Rants About Software

by James A. WhittakerMost of the books about software testing that I've read (wow, I can't believe I've actually read multiple books about testing software) have taken a very textbook style approach to explaining the ins and outs of testing. They go into detail about developing a test plan, boundary conditions, white/black box testing, localization testing, regression testing, etc.

The How to Break Software series (How to Break Software, How to Break Software Security, and How to Break Web Software) takes a much more hands-on approach to software testing. The book is made up of a series of tests, referred to as attacks, that each target a specific fault in the software.

These attacks include things such as exploring allowable character sets and data types, overflowing input buffers, forcing a function to call itself recursively, finding features that share data, and forcing the media to be busy or unavailable.

Click to read more ...

Earlier this week, several high-profile Twitter accounts were hacked.

Here's what happened. Some kid was trying to hack the account of a popular Twitter user. He did this by conducting a basic automated dictionary attack. The attack ran all night and the next morning he had access to the account. It wasn't until then that he realised that the account was actually for a Twitter administrator. So from there, he was able to access anyone's Twitter account. His newfound administrative rights granted him access to the accounts of Barack Obama, Britney Spears, Bill O'Reilly, Facebook, The Huffington Post, and more.

Let's look at what Twitter did wrong.

Click to read more ...

by Greg Hoglund, James ButlerThere are a lot of security books out there that discuss exploits. They talk about different types of attacks and how to protect yourself from them. While this is all valuable information, Rootkits has taken the security discussion one step further by detailing what can happen after security has already been compromised.

In this book, authors Greg Hoglund and James Butler begin with an overview of rootkits and how they are designed, then quickly shift to how rootkits are programmed (with examples written in C). The code examples begin with writing simple Windows device drivers, but by the end of the book, they'll cover more advanced topics such as modifying the kernel, manipulating hardware, and even accessing the BIOS.

Click to read more ...

[Originally published 01/29/08]

I just sat down with my morning coffee to check out the latest IT news and this is the first thing that I read. Harvard's Graduate School of Arts and Sciences website has been hacked and the content has been leaked on BitTorrent.

::sigh::

Please learn to use secure passwords, people.

Click to read more ...