Vladimir Cicovic Blog - Vladimir Cicovic - Security, Programming, Puzzles, Cryptography, Math, Linux

Oldest trick in the programming

Python logo

Before half-century, each bit inside of the computer was important. One of the most frequently used function was "swap".

Swap do the simple thing and you can say well I know. But in that time each operation and memory usage was important. So to have an efficient swap between 2 variables and not using third variables.

So trick goes like this:

A = A + B
B = A - B
A = A - B

Instead of:

TMP = A
A = B
B = TMP

Python code (tnx to Jovan Sh):

>>> a = 5
>>> b = 3
>>> (a, b) = (b, a)
>>> print a,b
3 5

With this approach at that time, programmers save a lot of memory usage.

Also, you can find all these tricks in the book Hacker's Delight

Web page online test tools

Google page speed

In one moment of web page life - there is some bottleneck. It could be not using compression, a slow DNS response, a big size of jpg or larger picture format (example Jpeg optimization tools, wrong SSL/TLS settings, or missing and similar.

Pagespeed Insights

Very handy tool working really well.

PageSpeed Insights

Pingdom Website Speed Test

This tool is different than the previous one. It shows many things and recommends + it has different locations to run the test.

Pingdom Website Speed Test

Gtmetrix

It has different tools for checking speed, how content is loaded as also giving tips to improve speed.

GTMetrix

SSLabs

Swiss knife for SSL/TLS and gives recommendations on how and what to improve SSL/TLS settings.

SSLabs

CAA DNS records - prevent hijacking TLS/SSL certificate

SSL type of CERT

Imagine that certification authority without your permission publish certificate for your site and for example the same one gets used by cybercriminals. Your online shop gets BGP hijacked and you lose millions.

So how to prevent this type of attack?

One way is to use CAA DNS records. What does that mean? It means that you put exactly what CA you want only to use. So others CA become a fraud. And if happen - you get a message on this.

It is a security mechanism to prevent stealing SSL/TLS certificates and imitates your (let say) online shop and stealing millions from your clients and from you.

Example of the records: Example DNS CAA Records

dig CAA vladimircicovic.com

; <<>> DiG 12.11.3-1TAONSA_linuxOS<<>> CAA vladimircicovic.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10986
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;vladimircicovic.com.       IN  CAA

;; ANSWER SECTION:
vladimircicovic.com.    10800   IN  CAA 0 iodef "mailto:someemail@localhost.com"
vladimircicovic.com.    10800   IN  CAA 0 issue "letsencrypt.org"
vladimircicovic.com.    10800   IN  CAA 0 issuewild "letsencrypt.org"

;; Query time: 307 msec
;; SERVER: 
;; WHEN: Sat May 09 20:06:28 CEST 2020
;; MSG SIZE  rcvd: 174

So important to set iodef, issue, issuewild to CAA works properly.

You can ignore the given record but keep in mind this How 3ve’s BGP hijackers eluded the Internet—and made $29M could happen to you.

Yea this is a scary blog post about how people lose money if they don't read this post :D