Blogs

Autocomplete and Input History for MagicTree

Components for Java Swing

Most modern user interfaces remember user input and provide autocomplete function. When you start typing a URL in a browser location bar, you get a list of URLs matching the pattern you have typed.

We wanted similar functionality for MagicTree. Whenever user has to type something, whether it is a command line, an XPath expression or a search term, we wanted the application to remember the previous input and provide autocompletion. Now we have that:

Pentesting Silverlight and WCF RIA Web Services

During a recent test I have encountered a Silverlight application with WCF RIA web services on the server side.

Silverlight application runs in the browser. It is conceptually similar to a Java applet. The compiled code is downloaded to the browser where it is executed in a sandbox. The client side communicates to the server. In case of the application I was testing, the server side was implemented as several web services.

How To Tell A Good Security Test Report From A Bad One

Suppose you had a penetration test, a vulnerability assessment, a security test, whatever it was called. (Different people would use different names for different kind of test). Now you have a report, and, apart from having to sort out the problems that were discovered, you want to know if the testers have done a good job.

This post should help you with that last one.

Warranty Void If Password Changed

Once, while doing an internal network vulnerability assessment, I asked the customer's security officer: "What is this Oracle server"?

"The one with all the default passwords?"

"Yep".

"Oh, it has been installed by a vendor. The vendor said that if we change any of the passwords, it will void our warranty. The legal are dealing with it now".

Unbelievable.

Snow White And Seven Firewalls

A soon to be former colleague of mine, Axel, once mentioned a conversation he had with a security officer at a customer site. Axel was describing an attack against their web application from the Internet. The guy said:

"No, it is not possible. There are seven firewalls between the Internet and the application. You can't get an exploit through that."

A lot of people seem to work under impression that firewalls are like magic charms. They make you safer just because you have them, and the more you've got, the better.

Why Gremwell?

I never thought that coming up with a name for a company will become a blocking point.

Of course, first we thought about naming it Bezroutchko & Bezroutchko (because it sounds great and it is easy to remember). Don't really know why we have abandoned this idea.

We wanted the name to indicate that it is something about computers (something with "bit", "byte" or "hex" in it). We also wanted a hint of magic (but not the word "magic" itself, because it is already in MagicTree). And we also wanted something like "works", "mill", "factory" or along those lines.

Pages

Subscribe to RSS - blogs