Thursday, March 12, 2009

Compiler or Programming Language: Which Came First

Have you ever think about this? Which came first, the compiler or the programming language?

This is like the classic causality dilemma on "chicken and egg" question. Here is what I think the sequence of how it comes:
  1. Machine code: The 1st program was written directly in the hardware's machine code
  2. Assembler (Interpreter): A program written in machine code to interpret ASM into machine code.
  3. Compiler: This is a set of programs (lexical analyser, parser linker etc) which could convert source code to assembler/machine code.
Links:

How to Make a Compiler?

If you ever interested in making your own compiler, try this:

Wednesday, March 11, 2009

PDF Exploit PoC without any user interaction

Last week, Belgian security researcher Didier Stevens demonstrated that a PDF exploitation could be possible with the user only selecting the file (the answer lies in Windows Explorer Shell Extensions).

Now he took it even a level further: you can be vulnerable by just having an infected file. The problem lies with the Windows Indexing Service.

Here is still a list of possible countermeasures:
  • Disable JavaScript in Adobe Acrobat Reader.
  • An up-to-date anti-virus.
  • Host-based IDS/IPS signatures.
  • Disable automatic rendering of PDFs in the browser
  • Use an alternative PDF reader like Foxit Reader or Sumatra PDF.
  • Disable or deinstall windows indexing service.

Related posts:

What's Your Location?

There are a few ways provided by Google, to show your location, or geotagging, when you post to your blog site or sending email.

  1. Google Latitude: to see your friends on map. You can check this using your phone, computer, or both.
  2. Gmail Message Signature: Enable "Location in Signature" option in Gmail Labs, and follow by "Append your location to the signature" in Setting page, it will be able to see where you send the email out. With Google Gear install, the Gears Geolocation API can make use of network servers to determines the client's position including the client's IP address and information about any cell towers or WiFi nodes it can detect. Cool!
  3. Blogger Geotagging: This is an option only enabled in Blogger in Draft. It provides an option to add location in the post editor. You can search, zoom, click, drag on a map to choose and save a location.

Tuesday, March 10, 2009

Information Security in Cloud Computing

This is a typical example of information security within cloud computing: you just don't know when will you're vulnerable.

See how Google has handled a bug reported on Google Docs: error allowed unauthorised document access.

Monday, March 09, 2009