ritter.vg

You're browsing without Javascript! If you have no idea what that means, you should ask your technical friend about it.
Otherwise - kudos. The website should work. If it doesn't, please contact me and let me know.

tech > code > adventures in code

comparing loop hoisting in .net: You know how some people say you want to remove the test in a loop into a local variable to make it faster? Don't.
this is why javascript is awesome: String manipulation on functions is horribly dangerous but also so cool - I don't know any other language that can do this.
here's some sql you should never use: Whenever we want to get something done quickly, we write code that should never, ever, see the light of day. And for some reason, I like sharing mine on the internet.
hacking the clr: diffing assemblies: I ended up looking into the binary of the assemblies produced by a simple Hello World program, diffing the assemblies between two runs on the same machine, between two runs on different machines, and between Debug and Release mode.
RFID Experimentation: I got an RFID kit... I wired it up to a candy bowl and set my server up to yell at whoever takes a piece.
Bastardizing a Backup: Watch I turn a relatively simple backup script into a horribly complicated, supremely mis-architected amalgamation that should never have seen the light of day.
Making the Site: Learn about how this site works, and the design choices that went into it.

tech > security > adventures in (in)security

Microsoft ClickOnce MITM Vulnerabilities: ClickOnce is a Microsoft technology intended to make deployment of desktop applications extremely simple. When deployed over HTTP, it is vulnerable to several types of Man in the Middle attacks; despite the ability to sign the executables.
Finding SQL Injection in a White-Box Environment: When we have access to the database, we can farm SQL Injection testing to untrained QA Analysts - they don't even need to know what SQL Injection is. This is can catch unusual code paths and is generally less expensive than a full code audit.
why event validation exists in ASP.Net: ASP.Net prevents you from chanting magic incantations to trigger events you can't see. I show you what the incantations look like, and when you may still be able to exploit something despite it's protection.
people who shouldn't do crypto episode 2 - the followup: After I called him out on his security, the author sent me a big encrypted message, and challenged me to break it.
people who shouldn't do crypto episode 2: Some people think that you can encode and rearrange some bits, and it's Military Grade crypto.
people who shouldn't do crypto episode 1: Some people think crypto is like bacon - put it on anything and it becomes better (or secure). These are their tales.

Comments

Comments loaded via javascript...

Add a comment...

Name: required
E-Mail: required, hidden, gravatared
Website:
Comment: required, markdown enabled (help)

you type:	you see:
italics	italics
bold	bold
[stolen from reddit!](http://reddit.com)	stolen from reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"