Security, Development and other ramblings...

The ABCs of Electrical Circuit Character reference

When I was younger and first started repairing and reverse engineering electronic devices, I would sometimes need to look up a component or the reference character to figure out what that component was. It would be a pain to search online every time, instead of having it in front of me for a quick reference.

So I decided to create a cheat sheet of the most common electronic components that I encounter regularly, their assigned character reference which are used on PCB silkscreens and the electronic symbol used in schematics.

You can go ahead and download/print the following:

What the hack - The exploited & security life of a hacker

The article was written by Matthew Anthony Pace and was published on the Sunday Times Tech-Sunday (18th January 2015)

Most people these days wouldn’t second guess the security of the products they use in everyday life. You probably be shocked to know that the average household has 3 - 4 unique exploitable points that a knowledgeable security expert could use to gain access to internal devices, which then can be controlled and the personal information which is located on them. These household exploitable points include Smart TVs, network connected set top boxes, any kitchen appliance which has some type of network connectivity and of course the houses occupants themselves are exploitable.

Most, if not all software and hardware vulnerabilities come from developers who have either maliciously or accidently left an exploitable security point in a product or service, these could have originated from the developer her/himself either due to inexperience with security best practices or just simply be inherited due to the use of a third party framework which could contain an exploitable piece of code.

There are 3 main types of hackers, the first being white hat which is also known as an ethical hacker, is someone who attacks and breaks security for non-malicious reasons, they usual do this to test the strength of their own systems or are hired by businesses to identify any security weaknesses in their products and their existing implemented systems, this way businesses have peace of mind that if there are any issues or violations of security best practices that they are brought to their attention so they can be resolved.

The next type would be black hat, which is someone who breaks into secure systems to steal, modify, delete data or just make a system unusable for all other legitimate users. Black hats will often perform these acts for nothing more than personal gain, a thrill or a challenge. Black hats usual find vulnerabilities and keep them to themselves and do not release them to the general public or inform the manufacturer, so that a patch may be created and released to fix the issue.

The last type is grey hat, which is a combination of both black hat and white hat hackers. They usual look for vulnerabilities for the fun of it and then notify the manufacturer or owner so they may correct it or in most cases offer to correct it for them for a payment.
When it comes to locating new vulnerabilities, it can sometimes just be pure luck that they were discovered by a curious individual just wondering how a particular system functions or it could be security researchers or hackers brute forcing their way using a number of different techniques to detect them.

One technique is packet and logic analysing, which works by capturing and reviewing the raw data that is being passed over a data bus, whether over a wireless interfaces such as WI-FI, Bluetooth and other radio frequencies, or over wired interfaces such as Ethernet, USB and other physical connections such as micro-chip to micro-chip communication.

Another approach is for a security expert to examine the source code of the application to find any vulnerabilities which could be used for exploits. If however the source code is not available, reverse engineering the compiled version is possible, which would have the same outcome as having the original source code.

While the next technique is not directly linked to detecting and discovering new exploits per say, it is used, however to exploit the human psychology. This type of exploit uses a less technical approach, in the terms it requires the least amount knowledge on hardware and software systems and can be performed by almost anyone, this technique is known as social engineering. Social engineering is an act of psychological manipulation, it works by one or more persons tricking a vulnerable person in to gaining their trust, which then can be easily used to get sensitive information such as credit cards, passwords and unlawful physical access to buildings, usual just by talking and pretending to be someone else with an important status.

Any individuals looking to start a career in the security research industry should have the mind-set of thinking outside the box and will have to dive deep down in to the inner workings of systems to uncover new exploits, however a career in the penetration testing industry would require to stay up-to-date with the latest techniques used and security best practices.

Original Times of Malta Online Article:


Copy of printed Newspaper:

Task Parallel Library (TPL) vs Task-based Async Pattern (TAP) vs Async Programming Model (APM)

For a number of upcoming projects (make sure to follow/like on Facebook and other social media to stay up to date of when I release them), I needed to create high performance, low impact .NET code which was able to scan a large range of IP addresses and ports in the quickest amount of time possible.

So naturally, I performed some tests to see the outcome of each of the patterns, using them in a normal way and using them in a number of different combinations to try and squeeze as much as possible out of them.

The patterns that I am going to base the tests on are the following:

  • Task Parallel Library (TPL) is designed to make developers more productive by making it easier to add parallelism and concurrency to applications TPL scales dynamically to make use of all processors that are available. Using TPL allows you to focus more on the application's core functionality.
  • Task-based Async Pattern (TAP) allows for a single method to represent the initiation and completion of an asynchronous operation.
  • Async Programming Model (APM) uses the IAsyncResult design pattern, which is implemented using two methods named BeginMethodName and EndMethodName that are used to begin and end asynchronous operations respectively.
  • Event-based Async Pattern (EAP) allows easy implementation of "in the background" operations, without interrupting the application. (this has been replaced by TAP completely and will not be tested as the Async method of the TCP client uses TAP)

The following test were performed using port 80 for 255 unique IP Addresses using the following machine specs:

First Machine: Dual-Core CPU & 4 GB RAM

Second Machine: Octa-Core CPU & 14 GB RAM


TCP Client Type & Notes

Seconds taken on 1st machine

Seconds taken on 2nd machine

Normal (Control Test)








Task-Based Only

Task Based Loop with TAP



Task-Based Run Loop









Mix and Mash with 4 pre task runners and multiple sub task runners with TAP



Parallel For Each Loop

Max Degree of parallelism set to default and with APM




Max Degree of parallelism set to default and with TAP




Max Degree of parallelism set to 999 and with APM




Max Degree of parallelism set to 999 and with TAP



Looking at the results above, it seems that they are all relative to each other in the terms of time it takes for each test to execute. The only visible difference seems to be with the amount of cores used, the more cores used, the less time it takes.

Depending on the scenario, it would be ideal to either use TPL or TAP to implement parallel or asynchronous code as recommended by .NET best practices and avoid the use of legacy APM or EAP as they will be phased out over time.

I have uploaded the test application source to GitHub and is being released as GNU GPL, so go grab a copy and perform the tests on your machine from here if you wish: https://github.com/lookuga/CodeTests

Open to suggestions - Protecting your source code, A waste of time?

The article was written by Matthew Anthony Pace and was published on the Sunday Times Tech-Sunday (7th December 2014)

All businesses want to protect their software from being copied or pirated. But is it really worth obfuscating or implementing other methods to prevent competitors from reverse engineering your code or freeloaders from releasing a pirated version of your software?

The answer depends on the type of application you have developed, because if an individual or a competitor is truly motivated and has enough resources and experience, then they will bypass any protection implemented to gain access to the application logic.

All software, whether on an embedded piece of hardware or just an application installed on a computer or mobile device, can be decompiled via the many tools available online. Some applications, which have special protection methods implemented in them, may be harder to decompile or to understand due to obfuscation (making the code harder to read). However, it is not impossible to re-engineer the logic back to a working compliable state, one such tool used to decompile is called .NET Reflector, which will allow you to decompile .NET Applications.

There are ways to help mitigate your source code and logic from being seen and reviewed by third parties. One solution is to be selective in who you provide your software to – the downside is that this would ultimately limit the growth of your product to a small number of users, which may be fine for bespoke software, but would be detrimental to a business looking to grow.

A quick solution which does not require to make any code or logic changes is to obfuscate your code. While this may prevent the less experienced from decompiling and reviewing your application logic, it may just make it a tiny bit more difficult for someone who is more experienced. One tool which provides obfuscation and a number of other added functionalities such as automated error reporting is SmartAssembly.

You can also move the software’s core logic and functionality online as a web service, hosted at a secure and trustworthy service provider that has ISO security certification and only leaving the bare essentials on the desktop or mobile application. Alternatively, you can completely rewrite the offline application as an online web application – this would obviously require users to have a constant internet connection for the product to be usable.

A radical alternative to all these solutions is to open source your code. This does not mean that you provide your compiled software, patents and core logic for free.

When it comes to business-to-business or even non-technical user sales, you would not lose sales or profit because users would still need accountability, support and in most cases customisation to support their internal processes. By open sourcing your code, you and your users can enjoy various benefits, including quicker turnaround to bug reporting and fixing as this can be done by the users and then it can be reintegrated into the original software, where a patch can be created which can be distributed to others easily. Additional advantages include security practice improvements, as the source code can be reviewed by the public. If there is a security issue, this can be more efficiently escalated and resolved. Also, the overall product quality will improve, as improvements can be suggested and possibly implemented by the users.

There are various options to license your software under open source. Some licences will protect both your software and your copyrights while others are less protective in terms of what third parties can do with your source code. It is possible to have multiple licences for the same software, which can be used for different use cases, such as personal use and business use.

One such licence that is protective and allows for freedom at the same time is the GNU General Public License (GPL). This allows others to copy, distribute and modify your software as long as they track the changes they made either written somewhere or on a version control system. This allows you and others to learn, copy and review the changes, so they can be re-implemented back into your software if they seem valid improvements or features.

When releasing your source code under the GPL license, keep in mind that it is a criminal offence if the derived software is not using the same licence that the originating software was using and if they do not provide public access to the modified source code.

There are many other open source licences available and each should be carefully reviewed to see if one or more match the type of business model in use.

Original Times of Malta Online Article:


Copy of printed Newspaper:

Thanks for Poaching Clients

Recently a client was contacted via phone and then had an in-person meeting to possibly drop their current hosting contract with me and switch over to them. The funny thing was the follow up email that this Maltese "Web Consultancy" firm had sent, was accidently sent to me instead of the business owner…

While poaching clients, either done via a competitor or even an employee is not illegal (unless the employee signed a non-solicitation and/or non-compete agreement [continue reading for more information]), it may cause an unhealthy relationship between the current contract holder and business owner and might be worse especially if the poacher does not pay close enough attention to contact you instead of the actually business owner.

There are ways though to limit the poaching of clients, for your employees, requesting them to sign a non-solicitation and/or non-compete agreement. A non-solicitation agreement is used for restricting someone from soliciting employees and/or customers and a non-compete is used to preventing an employee after which s/he has been terminated to start a business doing the same business activities as yours. While both of the agreements are a good way to prevent current employed employees from approaching/pouching clients, they are not valid indefinitely after the employee has been terminated.

For existing clients, the only legal way seems to be to have certain terms and conditions in their contract which will lock them to you for a period of time (it is not valid indefinitely), while this legally can't prevent them from terminating the contract, it can enable you to possibly renegotiate new contract terms before them leaving.

Now regards to the client be poached, in the end the client decided not to leave, this due to the competitor's package being 5x more expensive, so I guess in the end it is all comes down to who can offer a better service with a lower price.

If you are looking to switch your current provider due to the expensive yearly/biennial fees, why not request a free consultation on how you could save on hosting: https://www.acewind.com/contact/hosting