier Quotes

A couple good quotes from a great article from Bruce Schneier. “Security is a mindset, and looking for vulnerabilities nurtures that mindset. Deny practitioners this vital learning tool, and security suffers accordingly.” … “Anyone can design a security system that he cannot break. So when someone announces, “Here’s my security system, and I can’t break […]

Ostrich Based Security

Security, it is one of those hot button issues. Lots of companies like to pretend they are security conscious. One particularly troubling trend is the suppression of vulnerabilities which are discovered during development. It is a nice story for a company to be able to go to be able to say to potential users, “We have no known vulnerabilities.” This statement is actually meaningless:

Cheating Linq

A couple days ago I had a fun idea running through my head. What if one could take the standard linq function Concat() and have it “consume” its own output as the input which created the output, a paradoxical call if you will.

This can be represented with the following F# like pseudo-code:

Let y be 1…100

Let x be y.Concat(x)

Airborne Mouse

Ip address of your computer as shown by the Touch Mouse Server

Airborne Mouse is an Android application designed to work with the Logitech Touch Mouse Server. Letting you control your computer with your Android phone. Airborne Mouse is unique in that it allows users to install a single piece of software on their computer and control it with either an iPhone/iTouch/iPad or an Android phone.

NotNull sounded good, but was not

A couple weeks back I published Jmaxxz.Deet, a software library which brought reference types to the C# language which were guaranteed never to be null. While I maintain that null references are an indication of poor design and should be avoided at all cost, I am forced to admit that Jmaxxz.Deet is not the answer. Over the course of […]

Jmaxxz.Deet 98.9% null proof

I am happy to introduce Jmaxxz Deet.  The Deet assembly contains a single struct, NotNull. This struct provides a mechanism to formally specify that a reference can NEVER be null. This ability is present in both Spec# and Sing#. However, for those of us still making use of VB, C#, F# and other traditional .Net languages still do not have a mechanism to do so. NotNull brings this capability to all of those languages.

 

Null is Evil

Null references have been a part of programing forever, but I dispute the validity of a high level language having Nullable Reference types as the norm.  Consider the following examples showing how null references often show up in the real world (right before they crash your application).