Privacy, Security Archive

Data Integrity – The Unknown Threat

Submitted by Danny 2004-07-30 Privacy, Security 2 Comments

Much of the attention commanded by computer security issues focuses on threats from external sources. Firewalls and perimeter defense tools are deployed to deny unauthorised entry to the network. Experts look for vulnerabilities and ways to ensure that the perimeter cannot be breached. Administrators monitor network traffic for unusual activities and anomalies, and it is common for users to be warned against suspicious email attachments. Read more.

Web Security Threat Classification

Submitted by LogError 2004-07-28 Privacy, Security No Comments

This paper compiles and distills the known unique classes of attack, which have presented a threat to web sites in the past. Each class of attack will be given a standard name and explained with thorough documentation discussing the key points. The formation of a Web Security Threat Classification will be of exceptional value to application developers, security professionals, software vendors or anyone else with an interest in web security.

Building The Next Generation, Part 3: Security and Files

Guest post by Nicholas Blachford 2004-07-26 Privacy, Security 64 Comments

This series explores the sort of technologies we could use if we were to build a new platform today. The first 2 parts covered the Hardware and core OS. In this third part we look at security, the file system, file management and throw in a couple of other random ideas for good measure.

An intro to elliptical key cryptography

Eugenia Loli 2004-07-21 Privacy, Security 12 Comments

This lengthy and highly technical primer provides a gentle yet thorough introduction to elliptical key cryptography (ECC), said to be ideal for resource-constrained systems because it provides more security-per-bit than other types of asymmetric cryptography. The paper is from Certicom, which markets Security Builder toolkits targeting various popular desktop, server, and embedded OSes.

Back Up Linux

Eugenia Loli 2004-07-09 Privacy, Security 21 Comments

The loss of critical data can prove devastating. Still, millions of professionals ignore backing up their data. While individual reasons vary, one of the most common explanations is that performing routine backups can be a real chore. Because machines excel at mundane and repetitive tasks, the key to reducing the inherent drudgery and the natural human tendency for procrastination, is to automate the backup process.

Bill Gates: More Firewalls, Faster Fixes, Auto Update

David Adams 2004-06-28 Privacy, Security 34 Comments

Speaking in Australia, Microsoft Chairman Bill Gates stressed that more widespread use of firewalls would solve some of the Internet's security problems. He also stressed that his company needs to reduce the frequency with which major security updates are released. He also noted that while most OSes can turn around a security fix in 60-90 days, "we have it down to less than 48 hours." He stressed the importance of using the Window auto-update feature and noted that SP2 defaults the auto-update and firewall to on.

Web site virus attack blunted

Eugenia Loli 2004-06-25 Privacy, Security 22 Comments

Web surfers are no longer playing Russian roulette each time they visit a Web site, security researchers say, now that a far-reaching Internet attack has been disarmed.

Corporate Web servers infecting visitors’ PCs

Eugenia Loli 2004-06-25 Privacy, Security 49 Comments

Security researchers warned Web surfers to be on their guard after uncovering evidence that widespread Web server compromises have turned corporate home pages into points of digital infection.

Mac OS X Security Myth Exposed — According to Stats

Eugenia Loli 2004-06-24 Privacy, Security 54 Comments

"Windows is more secure than you think, and Mac OS X is worse than you ever imagined". That is according to statistics published for the first time this week by Danish security firm Secunia. The stats, based on a database of security advisories for more than 3,500 products during 2003 and 2004 sheds light on the real security of enterprise applications and operating systems, according to the firm.

Security Differences Between Windows and Mac OS X

Submitted by Billy Kakes 2004-06-05 Privacy, Security 111 Comments

Here’s a billion-dollar question: Why are Windows users besieged by security exploits, but Mac users are not? John Gruber is discussing why this happens and ultimately concludes that it doesn't matter why, what it matters is that you can't argue with facts.

Microsoft: Full Steam Ahead for Palladium

Eugenia Loli 2004-05-06 Privacy, Security 31 Comments

Microsoft officials poured cold water on a published report that said its Next-Generation Secure Computing Base (NGSCB, code-named Palladium) project is being canned. "The project is continuing full steam ahead. It's alive and kicking and we're very excited about it. The vision has been refined over the last year but it's absolutely not true that it's being killed," MS product manager Mario Juarez said.

Microsoft Shelves NGSCB Project As NX Moves To Center Stage

Eugenia Loli 2004-05-05 Privacy, Security 17 Comments

After a year of tackling the Windows security nightmare, Microsoft has killed its Next-Generation Secure Computing Base (NGSCB) project and later this year plans to detail a revised security plan for Longhorn, the next major version of Windows, company executives said. On Tuesday, Microsoft executives confirmed that NGSCB will be canned. The project, dreamed up with Intel in 2002, was once code-named Palladium.

House Probes Threat Posed by Spyware

Eugenia Loli 2004-04-30 Privacy, Security 13 Comments

Microsoft estimates spyware is responsible for half of all PC crashes and warns that it has become a multimillion-dollar support issue for computer makers, Internet service providers and technicians. Also, Brad Wardell of Stardock wrote an interesting article regarding spyware on common Windows applications here and News.com has an article about spyware and the FCC here.

A Standardized Open Source Network Authentication System

Guest post by Van Emery 2004-04-26 Privacy, Security 75 Comments

The open source community has mastered many challenges and has been successful in numerous areas. However, there is one glaring weakness that needs to be remedied.

Reflections on Trusting Trust

Submitted by Roberto J. Dohnert 2004-04-13 Privacy, Security 32 Comments

This paper was written by Ken Thompson around August 1984. Ken Thompson is the co-father of UNIX: "You can't trust code that you did not totally create yourself. No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."

Linux vs. Windows: Which Is More Secure?

Submitted by TTF 2004-03-31 Privacy, Security 35 Comments

Forrester Research didn't come out with a single recommendation says eWEEK. Instead, the analyst firm recommends that businesses that value quick patches look to Microsoft and Debian. At the same time Forrester is concerned that Microsoft's new monthly security policy may delay important fixes.

Extra Headaches of Securing XML

Eugenia Loli 2004-03-29 Privacy, Security 3 Comments

Creating a popular new computing approach always seems to bring with it a familiar catch-22: security issues. And Web services is no exception.

Interesting Uses of Trusted Computing

Eugenia Loli 2004-03-25 Privacy, Security 10 Comments

Trusted Computing (TC) continues to be one of the most controversial technologies to come along in many years. Ross Anderson's (anti) TCPA FAQ, Lucky Green's apocalyptic DEFCON presentation, and sites such as notcpa.org and againsttcpa.com are full of predictions of online disaster if TC technology is allowed to go forward.

Hackers Exploit Patches; Longhorn, Win2k3, OSX Security News

Submitted by LogError 2004-02-26 Privacy, Security 26 Comments

Malicious hackers and vandals are lazy and wait for Microsoft to issue patches before they produce tools to work out how to exploit loopholes in Windows, say experts.

Chips to Ease OSes’ Security Nightmares: Buffer Overflows

Eugenia Loli 2004-02-23 Privacy, Security 31 Comments

AMD's Athlon-64 (for PCs) and Opteron (for servers) will protect against buffer overflows when used with a new version of Windows XP. Intel plans similar features on next generation Pentium chips.