Content tagged security
Blog Entries
Pretty good set of 10 Linux sysadmin tips, if you’re into that sort of thing. gulfstream/2486
Barack Obama unlikely to be able to keep his BlackBerry (or even email of any sort) as President, due to legal requirements regarding record keeping (huh? … gulfstream/2552
Bruce Schneier answers some questions on security. Not as paranoid as you might think: he uses the same password for low security sites, buys stuff from … gulfstream/2359
The number one argument against national ID cards is that it will lead to more cops and judges being killed, and the number five is that it … gulfstream/1752
“Given that the justice department has announced that the information Gary downloaded was not ‘classified’, and he was stoned much of the … gulfstream/1793
Target (the retailer) is for some reason donating significant amounts of time and money to police departments, helping them solve crimes that have nothing … gulfstream/2047
Stealing a bike in NYC: guy steals a bike (his own) four times, and only once (apparently) does he get accosted by a member of the public—by a guy who … gulfstream/2113
The Suspicious Looking Device: “The only function of the Suspicious Looking device is to appear as suspicious as possible, whether carried in hand or … gulfstream/2166
Ha, strange: “Small Numbers of Video iPods Shipped With Windows Virus. … As you might imagine, we are upset at Windows for not being more hardy against … gulfstream/2177
Good overview of possible applications of OpenId, a promising approach to single sign on. gulfstream/2243
del.icio.us
Dr Nic » Zero Sign On - 1 better or Infinitely better than Single Sign On?
single sign on works--now!--via myopenid and client certificates (don't seem to be able to password protect single certificates, though)
TidBITS Safe Computing: Should Mac Users Run Antivirus Software?
"no"
VPN Evolved: Gain Secure Remote Access with LogMeIn Hamachi
free p2p vpn, supports os x and windows
Photo Matt » SecurityFocus SQL Injection Bogus
wordpress is going to require security updates for the forseeable future, make sure you can update easily (paraphrased)
UW CSE and ICSI Web Integrity Checker
have the pages you view been modified in transit?
Automatic Patch-Based Exploit Generation
automatically generate security exploits by comparing the original binary and the patched binary
Jeremiah Grossman: Crossdomain.xml Invites Cross-site Mayhem
The problem(s) with OpenID « The Identity Corner
bunnyhero dev » Scaring people with fullScreen
trigger flash fullscreen, obscure the "hit esc to exit" message, display bsod. this should be fixed.
Tsunami 'hacker' conviction worries experts - ZDNet UK News
XSS (Cross Site Scripting) Cheat sheet: Esp: for filter evasion - by RSnake
LinuxDevCenter.com: How Shellcodes Work
Weak security in our daily lives@Everything2.com
oreilly.com -- Online Catalog: Building Scalable Web Sites
Information Security News: Hackers Shortcut Hotmail Password Reset Protections
IEBlog : IE7 in Windows Vista: Configuring Your View Source Editor
why ie7 on vista pops up a security warning when you try to view source. (also, how to change the view source editor.)
ocr research team
mostly captcha research
Implementation Limits For SQLite
nice discussion of software security, and sqlite's approach: "Unfortunately, the no-limits policy has been shown to create problems. Because the upper bounds where not well defined, they were not tested, and bugs (including possible security exploits) whe
Cross-site request forgery - Wikipedia, the free encyclopedia
The Identity Corner » The problem(s) with OpenID
i think most of the outlined problems are due to not appreciating what problems it doesn't solve. it's okay for comment systems, logins to systems you don't 100% care about. (about as secure as standard email?)
Security and Risk Management Strategies Blog: WHAT IS OPENID FOR?
ostensibly a post about openid, but it's a nice list of questions to ask about the security of any service. "what is the threat model?", etc.
LM hash - Wikipedia, the free encyclopedia
Wish-It-Was Two-Factor - Worse Than Failure
Web Application Security - Joe Walker's Blog
Matasano Chargen » A Roundup Of Leopard Security Features
Yahoo! 360° - Douglas Crockford's The Department of Style - No Script
