So... My co-worker asked me to create a couple of questions for our recruiter to ask our potential software security interns. Here are my suggestions... I'm asking you all if I am being a bit too pedantic. What do you expect a software security expert to be able to answer?
Ok… off the top of my head, the first question is always…
What are the three basic building blocks of an object-oriented system?
Polymorphism ('typed-interfaces' is an acceptable answer for #3,
and in fact preferred).
If a user answers ‘Typed interfaces’, then he/she is a student of Adele Goldberg (Smalltalk 80) or a savant; an answer of ‘Polymorphism’ indicates a C/C++ developer or a student of Bjarne Stroustrup. Most likely the
candidate w... [More]
I moved to Apple Mac for my main computer platform, about six years ago. When Apple standardized on the Intel Core processor instead of the Power PC, it made it easy for people like me to run Windows on a Mac. Apple makes very nice hardware and when I switched over it was a no-brainer. I got great laptop and desktop platforms that could run my Windows development environments virtualized (first with Parallels, then with Fusion).I've been running my development environments virtualized since 2001. Before that I compartmentalized my development environments with removable hard disk drive trays. I'd build a specific development environment on a hard drive, and snap it into the machine whenever I neded to work on it. VMWare changed all of that.... [More]
If you own a domain name then you likely receive slightly threatening emails or even letters in the mail, soliciting you for search engine registration. Some of them are a little bit threatening using statements like,
"Failure to complete your search engine registration by 2/4/2015 may result in the cancellation of this order (making it difficult for your customers to locate you using search engines on the web)."
This is of course utter and complete crap. These hucksters rely on the relative naivete of internet users. I'd think domain name owners would maybe be a little more sophisticated, but what about their administrative assistants (secretaries) who would, understandably, see many of these as legitimate invoices and send out the $75 payment? [More]
Scott Hanselmann recently posted a forensic investigation into an annoying video ad that popped up on his own website - in his browser - and has some fascinating information about how it happened. [More]
"Ghostery" is a browser plugin that allows you to control the advertsers that target you while you browse the Internet. I have been using a very complex DNS solution for blocking the most aggregious browser advertising offenders, but Ghostery... [More]
I was discussing this in a class I was teaching today, and tonight, I see that someone has done the legwork. A researcher from French Eurocom, wrote a program that scans the internet looking for firmware images. He downloaded ~35000 firmware images, and scanned them for vulnerabilities. What he found was shocking.
I have been receiving these email messages over the past few days. They have a subject like, "Please review this post about you online", or "leaked info about you was accessed by someone unknown", or "Things don't look good for you".
The emails all pretend to be from someone who has my best interests at heart and are attempting to warn me about an impending, "Release of unflattering information" about myself. [More]
If you listen to Glenn Beck and have heard his ads for ExtremeBeam flashlights, you probably want to buy one. I did too. Fortunately I did a little googling and found that better (or comparable) flashlights are available for way less. For instance, I wanted the ExtremeBeam M4 Scirrako which they want $60 for.So, I looked up its deets and found that it is pretty much an XM-L T6 flashlight but has a much lower lumen rating than its competition. READ THAT? A lesser beam for a premium price!So I bought this for $9.79 INCLUDING SHIPPING! which is a BETTER FLASHLIGHT for way less.Actually I scrolled down a bit and bought the 2-pack with the big one and a tiny one for $13.83.This isn't an ad... I really wrote this; though it seems addy.http://www.... [More]
This is a site that I use every time I build a new PC. Unfortunately I always forget its name and have to Google for it for a few minutes in order to find it again. Hence this post. Now, I'll just go to my own website and look for it.
This is a response to a question posted on Linked In. The question was, "Are development methodologies such as Agile, hurting the industry in the long run?" You can read the entire discussion here...
Jeff Stokes Du Bose, one of my favorite posters on the Linked In software development discussion boards, had a very well considered response, which I have re-posted here without permission. If you want to read the original post, follow the above link. I post it here for my own selfishness, in case the discussion is ever archived. [More]