These days I was thinking (yes, sometimes I commit this sin because “тренер запрещает нам думать”, “noi muncim, nu gandim”) why the hell, with all the advances of management and methodologies in software development, the softdev is still have to cope with mess… and I mean mess, the real mess/garbage/left-overs in the source code…
Well, to answer this question, I drew a (somewhat) parallel line with other development industry - building development. In general terms, the parallel can be made even with work of a carpenter to a certain degree.
So, making abstraction of the fact that softdev is more a virtual environment (where programmers can optimize the lift so that it’s acceleration catapults thru the roof or can paint the paper roof to look like tile and so on) a parallel line can be made:
One of the things however I notices is that:
Recently, there is a high span of various security and hackers conferences and conventions going on.
Keeping track of them is not as easy as it seems, since there is no central point where to look up their schedules, locations, call for papers, etc.
So I decided to compile a list for my own (well it doesn’t cover 100% of security related conferences out there, but it tries to cover most of the publicly known/accessible ones).
It is sometimes interesting and amusing to see how even big players steal from each other
I was very surprised to see that a flash ad for Yahoo! Music has a video screenshot resembling… YouTube video… When clicking the Video section of the mentioned ad, I was redirected to Yahoo! Music
Maybe I am mistaken, but from what I understand even the flash player design is a matter of design copyright. Maybe I am wrong - then please correct me in comments.
Few questions arise:
Thoughts are welcome, as always.
PS: the link which displayed the mentioned ad was found here
Yes boyz and pretty girlz, eJobs.ro gets it again into the face and gives away 1.3 Mln resumes and personal information! More - passwords in clear, not at least hashed…
My two cents on this:
1. Nice work from the guys here - HackersBlog.org
3. It seems that the method used by the guys was in one of my earliest attack methods which I left asside for some dumb reasons. eJobs.ro Attack Vectors file
The below is what I was exercising back then, and the similar attack vector is what the guys really used to SQL-inject (the below is not working already for obvious reasons… )
4. Also, if you go specifically to http://ejobs.ejobs.ro (yes, double times ejobs, it is not a typo!) you will see an internal eJobs position posting. The interesting details I have highlighted below:
Till next time, enhance your
As many might recall the Google’s glitch to tag every single site as malware site. More details are:
- @ Google Blogs (fcuk - I think someone will get pretty fudged up in the ase at Google for this human-error, since it was necessary for one of the biggest corporations VP to officially give explanations and appologies - those who worked or are working for some kind of corporations know this kind of price…)
- @ StopBadware.org
One of the most nicest things is
Philosophically speaking, Google being a source of trust for a wide majority of people/systems AND in the same times tagging itself as malware (even though for a very small amount of time AND by “mistake” - I would love to believe that it was a mass-social-experiment ) - doesn’t it raises the question of old classes of computer-field (and not only) problems “Chain of trust and breaking the chain of trust?!”
Here is my screenshot :
:: Next Page >>
A deep dive into brain's curiosities
| Next >
|<< <||> >>|