software development, security, opinion
Archive for the ‘security’ Category.
NY Times: Cryptologists Discover Flaw in E-Mail Security Program. According to a statement issued yesterday by ICZ, an information technology company in Prague with about 500 employees, the cryptologists, Vlastimil Klima and Tomas Rosa, found the problem while doing research on secure communications for the Czech government. [Tomalak’s Realm]
ZDNN: PGP inventor downplays encryption flaw. Two Czech researchers said Tuesday that they had found a hole in the widely used encryption and digital signature standard known as OpenPGP. They remained silent on the technical details, however, leaving many security experts wondering whether the flaw actually existed. [Tomalak’s Realm]
Marcus Ranum: Is Network Intrusion Detection Software Being Used Correctly? (paper) [via Security Focus]
Joel Spolsky on Passport. “If you really trust any Internet company to protect your privacy, I’ve got a bridge to sell ya.” Joel is an ex-softie from the Excel team. [Scripting News]
Canonical XML now official. Canonical XML, a technology particulary important for
implementation of XML-based digital signatures, has been
released as an official W3C Recommendation. [xmlhack]
OpenWall just published a security advisory entitled Passive Analysis of SSH (Secure Shell) Traffic. This advisory demonstrates several weaknesses in implementations of SSH (Secure Shell) protocols. When exploited, they let the attacker obtain sensitive information (basically password lengths) by passively monitoring encrypted SSH sessions. Fix information, patches to reduce the impact of traffic analysis, and a tool to demonstrate the attacks are provided.
[OpenWall]
You are currently browsing the archives for the security category.
