Protocol Breaks

Little Bobby Tables Back in the day – and even today – one of the most common security flaws in websites was a “SQL Injection”. It’s where an attacker uses especially crafted data and puts it into innocent-looking fields within a form that are then used to construct a database query. Or, as XKCD readers … Continued

A Problem Shared

By the end of Friday, the first wave of the WannaCry Ransomware attack was over – a researcher (MalwareTechLab) had, in trying to gain further insight into the attack, inadvertently disabled its worst damage, preventing it “detonating”. The researcher wasn’t working alone – in fact, he was working alongside researchers all across the UK and … Continued

Asymmetric Information in Cyber Communities

What do Points mean? All of our engineering team take part in our sales activity, and I’m unashamedly enthusiastic about this. It gives us real visibility of the market. It establishes a connection with our customers that’s hard to beat. Most critically, it forces engineers like me to keep thinking about the technology we build … Continued

Debugging with Bacon

Debugging is the method for finding and fixing bugs. Bugs are behaviours in a software system which are undesirable and counter to the programmer’s intent. You’d think, given the obvious importance of debugging in providing and maintaining quality software, that it’d be easy to find hundreds of good quality tutorials on the web to guide … Continued

More Protocol Archeology

A little while ago, I wrote about some of the design principles of IMAP dating back 30 years. Since I recently came across a blog post explaining how slow SMTP is, it occurred to me there was plenty to learn from that too. Internet Mail is a really ancient facility. It dates back to 1971 at … Continued

Secure Sockets Layer version 3: A Eulogy

As we put OP_NO_SSLv3 in all our software, we close a chapter of the history of the Internet. We’re laying to rest a faithful companion, one that gave us the commercial Internet we have today, and we’re also saying goodbye to one of the last closed protocols in mainstream use. And finally, we’re saying goodbye … Continued

The Secrets of the Ancients

That Nathan Fritz. He’s a smart guy, and always been very nice to me, at least, if we discount that incident. And over on the &Yet blog, he’s posted about sending hints rather than data. And when I read it, my heart sank. Now, I should stress, my heart didn’t sink because Fritzy is in any way … Continued

Air disasters and software; not such a tenuous link

United 173 It’s ten past five in the evening of the 28th of December, 1978. In the skies above Portland International Airport, Oregon, there’s a DC-8, with 189 souls on board, coming in to land. As they lower the landing gear there’s a loud thump – both heard and felt in the cockpit. So it’s … Continued

Openfire. Reloaded.

People sometimes ask what the real benefit in open source is. It’s clearly not simply having the source code; if that were the reason, you’d write everything in-house – and while that would certainly keep me employed, it’s not the reason. Back in 2002, a new version of Windows had recently graced the scene. Called “XP”, … Continued

The heart bleeds on open source projects

The Heartbleed bug in OpenSSL has been described by Bruce Schneier as “on the scale of 1 to 10, this is an 11“. It means any program using an affected version of OpenSSL could be probed easily for random chunks of its memory – allowing anything the supposedly secure program was working with to be sent over the connection to the … Continued