5 Unbelievable Security Fixes

While working with security…

…you often find yourself between a rock and a hard place.

Solutions must be provided in with low cost both in time and money !

Since one of my responsibilities during my morning job is security, we had, as a team to outthink all the potential attackers. Now this is a quite hard job to do. While we had a lot of brainstorming going, we decided to take a break. And one of our colleagues came out with the following blog post. Have a look: 

I hope its a demonstration if proper camera usage…

Better than NSA

Looks like I’ll have to think twice before trespassing…

Watch out, it looks very fierce

 

Practical and Efficient

Always lock your mo-pad!

 

Always, always think big!

After some years the chain will actually grow into the tree, rendering it impossible to move

 

But above all, know how to:

Protect and Spell!

 

I personally think that it gives a totally new meaning

to the term “security fixes”. I just hoped I had the opportunity to implement those security fixes during a PCI/DSS audit… By the way, in terms of development and bug-introducing procedure (we all had this, bugs are unfortunately unavoidable), not while ago there was this bug.

The heartbleed bug, has efficiently put all internet to knees…

Heartbleed bug was at the same (ok, a little more) level of stupidity.

<

pre>


/* Enter response type, length and copy payload */
*bp++ = TLS1_HB_RESPONSE;
s2n(payload, bp);
memcpy(bp, pl, payload);

There was absolutely NO static analysis problem. NO compilation error. Nothing at all. Just a stupid thing that two variables where controller by the user. And if you change those two variables you’re gonna get a GOOD dump of the nearby memory….

That was the case…

Source : Diply