“Programmers should be able to program!” program

Well, sad and true in the same time… It is an entertaining reading and one full of insights…

Maybe it’s just one of those reasons why software is getting more crappy, unreliable, insecure, etc.

The non-programming programmers

Read more! »

UPDATE 20101012

By a very nice coincidence I have bumped into this interesting paper (dating around 15 Jul 2008) - “BREAKING THE BANK - VULNERABILITIES IN NUMERIC PROCESSING WITHIN FINANCIAL APPLICATIONS” - ENJOY the reading!

Given I currently work in a telecom billing software company - I just cannot find enough words and meanings to confirm with sorrow that pretty-fucking-many of my fellow programmers do not give a shi…ny glass for avoiding this kind of problems. Worst, they don’t even realize it :-S…

PS: …and YES, Bank Of Cyprus (along with its new migrated Java/JSF-based banking application - a special post on this to follow) allows/uses:

• input like “1E+3″ which gets translated into “1000″
• “round-to-nearest, ties away from zero” for 3rd decimal, i.e. “0,004″ gets translated to “0,00″ and “0,007″ gets translated to “0,01″

Happy hacking…

Money

When it comes to speaking about money, a lot of people get interested. And nowadays most money discussion evolve around or near-by the EUR-USD exchange rates.

Some people (including me sometime ) are unhappy to depend and always lose their honestly earned savings because of some avid and greedy circles of interest are playing with exchange rates and make them uncontrollable…

Read more! »

About AskAmit

At my previous work and here also, I and coworkers had an internal subject [AskAmit] for sharing shitty code (which we find around or even discover in inherited projects) among us.

This continued in the current company - like for example this one (not exact reproduction, but still) in Java (trully existing code at my present company ) – test if a boolean variable is true or false:

Code:

The [AskAmit] name was coming from Sun’s JMF (Java Media Foundation) incredible naive line at those times (2002) that made the framework buggy enough (though it was a good concept):

jmf-2_1_1e-scsl-src/src/share/com/sun/media/util/Registry.java
if (file.length() == 0) { // TODO: Ask AMITH if you need this

Seems like [AskAmit] kind-of groups grow everywhere, so it reached to a critical level called GovnoKod (ShittyCode) – highly recommended reading not to step on the shitty paths of programming

Excerpts: - Enjoy!

———————————————————————

Си / Говнокод #1829

Code:

Классика жанра.

———————————————————————

Си / Говнокод #1317

Code:

Способ комментирования… O_o

———————————————————————

Си / Говнокод #405

Code:

Операция “подергивание”

———————————————————————

Assembler / Говнокод #453

Code:

Такое борландовский кодогенератор иногда выдаёт

———————————————————————

Assembler / Говнокод #414

Code:

На всякий случай, наверное если первый не сработает

———————————————————————

eJobs.ro security hacked screwed again - execution with cool-blooded SQL injection

Yes boyz and pretty girlz, eJobs.ro gets it again into the face and gives away 1.3 Mln resumes and personal information! More - passwords in clear, not at least hashed…

My two cents on this:

1. Nice work from the guys here - HackersBlog.org

2. Some of my early whistle-blowers to the ejobs.ro here (ejobs XSS1) and here (ejobs XSS2) - seems like they have either deaf or inexistent security assesment team… Too pitty for them…

3. It seems that the method used by the guys was in one of my earliest attack methods which I left asside for some dumb reasons. eJobs.ro Attack Vectors file

The below is what I was exercising back then, and the similar attack vector is what the guys really used to SQL-inject (the below is not working already for obvious reasons… )

Code:

4. Also, if you go specifically to http://ejobs.ejobs.ro (yes, double times ejobs, it is not a typo!) you will see an internal eJobs position posting. The interesting details I have highlighted below:

Till next time, enhance your

Knowledge of Secure Programming Best Practices

Tags: ejobs, ejobs.ro, ejobs ro, ejobs.ro sql injection, ejobs.ro sqli, ejobs.ro hacked, ejobs.ro hackuit, ejobs.ro security, ejobs.ro spart, ejobs.ro database, ejobs.ro baza de date, ejobs.ro CVuri

google.com - malware problem

As many might recall the Google’s glitch to tag every single site as malware site. More details are:
- @ Google Blogs (fcuk - I think someone will get pretty fudged up in the ase at Google for this human-error, since it was necessary for one of the biggest corporations VP to officially give explanations and appologies - those who worked or are working for some kind of corporations know this kind of price…)
- @ StopBadware.org

One of the most nicest things is

Google to tag itself (i.e. Google) as malware

.

Philosophically speaking, Google being a source of trust for a wide majority of people/systems AND in the same times tagging itself as malware (even though for a very small amount of time AND by “mistake” - I would love to believe that it was a mass-social-experiment ) - doesn’t it raises the question of old classes of computer-field (and not only) problems “Chain of trust and breaking the chain of trust?!”

Here is my screenshot :

Tags: google malware, google is malware, google stopbadware