Archive for Mai, 2012
Posted on Mai 24, 2012, under microcontroller.
If you are working with TextWrangler (or BBedit) on TinyOS files (*.nc), you can use the following file to get correct syntax highlighting: TinyOS.plist
To install it for TextWrangler, copy the .plist file to the following directory:
Username/Library/Application Support/TextWrangler/Language Modules
Then restart TextWrangler and you should have a language module called “TinyOS”, which will be automatically applied to *.nc files.
This video shows my implementation of Pong on an ATmega1280 dev board (AVR 51 microcontroller). The game uses the accelerometer of the respective Wii mote to calculate the racket position of player 1 or 2. To communicate with the Wii motes, it uses a bluetooth module. Furthermore a bundled MP3 and SD-card module is used to play sounds from unreal tournament (stored on the SD-card), each time a player scores a point.
This game was an exercise of the microcontroller course at TU Vienna in 2012S.
I am very happy to announce that the current issue (4.2012) of the german Eclipse Magazin (http://eclipse-magazin.de) includes my article “CDI für Richt Clients”, which is about the integration of Apache OpenWebBeans into Eclipse RCP.
After publishing my blog entry Apache OpenWebBeans meets Eclipse RCP, I was contacted by Claudia Fröhling asking if I wanted to write about this topic for the Eclipse Magazin. I was very glad to get this offer and, of course, agreed to write the article. Authoring such an article was a quite new experience for me, and I really enjoyed it. Hopefully it will not be the last one.
Posted on Mai 10, 2012, under security.
Yesterday was the workshop day of CONFESS 2012. My workshop was called “How to exploit and fix typical web application vulnerabilities” and that was what we did. I provided two JSF web applications, some PHP scripts and some C files, which all were vulnerable. At the workshop, we tried to break them in as many different ways, as possible.
At the beginning we did a lot of SQL injection exploits, at first manually and later using sqlmap. Then we looked into XSS, XSRF and poor session management. And last but not least we took a look at buffer overflows, using metasploit as shellcode generator. Unfortunately, we did not have time to check out the jsf-security web application, which would have shown some vulnerabilities of (old versions of) JSF 2.
The workshop HOW-TO and all the source files used at the workshop are available at github: https://github.com/jakobk/confess-2012
Posted on Mai 7, 2012, under security.
Today I spoke at the conference for enterprise software solutions (CONFESS) in Leogang, Austria. My session was called “Introduction to web security” and it explained attacks like SQL injection, XSS, XSRF or buffer overflows. It was quite well-attended and I got lots of positive feedback, which I was really happy about.
As promised at the session, here are the slides as PDF: Web_Security_jakobk.pdf
I really enjoyed speaking at CONFESS, and now I am looking forward to my workshop (again about web security) on Wednesday.
Edit 2012-05-15: The slides are now also available on slideshare: