Credit card fraud is not new to the Magento eCommerce platform.There are two methods used by attackers to siphon credit cards away from eCommerce stores. The first of which is through the use of Javascript which takes place client-side. This is achieved through malicious JavaScript hosted on the web page which causes the customer’s machine to silently send a crafted request to a server in control of the hacker. The other method commonly used by attackers, as described in the Sucuri blog, is modification of the app/code/core/Mage/Payment/Model/Method/Cc.php file. This method requires shell access to the server and indicates a serious compromise.

Cryptography can be a hard subject to understand. It’s full of mathematical proofs. But unless you are actually developing cryptographic systems, much of that complexity is not necessary to understand what is going on at a high level.

I’ve been having a bit of fun setting up a Nuget Server as of late, and learning the nuances of versioning a .NET Standard library. With that in mind, I thought I would document my approach to how I got things going and all the pitfalls and dead ends I ended up running into.

I’m going to show you four common mistakes C#/.NET developers make when dealing with time. And that’s not all. I’ll also show what you should do to avoid them and make your code safer and easier to reason about.

I think I spend more time debugging code than writing code, designing software architecture, trying to reproduce bugs and even going to meetings! Debugging is the biggest time consumer we have as developers.

JavaScript UI frameworks and libraries work in cycles. Every six months or so, a new one pops up, claiming that it has revolutionized UI development. Thousands of developers adopt it into their new projects, blog posts are written, Stack Overflow questions are asked and answered, and then a newer (and even more revolutionary) framework pops up to usurp the throne.

It’s been a frantic week of security scares — it seems like every day there’s a new vulnerability. So, it is with a heavy heart that I’ve decided to come clean and tell you all how I’ve been stealing usernames, passwords and credit card numbers from your sites for the past few years.