DEV Community: George X.

Programmers need to think like hackers!

George X. — Thu, 01 Oct 2020 18:11:47 +0000

Programming is a complex task that includes five steps: problem identification, solution design, coding, testing and reporting. All of these steps are necessary to analyze security standards. Nowadays, attacks on IT systems and corporate infrastructures are a daily occurrence. Experts believe that the attacks will continue to increase due to the increased use of technology. The use of new technologies, the internet, computers, etc. also brings some security issues. Programmers are required to create not only functional applications but also secure ones.

Most consumers are aware of the need for secure applications. Therefore, programmers must make security a priority.

Hacking attacks cause major problems for victims (theft of personal data, installation of malware, etc.). So what is the solution? Developers need to think like malicious hackers. If this is done, cyberattacks could be greatly reduced.

Most organizations now recognize the importance of an effective security policy. They are also trying to find staff who are well-trained in cybersecurity. To be more productive, developers need to start behaving and thinking like hackers. But their goal must be security (ethical hacking).

Why should developers get into the logic of hackers? What characteristics should they adopt?

Great durability

Hackers are extremely persistent. They try hard to achieve what they want. Also, most are self-taught. They are very determined and do what they can to overcome any obstacle in front of them. Cybercriminals do not need "formal" education, degrees and theoretical knowledge. Most of the time they are self-taught and do not rely on the advice of others.

Programmers need to adopt these characteristics of perseverance, determination and knowledge that they have acquired on their own to create secure programs. Many times, because they are trained and qualified professionals, they do not consider simple solutions. This is bad. Also, many programmers rely on other team members and do not take initiatives. Therefore, they do not experiment and do not evolve.

Learning from experience

According to research, the most effective way to learn something is to do it in practice (experience). People gain 5% of their knowledge from lectures, 10% from reading books and 75% from experience. Cybercriminals always learn from experience and are confident in themselves. Developers need to follow suit and be willing to experiment and make efforts. The knowledge they have acquired through their studies is not enough.

Willingness to exceed the limits

Of course, "exceeding the limits" does not mean exceeding the ethical limits. It has to do with taking initiatives, experimenting and overcoming obstacles. The difference between hackers and programmers is that the former seek new vulnerabilities to exploit them, while programmers must identify them to fix them. Programmers should always learn and discover new ways to combat malicious situations.

Enjoy your work

When people treat a job as an obligation, they may not put in the maximum effort. A programmer who has to get a job done within a certain time frame is under pressure and may not be very innovative. Stress can make someone productive, but less effective. Programmers should always enjoy what they do and have fun to be as efficient as possible.

Cybercriminals do their job without having deadlines and pressure in mind. Their only goal is success. They are more oriented towards their goal than a deadline. If programmers see things the same way, they are likely to perform better.

Cybercriminals as role models?

Cybercriminals are certainly not considered role models. However, they have some positive features that programmers could adopt to be more efficient and useful in creating secure applications.

What did you learn in 2019?

George X. — Tue, 10 Dec 2019 13:08:18 +0000

What was the process like? How long did it take? Any special methods you used? Would you do it the same way if you did it over again?

What do HTTP and HTTPS mean and why does it matter today

George X. — Sun, 08 Dec 2019 17:29:41 +0000

You probably don't pay much attention to the full address of a website, after all, we are used to typing a name directly into the address bar and leaving the rest in our browser. But that wasn't always the case, once (not so old), we had to write the full URL in the address bar to get to the site we wanted.

So it makes sense that today most people don't know the difference between "http" and "https". Let alone the fact that many browsers no longer show the full address (for beauty reasons). But believe me, the difference between these two features can mean the difference between stealing or not stealing your personal information and credit card in an online transaction.

So if you ask your browser to show you the full address in the url bar (this is done in its settings), you will find that some sites have the 'http' prefix, while others - especially if you are doing a transaction, you will see the 'https' prefix. What is the - extremely important difference - between the two?

These prefixes are related to technology protocols that make it possible to navigate through various websites, hyperlinks and web pages on the Internet. Without these technology protocols, the Web would be very different. The truth is, it would probably not exist without them.

So HTTP means Hyper Text Transfer Protocol, and is the primary technology that enables hyperlinks and browsing in general - in short, without this, there is no Web navigation. This technology is used to communicate between Web servers and clients.

HTTPS is essentially the same as HTTP - as its name implies - with the addition of Secure - meaning it also has an SSL (Secure Sockets Layer). This protocol emerged from the need to secure transactions through the Web. SSL is a powerful secure and impenetrable encryption system that makes our data inaccessible to intruders when transmitted over the Internet. This system is mainly used on online shopping sites in the process of purchasing products, but also where encryption of user data is required. So we know that a site is safe if we look at the beginning of its address in the URL bar, 'https' must be there.

So whenever you go shopping in an online store, and you need to enter in addition to your personal data and credit card details, it is advisable to check first whether the "https" prefix is at the address bar.

One more thing: never leave a secure website without logging out - especially if you are on a public computer (office, Internet Cafe etc.). Some sites will automatically log you out but others will not. If for some reason you don't automatically log out and you forget to log out, then anyone can access your account, even with remote access.

These are some basic things about http and https, here are some more resources to read from:
What’s the Difference between HTTP and HTTPS?
HTTP vs HTTPS: What’s the Difference?
Easy Understanding of Web Protocols - HTTP and HTTPS

What personal blogs would you recommend?

George X. — Fri, 06 Dec 2019 17:41:30 +0000

I'm looking for more reading from personal blogs, these are the current ones I read:

https://www.oaktreecapital.com/insights/howard-marks-memos

http://www.docbastard.net

https://meltingasphalt.com

http://paulgraham.com/

What are online cookies and how do they work

George X. — Thu, 05 Dec 2019 18:49:20 +0000

This post was first seen over at gexos.org

Why they exist, what capabilities they offer and what problems they create.

Cookies are text files, and they provide many useful features on the Web, but there are two things that cause a reaction around cookies: The first is something that has plagued consumers for decades. Let's say you bought something from a traditional mail-order list. The company has your name, address and phone number from your order and also knows what things or services you have purchased. It may sell your information to others who may want to sell similar products or services to you. This is the fuel that makes telemarketing and junk mail (spam) possible. A website can track not only your purchases but also the pages you've read, the ads you click on, etc. If you then purchase something online and enter your name and address, then the site knows a lot more about you than a traditional mail-order company. This makes targeting a lot more accurate, and it makes many people feel uncomfortable.

Different sites have different policies regarding cookies and the protection of personal data.

Every site that respects its consumers and users have a strict privacy policy and does not sell or share their personal information with any third party, except where consumers themselves choose to do so (for example in a opt-in - opt-out e-mail program). With the consumer-user opt-in of the site, aggregated data is created and distributed accordingly.

There are some providers that can actually create cookies that are visible on various websites. DoubleClick is the most famous example of this. Many companies use DoubleClick to serve banner ads on their websites. DoubleClick can place a small (1x1 pixels) GIF file on the web page that allows it to load cookies on your computer. DoubleClick can then track your movements across multiple websites. It can probably see the search links you type in search engines.

Because it can gather so much information about you from multiple websites, DoubleClick can have very rich features. These are still anonymous, but they are rich. DoubleClick then went a step further. With the acquisition of a company, DoubleClick threatened to link these rich anonymous profiles to the name and address of each consumer-user - and threatened to tailor them to their needs and preferences, and then sell these consumer-user data. This started to look a lot like espionage for most people, and that's what caused the general outcry.

Problems with cookies

Cookies are not a perfect mechanism, but they certainly do a lot of things that might otherwise be impossible. But here are some of the things that make cookies imperfect.

People often share machines (PCs) - Every machine is used in a public place, and there are many machines used in an office or home environment, shared by many people. Let's say you use a public computer (in a library, for example) to buy something from an online store. The store will leave a cookie on the machine, and someone might later try to buy something from the store using your account. Large stores usually have warnings about this problem due to these frauds.

Cookies can be deleted - If you have a problem with your browser and call technical support, perhaps the first thing technical support will ask you to do is delete all temporary internet files on your computer. When you do this, you will lose all cookies. Now, when you visit a site again, the site will think you are a new user and it will set a new cookie. This tends to distort the visitor's record of each site and can also be difficult for you as a user to retrieve your previously saved preferences. This is why sites may ask you to sign up in some cases - if you sign up with a username and password, you can still log in even if you lose your cookie file, so you can restore your preferences. If the preference values are stored directly on the machine, then recovery is impossible. This is why many websites now store all user information in a central database and store only one ID (password) value in the user's machine.

Multiple computers - People often use more than one computer during the day. For example, you have an office machine, a home machine, and a laptop for the road. Unless the site is specifically designed to solve the problem, you will have three unique cookie files on all three machines. Each site you visit from all three machines will track and perceive you as three separate users. It can be annoying because you have to set your preferences three times.

There are probably not any easy solutions to these problems, except asking users to register and storing everything in a central database.

Error when trying to post an article

George X. — Thu, 05 Dec 2019 17:49:52 +0000

Hello community I'm trying to post a new article on the site but I'm getting this error:

base: (<unknown>): could not find expected ':' while scanning a simple key at line 5 column 1

I'm on firefox latest build if that matters.
Thanks in advance!

How To Stay Motivated When Learning to Code?

George X. — Wed, 17 Oct 2018 16:31:00 +0000