Good cryptography is an excellent and necessary tool for almost anyone. Many good cryptographic products are available commercially, as shareware, or free. However, there are also extremely bad cryptographic products which not only fail to provide security, but also contribute to the many misconceptions and misunderstandings surrounding cryptography and security. Why ``snake oil''? The term ...

When programming with bytes, a lot of your programming time is spent converting from hex format into byte format and then back again for debugging and testing. If your encryption package has the option, you may as well work consistently in hex format all the time. You then only need ...

For vendors of traditional signature based systems (most IDSs and IPSs), zero day protection is the ability to protect against zero day exploits. They rely on the fact that they know ahead of time of a particular vulnerability. This allows them to provide signatures for the mere attempt to take ...

As most computer users know, some computing tasks can be tedious and repetitive. Fortunately, if a task is indeed repetitive, a batch process can be used to automate much of the work. A batch process performs a list of commands in sequence. It be run by a computer's operating system ...

Stands for "Beginner's All-purpose Symbolic Instruction Code." BASIC is a computer programming language that was developed in the mid-1960s to provide a way for students to write simple computer programs. Since then, the language has evolved into a more robust and powerful language and can be used to create advanced ...

Despite the similarities in name, cross-site request forgeries (CSRF) are an almost opposite style of attack. Whereas XSS attacks exploit the trust a user has in a web site, CSRF attacks exploit the trust a web site has in a user. CSRF attacks are more dangerous, less popular (which means ...

In the olden days, analysis had to be done with shell commands, built-in system utilities, and a text editor. Of course, back then, the attack surface was small, and there weren’t many places for malware to hide. As malware really began to hit its stride, VMWare’s virtual machine technology started ...

A quite interesting document for everyone who programs in C++: http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2007/n2271.html I’m even tempted to switch to it when/if it becomes available. Read more at Security Wonk

Quite often I have to revise old code in IDA Pro. Given its age, it happens almost every time a new feature is added (two exceptions: the bTree and the virtual memory manager are basically the same as about 17 years ago). Original post by Security Wonk and ...

A few days ago I was working on the x86 IDA module. The goal was to have it recognize jump tables for 64-bit processors. This is routine: we have to add new instruction idioms to the analysis engine from time to time to keep up with new compilers. I was typing in the patterns ...

There is no such thing as a bug free software. Today I stumbled on this: http://googleresearch.blogspot.com/2006/06/extra-extra-read-all-about-it-nearly.html This is an unfortunate and sad truth about programming: regardless of our efforts, software will have bugs; it will crash, it will burn, it will fail. At the same time there is a hope: http://alloy.mit.edu/ We desperately need ...