Archive for the ‘security’ Category.
Lampson: Computer Security in the Real World
Butler Lampson:
Computer Security in the Real World (paper) (slides)
Presented at the Annual Computer Security Applications Conference, 2000.
Exiscan v2.01
Exiscan v2.01
Exiscan is an email virus scanner which works together with the Exim MTA
(http://www.exim.org). It is written in Perl and designed to be very easy
to implement. Exiscan supports multithreaded unpacking and scanning of mail,
with a configurable number of processes. Exiscan has generic support for
available command line virus scanners. Exiscan can scan inside of MS-TNEF
and SMIME (signed) wrapped messages. [Security Focus]
New worm encrypts .exe files
New worm encrypts .exe files. CW360.com Aug 31 2001 11:49AM ET [via Moreover Computer security news]
An Audit of Active Directory Security
Aaron Sullivan, Security Focus:
An Audit of Active Directory Security:
Part One: An Overview of Active Directory and Security [August 1, 2001]
Part Two: Understanding the Security Implications of Active Directory Default Settings [August 29, 2001]
Security software: blind lead blind
Security software: blind lead blind. Commentary by Elias Levy
It’s incredible that in this day and age some of the most popular security products, products that are marketed as protecting you from the evils of computers, are so badly designed.
Case in point: The many antivirus products that failed to detect and stop the highly effective SirCam worm, even when updated with the latest signatures and when configured correctly.
Symantec’s Norton Antivirus for Gateways v2.x, Norton Antivirus POP email scanner, and TrendMicro’s InterScan VirusWall Standard and CVP editions version 3.51 build 1321 for Windows NT all failed to block SirCam. Why? Because all products “failed open,” i.e., when they encountered email messages they couldn’t handle properly, they sent them through by default.
…
[via The Register]
Microsoft: Dos and Don’ts of Client Authentication on the Web
Web Application Security:
White Hat Defcon9 presentation: Web Application Security
MIT (Fu, Sit, Smith, Feamster): Dos and Don’ts of Client Authentication on the Web
More cross-site scripting vulnerabilities
More cross-site scripting vulnerabilities from
White Hat Security:
Hotmail STYLE CSS Vulnerability [08.15.2001]
Another MS Hotmail Security Issue with further widespread implications [08.24.2001]
