Software [In]Security: Twitter Security
Making Your Thoughts as Small and Incomplete as Possible Just for the record, I don't use Twitter. But if this column were a Twitter entry, it might read something like: http://www.informit.com/articles/article.aspx?p=1350268&cid=nl_DR_DAILY_T -- "If U know neither the enemy nor yourself,U will succumb in every battle" ...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

F-Secure Readies Security Software For Linux
F-Secure Corp. on Tuesday unveiled security software for open-source Samba file servers and Linux, addressing a need that's growing within the enterprise market. The Finnish company announced the availability of antivirus software for Samba that automatically detects and removes viruses from files stored on the server. The new product is meant to protect all Samba-attached computers from malicious code that could enter the network from a Windows or Linux machine. Next month, F-Secure plans to ship a Linux version of F-Secure Policy Manager, which will extend centrally managed ...

Book Review: Software Security
I'm jealous. No seriously. If Cigital is actually ran as depicted in the book Software Security - Building Security In, I have to give kudos to Gary and the gang for making an impressive environment for software security. I'm a fan of Gary's writing. If you are a regular reader, you know I loved both his books on Building Secure Software and Exploiting Software. This latest book is, in my mind at least, a balancing act between the two previous books on the topic. Gary calls it the "Ying and Yang". Which makes total sense, since the book cover is of exactly that, ...

Security software to secure USB flash drives?
Hello, does anyone know of some software (preferably freeware that would password protect access to a USB flash drive?) Currentlty the drive I have is open wide as soon as it is plugged in. Any help would be appreciated. Paul -- Calculating in binary code is as easy as 01,10,11. Paul Jackson wrote: > Hello, > > does anyone know of some software (preferably freeware that would > password protect access to a USB flash drive?) > > Currentlty the drive I have is open wide as soon as it is plugged in. > > Any help would be appreciated. >...

What do security guards and computer security software have in common???
http://www.securitynewsportal.com/article.php?sid=920&mode=thread&order=0 -- Regard: Joh@nnes� 1216771 Ont.Inc. "Nothing is more damaging to a new truth than an old error" ...

Open software, secure software
Monday, 1 March 2004, 1:51 PM CET Fifty-plus years ago Grace Hopper used her experiences with programming the UNIVAC with FLOW-MATIC (an open-source project) to write her first compiler paper and the modern era of computing programming began. Some would also say that things haven't improved much since her day. Indeed, the National Institute of Standards and Technology (NIST) estimated that in 2001 $59.5 billion annually, about 0.6 percent of the gross domestic product was being lost because of software bugs. The Sustainable Computing Consortium (SCC), an academic, gove...

Are Security Products a Security Risk?
"Approximately 800 vulnerabilities discovered in antivirus products" http://blogs.zdnet.com/security/?p=1445 My antivirus solution Kaspersky is one of them... Sigh... :( On Mon, 21 Jul 2008 18:05:21 +0800, Ryan Ernest S. Selda said: > "Approximately 800 vulnerabilities discovered in antivirus products" > > > http://blogs.zdnet.com/security/?p=1445 > > > My antivirus solution Kaspersky is one of them... Sigh... :( This has already appeared here, on 8th July, in a thread entitled "Approximately 800 vulnerabilities discove...

Securing Windows: Inside Microsoft's Battle to Deliver Secure Software
Securing Windows: Inside Microsoft's Battle to Deliver Secure Software http://www.eweek.com/category2/0,4148,1252525,00.asp (A record of virus/worms/holes since August 2003 and how Microsoft has battled them) -- Kayode Okeyode http://www.kayodeok.co.uk/weblog/ http://www.kayodeok.btinternet.co.uk/favorites/webdesign.htm ...

form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script  in textboxes in that form and can damage database, so how to avoid such security lack.  it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...

Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...

How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...