While working with security…
…you often find yourself between a rock and a hard place.
Solutions must be provided in with low cost both in time and money !
Since one of my responsibilities during my morning job is security, we had, as a team to outthink all the potential attackers. Now this is a quite hard job to do. While we had a lot of brainstorming going, we decided to take a break. And one of our colleagues came out with the following blog post. Have a look:
I hope its a demonstration if proper camera usage…
Looks like I’ll have to think twice before trespassing…
Practical and Efficient
Always, always think big!
But above all, know how to:
I personally think that it gives a totally new meaning
to the term “security fixes”. I just hoped I had the opportunity to implement those security fixes during a PCI/DSS audit… By the way, in terms of development and bug-introducing procedure (we all had this, bugs are unfortunately unavoidable), not while ago there was this bug.
Heartbleed bug was at the same (ok, a little more) level of stupidity.
/* Enter response type, length and copy payload */ *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload);
There was absolutely NO static analysis problem. NO compilation error. Nothing at all. Just a stupid thing that two variables where controller by the user. And if you change those two variables you’re gonna get a GOOD dump of the nearby memory….
That was the case…
Source : Diply