Bookmark
frequently used SSL commands
shib.kuleuven.be/docs/ssl_commands.shtml, posted 2010 by peter in howto list reference security
A few frequently used SSL commands
Bookmark
The Underhanded C Contest
underhanded.xcott.com/, posted 2009 by peter in development hack humor security
Every year, we will propose a challenge to coders to solve a simple data processing problem, but with covert malicious behavior. Examples include miscounting votes, shaving money from financial transactions, or leaking information to an eavesdropper. The main goal, however, is to write source code that easily passes visual inspection by other programmers.
Bookmark
How to obtain and install an SSL/TSL certificate, for free
arstechnica.com/security/news/2009/12/how-to-get-set-with-a-secure-sertificate-for-free.ars, posted 2009 by peter in free howto security toread
Anyone operating a server on any scale should want a digital certificate to encrypt data between clients and services, whether for personal, office, or public use. Ars tells you how to obtain and install one, for free.
Bookmark
Gravatars: why publishing your email's hash is not a good idea
www.developer.it/post/gravatars-why-publishing-your-email-s-hash-is-not-a-good-idea, posted 2009 by peter in email hack privacy security spam
The guys at gravatar.com offer a nice service: for website owners, they let you automatically associate an avatar to your users, through the user's email address. The users who register to gravatars.com are able to change their gravatar and the change will be visible on all gravatar-enabled websites where they registered with the same email.
...
There is a piece of information which must be made public, though. It's this 32 char string which serves as a token for your web browser to retrieve the right image. How much information are we leaking to the bad people inhabiting the internet? Can that key be used to retrieve our email?
Bookmark
Flash Origin Policy Issues
www.foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html, posted 2009 by peter in development flash security webdesign
The basic policy for Actionscript is very close to the Javascript same-origin policy: A Flash object can only access content from the domain it originated from. There are exceptions, which I'll get into another time, but they actually aren't particularly important. This flash behavior is known and documented, but is not particularly well-understood, even within the Web Application Security community. The important difference, of course, is that flash objects are not web pages. A flash object does not need to be injected into a web page to execute- simply loading the content is enough. Let's consider the implications of this policy for a moment: If I can get a Flash object onto your server, I can execute scripts in the context of your domain.
This is a frighteningly Bad Thing. How many web sites allow users to upload files of some sort? How many of those sites serve files back to users from the same domain as the rest of the application? Nearly every one of them is vulnerable.
Bookmark
EU funding 'Orwellian' artificial intelligence plan to monitor public for "abnormal behaviour" - Telegraph
www.telegraph.co.uk/news/uknews/6210255/EU-funding-Orwellian-artificial-intelligence-plan-to-monitor-public-for-abnormal-behaviour.html, posted 2009 by peter in ai eu fascism politics privacy security toread
A five-year research programme, called Project Indect, aims to develop computer programmes which act as "agents" to monitor and process information from web sites, discussion forums, file servers, peer-to-peer networks and even individual computers.
Its main objectives include the "automatic detection of threats and abnormal behaviour or violence".
Bookmark
SecureTheJmxConsole - JBoss Community
www.jboss.org/community/wiki/SecureTheJmxConsole, posted 2009 by peter in development java reference security
Both the jmx-console and web-console are standard servlet 2.3 deployments and can be secured using J2EE role based security. Both also have a skeleton setup to allow one to easily enable security using username/password/role mappings found in the jmx-console.war and web-console.war deployments in the corresponding WEB-INF/classes users.properties and roles.properties files.
Bookmark
Aldaba Knocking Suite | Port Knocking and SPA system for Linux
www.aldabaknocking.com/, posted 2009 by peter in networking security software toread
Port Knocking and Single Packet Authorization are new techniques in the network security field that provide a mechanism to have all ports of a server closed and open them to clients that issue specific sequences of connection attempts or specially crafted packets that contain the appropriate authentication credentials. Aldaba is a command-line tool for Linux systems that implements a PK and SPA client and server that provides secure stealthy authentication and remote firewall rules manipulation using TCP/IP covert channels.
Bookmark
Chicago’s Loss: Is Passport Control to Blame? - In Transit Blog - NYTimes.com
intransit.blogs.nytimes.com/2009/10/02/chicagos-loss-is-passport-control-to-blame/, posted 2009 by peter in business fascism msm politics security toread travel usa
Among the toughest questions posed to the Chicago bid team this week in Copenhagen was one that raised the issue of what kind of welcome foreigners would get from airport officials when they arrived in this country to attend the Games. Syed Shahid Ali, an I.O.C. member from Pakistan, in the question-and-answer session following Chicago’s official presentation, pointed out that entering the United States can be “a rather harrowing experience.”
Bookmark
Andrew Patrick » Identity theft is usually an equal opportunity, unsophisticated crime
www.andrewpatrick.ca/security-and-privacy/id-theft-criminals, posted 2009 by peter in privacy security toread
ID theft is often considered a “white-collar” crime because it is committed during the course of normal employment duties (e.g., a bank employee gathering personal information), or the crime does not usually involve any physical harm. Identity thieves are often portrayed as sophisticated computer specialists, hackers, or organized networks. But, is this the reality?
A recent research report by Heith Copes (U Alabama at Birmingham) and Lynne Vieraitis (U Texas at Austin) has shed some light on this issue.
|< First < Previous 147–156 (222) Next > Last >|