SIEVE: A mail filtering language
Probably not powerful or flexible enough, in my judgment.
Archive for the ‘security’ Category.
The oft-repeated story of the cyberwar virus smuggled inside a printer
SecurityFocus HOME Columnists: Iraqi Cyberwar: an Ageless Joke
«
Frankly, this is a great story. It’s amusing to remember how it kicked up a storm in 1991 after its initial appearance as an April Fool’s joke in Infoworld magazine.
»
Detecting NAT Devices using sFlow
Detecting NAT Devices using sFlow: watch for variable TTLs
Cisco publishes “lawful intercept” proposal
Fred Baker (Cisco):
Cisco Support for Lawful Intercept In IP Networks
CNET News: Inside Cisco’s eavesdropping apparatus | CNET News.com
Lawyers lie in wait for HIPAA?
Information Security Magazine, April 2003 – News and Analysis:
‘Attorneys nationwide reportedly plan to deploy decoy patients at health care organizations to see if doctors, dentists, hospitals and insurance companies have the policies, procedures and protections that ensure patients’ privacy, as required by the federal Health Insurance Portability and Accountability Act (HIPAA). Those that don’t comply risk hefty fines, possible criminal prosecution and costly civil lawsuits. Companies have had two years to educate staff, designate a privacy officer and adopt basic security measures. But there’s a good chance some providers will miss the deadline. … The threat of lawsuits may be a stronger motivator than government fines or jail time, says Kate Borten, a security consultant and president of The Marblehead Group in Massachusetts.
“The government has publicly stated it will be very forgiving if an organization demonstrates it meant well and has taken steps to become compliant,” Borten says. “The greater concern is the private lawsuit or bad press in a local community that will hurt business.”’
Buffer Overflow Solutions in OpenBSD
OpenBSD: Buffer Overflow “Solutions” – KernelTrap
Theo de Raadt: “In the last while, a couple of people in OpenBSD have been putting
some buffer overflow “solutions” into our source tree; under my
continual prodding. I thought I would summarize some of these and how
they fit together, since what I have seen written up so far has been
wildly inaccurate. (Bad reporter, no cookie).
These are, in short form:
1) PROT_* purity
2) W^X
3) .rodata
4) propolice”
[See also grsecurity
and
Immunix
which includes StackGuard.]
Horatio: Authenticated Network Access
Horatio: Authenticated Network Access (U Texas CS Dept)
