I guess you have heard about Evilgrade framework that allows to “fix” the update mechanism of the most popular programs (Windows update, Apple update and so on and so forth) by replacing valid files with malicious ones. You probably think that only the application’s updates are vulnerable? Well, you are wrong. I shall be honest with you, it is not that secure to download files from the web as it might be seemed from the first sight. Don’t believe me? Then look, or better say, read.

Read full article →

A small injection for memcached

What is memcached?

But at first let us consider a small introduction. So memcached is a free and open high-performance distributed system for caching objects in memory. It is a storage of “key-value” type located in the operating memory and designed for small “portions” of arbitrary data (string values, numerical values, not infrequently serialized objects in the form of string values) such as results of queries to DB, results of API calls or generation of pages. In addition, memcached is a fully open development, is assembled and operated under UNIX, Windows, OS X and distributed under an open license. It is used by many popular web projects, for example, LiveJournal, Twitter, Flickr, YouTube, Wikipedia, etc. It is a normal network service with host-base authentication, which is operated in loopback interface on port 11211. memcached daemon supports UDP- and TCP-sockets and provides two different protocols for interaction with itself: text and binary. I suppose that this is all what we are to know about the patient so far.

Read full article →

Forged together with one chain

In this paper, as I am an active enthusiast of Joao Dias, a Portuguese application developer, and his motto: “Automate your life,” I will show how you can make your life much simpler, automate the problems requiring communication between your smartphone and a computer, another smartphone or a tablet PC.

Read full article →

High Load Theory

In our work, we are faced with very different projects. In one way or the other, many of them could be called “high-load projects”. If you spend some of your spare time on categorizing these projects and discard such ordinary things as second-rate online stores while roughly grouping what is left, you can come up with an approximate classification. It includes four types of high load:

  • By the number of requests (banner networks);
  • By traffic (video services);
  • By logic (complex back-end calculations);
  • Mixed (everything that fell into several categories).

Now, let’s have a closer look at them.

Read full article →

Deceiving Blizzard Warden

Warden— that is how the developers of the most popular games in their genres employed by Blizzard decided to call their protection system. The system being, in fact, a part of is used in such projects as World of Warcraft, StarCraft II and Diablo 3. According to official figures only, thousands of accounts have been banned so far, and it is Warden that banned a considerable part of them.

Read full article →

Getting acquainted with Liferay

Enterprise Information Portals (EIP) have gradually been transformed from fashion to an irreplaceable business tool providing employees with a single point of access to data, tools for management of business processes and information exchange facilities. The Liferay project to be distributed under an Open Source license competes quite successfully with most commercial solutions.

Read full article →