I heard earlier this morning that I finally passed my CISSP. I am going to outline a few of the strategies that I used and followed while studying hoping that it may help someone. First off, a disclaimer: I DO NOT KNOW ANYTHING MORE ABOUT THE CISSP THAN OTHERS WOULD! IF YOU FOLLOW THESE STRATEGIES THERE IS NO GUARANTEE THAT YOU WILL PASS. THIS IS JUST ......

---

My new Dell XPS laptop was frussturating me because of the Windows XP Media installed on it. It just came with too much crap that I could not put up with any longer after three months. At the same time, I needed some of my Windows functionality to work from home. I just installed Ubuntu on my dearest laptop. So far, so good. It detected my internal ......

---

We all know what a SSL cert is, right? Well then why are most certs so poorly implemented? I think the problem lies with most system administrators getting the cert at the last minute (when users report seeing an expired cert on the site) and sticking it in. Often though, several weak ciphers are allowed. I assume that everything below 128 bit encryption ......

---

Localstart.asp is a default page on IIS installations. This page is protected by IIS using basic authentication. The problem with this is that if I am able to bruteforce the password, I know the password for the admin on the local box. This can be very bad since the attacker now knows the admin's password. If the box enables any network services, this ......

---

So, it finally happened yesterday afternoon. I had to give up on my skunkworks project. Below is an article on what the attempt was, and how exactly and why I had to abandon it. Hopefully, it will help someone following along the same lines (if someone is really dumb enough to follow along those lines) Phishing project (a.k.a. what I did the Spring ......

---

To date, I have mainly been blogging about technical issues and problems. I generally hold back my views and tend to form opinions as time goes by. I have some opinions now - these opions are to be taken in light of the fact that I am not an expert. I am just a simple guy trying to figure out a big bad industry- software security. These opinions do ......

---

Here is an interesting post this morning from the New York Metro. IT talks about why people blog and how some blogs are more popular than others (like me :( )
Have Fun!

---

Here is a way to convert your byte array to a hex string in c++. It will convert a byte array that looks like 2A 1F 2C to a string value "2A1F2C" char finalhash[20]; char hexval[16] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; for(int j = 0; j finalhash[j*2] = hexval[((hval[j] >> 4) & 0xF)]; finalhash[(j*2) + 1] ......

---

So a byte is a byte is a byte unless it is not! That in one sentence sums up my findings from yesterday. A byte in .NET represents a unsigned byte (0 - 255) automatically but a byte in Java is a signed byte(-128 - 127) and no there is no way to get an unsigned byte. I never really came across this problem till I was running some encryption algorithms ......

---

I was very surprised to find that the .NET framework does not have an implementation of RC4. I read somewhere that .NET 2.0 will have access to RC4 but it is definetely not included in the 1.1 version. So I went out and found a good implementation of RC4. It is quite simple to use (I think) and has a simple function use. I could of course write one ......

---

I did my stint in college with modular software design and have always asked the question "At what stage does it get too modular?" Let me explain that question a bit more in depth - It is noce to have a modular and pluggable arachitecture but the more pluggable and modular you make it, the more overhead you have. The problem comes when you are putting ......

---

I worked on the redesign of one of my components this week. The redesign was caused because of added functionality. We ran into a problem where we needed to choose the chain of dlls to load at runtime. To give a quick overview here is what we ended up doing. typedef long (_stdcall *getBlockSize)(long Size); HINSTANCE LoadMe=NULL; LoadMe = LoadLibrary("..\\bin\\MY.dl... ......

---

It has been an extraordinarily long time now that I have not posted. I have been working on a very important project at work with an extremely tight deadline - so tight that I had to cancel my long planned overseas vacation :( . I had a very successful meeting on Tuesday though where the entire engineering team re-evaluated our plans and goals and where ......

---

We had a bug that got reported on November 1 this year. Nobody could figure out the reason for the bug except that the possible module for the bug had to be a module that I wrote. The bug was reported across all the clients. The condition had not occured before even during extensive testing. I could not reproduce the bug on my machine nor could the ......

---

hmmm ... what does this remind me of? Just kidding
But I thought this would be a lot of fun to read

---