If you're in trouble and cannot find an answer to a question which goes beyond Stack Overflow...

If you have a not-so-usual solution for your problems but need to justify it to your boss...

If you like to think on your own rather than blindly follow "common wisdom" and "profound truth"...

...then 'No Bugs' Hare on Soft.ware might be the right place for you.

Your mileage may vary. Batteries not included

Developing secure software is a challenge. Writing really secure software is a real challenge.
Here are the articles which touch different security aspects of software, from “what cipher suites are not to be used with TLS”, to certain more or less novel things under ‘Security Research’ subcategory.

All Musings on Security, page 3:

Advocating “Obscurity Pockets” Part III. Code Obfuscation Basics.

posted February 14, 2017 by "No Bugs" Hare

Quote:	“C++ is by far the king when it comes to producing obfuscated code.”
Another Quote:	“inlines and C++ templates are helping to obfuscate things very efficiently”
	[→]

Advocating “Obscurity Pockets” as a Complement to Security. Part II. Deployment Scenarios, More Crypto-Primitives, and Obscurity-Pocket-As-Security

posted February 7, 2017 by "No Bugs" Hare

Quote:	“In other words – such an Obscured RNG would protect us from Debian RNG disaster(!)”
Another Quote:	“such a protocol (if properly deployed on the Server Side) – would defeat Heartbleed too (even if all the details of the Client are known)”
	[→]

Advocating “Obscurity Pockets” as a Complement to Security. Part I. Definition and Benefits.

posted January 31, 2017 by "No Bugs" Hare

Quote:	“In a hypothetical world where attackers would need to create a unique attack script for each system attacked – such an economy would be a non-starter.”
Another Quote:	“If all the people would be the same – pandemics such as Black Death would easily take the whole humankind down; it is diversity among humans which allowed us to survive.”
	[→]

Direct Payment Processing. Recovery from ‘Unknown’ Transaction Status. PCI DSS.

posted January 3, 2017 by "No Bugs" Hare

Quote:	“With the Direct Processing, customer should trust us (the merchant) with their details”
Another Quote:	“On the other hand, most of PCI DSS requirements make perfect sense regardless of formal compliance”
	[→]

Payment Processing. Credit Cards. Chargebacks and Collateral Damage

posted December 20, 2016 by "No Bugs" Hare

Quote:	“Chargeback monster will come from under the bed and will eat all your hard-earned money!”
Another Quote:	“it is trivial to develop a system with guaranteed zero chargeback rate – to achieve this, it is sufficient to decline each and every transaction at pre-filter stage”
	[→]

War on Clones, Part II. Identifying Mobile and Browsers. Social and Payment-Based Identification. Putting it all together.

posted July 18, 2016 by "No Bugs" Hare

Quote:	“as much as iOS is a device identification nightmare, Android is a device identification paradise.”
Another Quote:	“Everybody makes occasional mistakes, cheaters/abusers included.”
	[→]

War on Clones, Part I. IP-based (non-)Identification. Identifying PCs and Macs

posted July 11, 2016 by "No Bugs" Hare

Quote:	“NEVER EVER use IPv4 for long-term bans”
Another Quote:	“If using MAC addresses to identify devices, you SHOULD gather stats on repeating MAC addresses within your DB”
	[→]

«Previous Page