Securing Software

Hey Crypto Gurus,

I've been working on some new software for Windows 7.  I've always, 
prior to now, given my software away.  I've decided that I want to start 
charging $0.99 for my new software.  I'm debating on how to implement 
this...

I was thinking of doing a shareware type model, free to try for 30 days, 
then you must buy.  My problem is that I'm not sure the best way to:

A) Enforce the trial period...  Is this usually done in the registry?  
Couldn't I just "fudge" the date if I didn't want to pay...  Should the 
date of install be encrypted somehow to prevent tampering?  If the data 
got "munged" by the user, it would become unenforceable...

B) How to implement the registration keys...  This I'm not sure the best 
way to do either...  I DO NOT want my software phoning home, so I need 
an algorithm that will be able to process a name and data and then 
verify a registry key...  But how?  I was thinking some kind of private-
public key system...  I'm really not sure.  I want the registration to 
be tied ideally to your name and email address...  At least if some 
asshole makes it available he'll get a buttload of spam...

I know this is essentially a crypto question, so I'm hoping you guys 
might have some good thoughts...  I can do the programming, I'm just not 
sure the best way to implement my desires =)

The code is all assembler, thanks to Steve's influence; I would have no 
problem developing my own libraries to implement whatever clever 
thoughts you guys have.

Thanks in advance,

-- 
Jake
    http://www.nymtec.com
0
Jacob
5/12/2010 7:45:27 PM
grc.techtalk.cryptography 876 articles. 0 followers. Follow

10 Replies
1094 Views

Similar Articles

[PageSpeed] 36
Get it on Google Play
Get it on Apple App Store

On 05/12/2010 01:45 PM, Jacob Janzen wrote:
>
> Hey Crypto Gurus,
>
> I've been working on some new software for Windows 7.  I've always,
> prior to now, given my software away.  I've decided that I want to start
> charging $0.99 for my new software.  I'm debating on how to implement
> this...
I like your price :)
>
> I was thinking of doing a shareware type model, free to try for 30 days,
> then you must buy.  My problem is that I'm not sure the best way to:
>
I like the way Steve does it, make them pay to get the software, then if 
they don't like it they get their money back.
> A) Enforce the trial period...  Is this usually done in the registry?
> Couldn't I just "fudge" the date if I didn't want to pay...  Should the
> date of install be encrypted somehow to prevent tampering?  If the data
> got "munged" by the user, it would become unenforceable...

You could encrypt the date with a private key, then destroy the private 
key, and decrypt the date with the public key to check if the trial has 
expired. That would work, but it would be easy for someone to replace 
the public key with their own public key and create a fake date with 
their own private key.

>
> B) How to implement the registration keys...  This I'm not sure the best
> way to do either...  I DO NOT want my software phoning home, so I need
> an algorithm that will be able to process a name and data and then
> verify a registry key...  But how?  I was thinking some kind of private-
> public key system...  I'm really not sure.  I want the registration to
> be tied ideally to your name and email address...  At least if some
> asshole makes it available he'll get a buttload of spam...
>
You're right, the best way to do this would be to have a server encrypt 
their name and email address with a private key when the software is 
purchased, the ciphertext of this encryption would be the registration 
key. Then, your software would have the public key, would try to decrypt 
the ciphertext, and if it matches, you know that it is a valid license. 
The problems with this are that someone could change the public key in 
the software to a public key matching his own private key. Also, one 
name/email/key combination would be able to be used an infinite number 
of times. I can't see a way of preventing that unless your software 
phones home.

> I know this is essentially a crypto question, so I'm hoping you guys
> might have some good thoughts...  I can do the programming, I'm just not
> sure the best way to implement my desires =)
>
> The code is all assembler, thanks to Steve's influence; I would have no
> problem developing my own libraries to implement whatever clever
> thoughts you guys have.
>
> Thanks in advance,
>

Protecting software from piracy IS impossible. No matter what you do, 
someone skilled at reverse engineering and assembly programming will be 
able to crack your application. That's why I like Steve's system the 
best, it avoids the hassle of software registration, and he still makes 
money off of it. I'm not saying don't make shareware, if your software 
isn't that valuable ($0.99 isn't) crackers won't see a point in doing 
all the reverse engineering work required to crack it.
0
FireXware
5/12/2010 9:56:06 PM
On 05/12/2010 03:56 PM, FireXware wrote:

>
> Protecting software from piracy IS impossible. No matter what you do,
> someone skilled at reverse engineering and assembly programming will be
> able to crack your application.

I've been thinking about this, and I think it would be a good idea to 
make a system for doing exactly what you want to do. It would be 
something that a lot of developers would use and even pay for. It 
wouldn't be possible to make it completely secure, but it would be 
possible with a bit of work to make a 'worst case scenario' for 
crackers. If it's well designed with cryptography backing up it's 
security I can see it being hard to circumvent. I'm thinking something 
along the lines of phoning home then hardware locking once it's activated.
0
FireXware
5/13/2010 4:19:25 AM
On 12/05/2010 20:45, Jacob Janzen wrote:
>
> Hey Crypto Gurus,
>
> I've been working on some new software for Windows 7.  I've always,
> prior to now, given my software away.  I've decided that I want to start
> charging $0.99 for my new software.  I'm debating on how to implement
> this...
>
> I was thinking of doing a shareware type model, free to try for 30 days,
> then you must buy.  My problem is that I'm not sure the best way to:
>
> A) Enforce the trial period...  Is this usually done in the registry?
> Couldn't I just "fudge" the date if I didn't want to pay...  Should the
> date of install be encrypted somehow to prevent tampering?  If the data
> got "munged" by the user, it would become unenforceable...

Protect the date, but do it in a fairly crude manner - it isn't really 
an issue. any hacker skilled enough to reverse engineer even a simple 
sequentially-increasing xor would just nop out the test. also include a 
hard cut-off date in the binary, set (for example) one year in the 
future, beyond which a trial tells you to go find a newer one.

> B) How to implement the registration keys...  This I'm not sure the best
> way to do either...  I DO NOT want my software phoning home, so I need
> an algorithm that will be able to process a name and data and then
> verify a registry key...  But how?  I was thinking some kind of private-
> public key system...  I'm really not sure.  I want the registration to
> be tied ideally to your name and email address...  At least if some
> asshole makes it available he'll get a buttload of spam...

Depends on if you are concerned about reverse engineering - which for $1 
you probably aren't going to get many attackers.

simple solution is just to append a fixed string (name and version of 
the binary?) to the email address of the user, hash it, then use a 
mapping to a printable ascii set (usually 64 entries, so you encode the 
hash 6 bits at a time)

if the binary is small enough, just email them a (fully working) one 
when they register; embedding their email address at fixed offsets in 
the code (and adding code in the binary to check those against a hash at 
a further location) will keep them honest.

This is my preferred form of DRM btw - an invisible watermark with the 
email address (or better yet, CC details) of the buyer. No effect no 
playback, but they are *not* going to want to post it on pirate bay :)

> I know this is essentially a crypto question, so I'm hoping you guys
> might have some good thoughts...  I can do the programming, I'm just not
> sure the best way to implement my desires =)

for $1, there is no point putting too much effort into it. for $100 or 
$1K, you could, but effort is proportionate to reward and no hacker is 
going to bother cracking your protection for $1.

> The code is all assembler, thanks to Steve's influence; I would have no
> problem developing my own libraries to implement whatever clever
> thoughts you guys have.
0
Dave
5/13/2010 9:17:23 AM
In article <hsfuk3$2f5r$1@news.grc.com>, no@no.com says...
> 
> On 05/12/2010 03:56 PM, FireXware wrote:
> 
> >
> > Protecting software from piracy IS impossible. No matter what you do,
> > someone skilled at reverse engineering and assembly programming will be
> > able to crack your application.
> 
> I've been thinking about this, and I think it would be a good idea to 
> make a system for doing exactly what you want to do. It would be 
> something that a lot of developers would use and even pay for. It 
> wouldn't be possible to make it completely secure, but it would be 
> possible with a bit of work to make a 'worst case scenario' for 
> crackers. If it's well designed with cryptography backing up it's 
> security I can see it being hard to circumvent. I'm thinking something 
> along the lines of phoning home then hardware locking once it's activated.

Interesting idea.

I could certainly do that...  In fact, I think I will =P

I'm going to start designing this, and come up with an implementation 
document, perhaps you wouldn't mind taking a look when I have it done?

Thanks!

-- 
Jake
    http://www.nymtec.com
0
Jacob
5/13/2010 3:57:32 PM
In article <hsgg2o$2sqc$1@news.grc.com>, DaveHowe@Undesclosed.xxx 
says...
> 
> On 12/05/2010 20:45, Jacob Janzen wrote:
> >
> > Hey Crypto Gurus,
> >
> > I've been working on some new software for Windows 7.  I've always,
> > prior to now, given my software away.  I've decided that I want to start
> > charging $0.99 for my new software.  I'm debating on how to implement
> > this...
> >
> > I was thinking of doing a shareware type model, free to try for 30 days,
> > then you must buy.  My problem is that I'm not sure the best way to:
> >
> > A) Enforce the trial period...  Is this usually done in the registry?
> > Couldn't I just "fudge" the date if I didn't want to pay...  Should the
> > date of install be encrypted somehow to prevent tampering?  If the data
> > got "munged" by the user, it would become unenforceable...
> 
> Protect the date, but do it in a fairly crude manner - it isn't really 
> an issue. any hacker skilled enough to reverse engineer even a simple 
> sequentially-increasing xor would just nop out the test. also include a 
> hard cut-off date in the binary, set (for example) one year in the 
> future, beyond which a trial tells you to go find a newer one.

Sounds reasonable.

> 
> > B) How to implement the registration keys...  This I'm not sure the best
> > way to do either...  I DO NOT want my software phoning home, so I need
> > an algorithm that will be able to process a name and data and then
> > verify a registry key...  But how?  I was thinking some kind of private-
> > public key system...  I'm really not sure.  I want the registration to
> > be tied ideally to your name and email address...  At least if some
> > asshole makes it available he'll get a buttload of spam...
> 
> Depends on if you are concerned about reverse engineering - which for $1 
> you probably aren't going to get many attackers.
> 
> simple solution is just to append a fixed string (name and version of 
> the binary?) to the email address of the user, hash it, then use a 
> mapping to a printable ascii set (usually 64 entries, so you encode the 
> hash 6 bits at a time)
> 
> if the binary is small enough, just email them a (fully working) one 
> when they register; embedding their email address at fixed offsets in 
> the code (and adding code in the binary to check those against a hash at 
> a further location) will keep them honest.
> 
> This is my preferred form of DRM btw - an invisible watermark with the 
> email address (or better yet, CC details) of the buyer. No effect no 
> playback, but they are *not* going to want to post it on pirate bay :)
> 

I really like that idea!  Only catch is, do you think people will flip 
when they see that I've included their credit card details?  I can do it 
all "automagically" in php when I get the return from PayPal, so I'll 
never see or store it...  Perhaps it would suffice to let the user know 
beforehand?

> > I know this is essentially a crypto question, so I'm hoping you guys
> > might have some good thoughts...  I can do the programming, I'm just not
> > sure the best way to implement my desires =)
> 
> for $1, there is no point putting too much effort into it. for $100 or 
> $1K, you could, but effort is proportionate to reward and no hacker is 
> going to bother cracking your protection for $1.
> 

Very true...  I'm just trying to cover the costs to distribute the 
software, it's not like I'll be making any real money, considering all 
the hours I've put into the project.

> > The code is all assembler, thanks to Steve's influence; I would have no
> > problem developing my own libraries to implement whatever clever
> > thoughts you guys have.

Thanks for your comments!


-- 
Jake
    http://www.nymtec.com
0
Jacob
5/13/2010 4:01:42 PM
On 05/13/2010 03:17 AM, Dave Howe wrote:
> On 12/05/2010 20:45, Jacob Janzen wrote:
>>
>> Hey Crypto Gurus,
>>
>> I've been working on some new software for Windows 7. I've always,
>> prior to now, given my software away. I've decided that I want to start
>> charging $0.99 for my new software. I'm debating on how to implement
>> this...
>>
>> I was thinking of doing a shareware type model, free to try for 30 days,
>> then you must buy. My problem is that I'm not sure the best way to:
>>
>> A) Enforce the trial period... Is this usually done in the registry?
>> Couldn't I just "fudge" the date if I didn't want to pay... Should the
>> date of install be encrypted somehow to prevent tampering? If the data
>> got "munged" by the user, it would become unenforceable...
>
> Protect the date, but do it in a fairly crude manner - it isn't really
> an issue. any hacker skilled enough to reverse engineer even a simple
> sequentially-increasing xor would just nop out the test. also include a
> hard cut-off date in the binary, set (for example) one year in the
> future, beyond which a trial tells you to go find a newer one.

That's true but if you really wanted to you could encrypt the binary its 
self, only decrypt it if the registration key and date are correct, and 
use RunPE to run the exe. That would be possible but RunPE but then 
antiviruses would detect it as a crypter.
>
>> B) How to implement the registration keys... This I'm not sure the best
>> way to do either... I DO NOT want my software phoning home, so I need
>> an algorithm that will be able to process a name and data and then
>> verify a registry key... But how? I was thinking some kind of private-
>> public key system... I'm really not sure. I want the registration to
>> be tied ideally to your name and email address... At least if some
>> asshole makes it available he'll get a buttload of spam...
>
> Depends on if you are concerned about reverse engineering - which for $1
> you probably aren't going to get many attackers.
>
> simple solution is just to append a fixed string (name and version of
> the binary?) to the email address of the user, hash it, then use a
> mapping to a printable ascii set (usually 64 entries, so you encode the
> hash 6 bits at a time)
Then the cracker could easily make a keygen.He would just have to make 
another application that takes the username and email address and hashes 
it with the same algorithm. Public/Private keys is overkill but then 
they would at least have to modify the binary to make it work.
>
> if the binary is small enough, just email them a (fully working) one
> when they register; embedding their email address at fixed offsets in
> the code (and adding code in the binary to check those against a hash at
> a further location) will keep them honest.
>
> This is my preferred form of DRM btw - an invisible watermark with the
> email address (or better yet, CC details) of the buyer. No effect no
> playback, but they are *not* going to want to post it on pirate bay :)
I wouldn't say that's going to stop them, because they could just buy it 
with fake information. Personally, I wouldn't use something that had my 
credit card number in it. They could use a stolen credit card, or change 
their own credit card after buying it. We should be trying to deter them 
from being able to crack it, not deter them from spreading the crack.
>
>> I know this is essentially a crypto question, so I'm hoping you guys
>> might have some good thoughts... I can do the programming, I'm just not
>> sure the best way to implement my desires =)
>
> for $1, there is no point putting too much effort into it. for $100 or
> $1K, you could, but effort is proportionate to reward and no hacker is
> going to bother cracking your protection for $1.
>
>> The code is all assembler, thanks to Steve's influence; I would have no
>> problem developing my own libraries to implement whatever clever
>> thoughts you guys have.

0
FireXware
5/13/2010 6:51:17 PM
On 13/05/2010 17:01, Jacob Janzen wrote:
> I really like that idea!  Only catch is, do you think people will flip
> when they see that I've included their credit card details?  I can do it
> all "automagically" in php when I get the return from PayPal, so I'll
> never see or store it...  Perhaps it would suffice to let the user know
> beforehand?

I would steer clear of including CC details, unless redacted - you are 
opening yourself to a world of hurt from banking law. If you can get the 
user's name and registered address from the CC data (some merchants 
provide this, to verify delivery is to the registered address) and embed 
that, then you will get all the deterrent effects without opening up the 
can of worms that is storing a user's CC without permission.

The problem with including the email address is that 99% of users 
(legitimate or not) will use some sort of freemail anyhow. Glod knows I 
use GMail for everything now, and generating a throwaway would not even 
be a roadbump.
0
Dave
5/17/2010 3:37:27 PM
On 13/05/2010 19:51, FireXware wrote:

> That's true but if you really wanted to you could encrypt the binary its
> self, only decrypt it if the registration key and date are correct, and
> use RunPE to run the exe. That would be possible but RunPE but then
> antiviruses would detect it as a crypter.

Problem there is the shareware model - if you allow 30 days trial, a 
hacker will just make that an infinite trial and use your existing 
mechanism to decrypt from there.

>> simple solution is just to append a fixed string (name and version of
>> the binary?) to the email address of the user, hash it, then use a
>> mapping to a printable ascii set (usually 64 entries, so you encode the
>> hash 6 bits at a time)
> Then the cracker could easily make a keygen.He would just have to make
> another application that takes the username and email address and hashes
> it with the same algorithm. Public/Private keys is overkill but then
> they would at least have to modify the binary to make it work.

Indeed so; however, anyone who can reverse engineer the hash could 
trivially invert the final test (so only a valid key will *not* be 
accepted) and ditto a pki test. Anything that can be defeated with a 
*one byte* patchout is not going to be worth faking up a keygen for.

> I wouldn't say that's going to stop them, because they could just buy it
> with fake information. Personally, I wouldn't use something that had my
> credit card number in it. They could use a stolen credit card, or change
> their own credit card after buying it. We should be trying to deter them
> from being able to crack it, not deter them from spreading the crack.

Its not going to happen, seriously. always bear in mind that protection 
is to keep mostly honest people honest, not lock out skilled attackers.

as a rule of thumb - for each man-day you spend implementing *effective* 
software protection (and you will be surprised at how few hours actually 
add to the protection) you will add one *hour* to the time a skilled 
hacker will take to crack and/or keygen the app. However, if it is cheap 
enough, and especially given the current situation (where most keygens 
are trojaned, either at source or via silkrope when being redistributed 
via edonkey2k/piratebay) most users will cough up for a legitimate copy. 
The ones they tend to risk keygens for tend to be big ticket packages 
like CS3.


0
Dave
5/18/2010 8:01:59 AM
In article <hsrnrc$i86$1@news.grc.com>, DaveHowe@Undesclosed.xxx says...
> 
> On 13/05/2010 17:01, Jacob Janzen wrote:
> > I really like that idea!  Only catch is, do you think people will flip
> > when they see that I've included their credit card details?  I can do it
> > all "automagically" in php when I get the return from PayPal, so I'll
> > never see or store it...  Perhaps it would suffice to let the user know
> > beforehand?
> 
> I would steer clear of including CC details, unless redacted - you are 
> opening yourself to a world of hurt from banking law. If you can get the 
> user's name and registered address from the CC data (some merchants 
> provide this, to verify delivery is to the registered address) and embed 
> that, then you will get all the deterrent effects without opening up the 
> can of worms that is storing a user's CC without permission.
> 

I would never include any of the actual CC details other than perhaps 
With card ending 'XXXX'...

Never the number/security code/expiration, just the address.

> The problem with including the email address is that 99% of users 
> (legitimate or not) will use some sort of freemail anyhow. Glod knows I 
> use GMail for everything now, and generating a throwaway would not even 
> be a roadbump.

Good point, thanks.


-- 
Jake
    http://www.nymtec.com
0
Jacob
5/19/2010 5:42:03 PM
On 05/19/2010 11:42 AM, Jacob Janzen wrote:
> In article<hsrnrc$i86$1@news.grc.com>, DaveHowe@Undesclosed.xxx says...
>>
>> On 13/05/2010 17:01, Jacob Janzen wrote:
>>> I really like that idea!  Only catch is, do you think people will flip
>>> when they see that I've included their credit card details?  I can do it
>>> all "automagically" in php when I get the return from PayPal, so I'll
>>> never see or store it...  Perhaps it would suffice to let the user know
>>> beforehand?
>>
>> I would steer clear of including CC details, unless redacted - you are
>> opening yourself to a world of hurt from banking law. If you can get the
>> user's name and registered address from the CC data (some merchants
>> provide this, to verify delivery is to the registered address) and embed
>> that, then you will get all the deterrent effects without opening up the
>> can of worms that is storing a user's CC without permission.
>>
>
> I would never include any of the actual CC details other than perhaps
> With card ending 'XXXX'...
>
> Never the number/security code/expiration, just the address.

Another way to make sure they can't share it is to use a hardware id to 
create the encryption key. The hardware id can be generated from hard 
drive serial numbers etc.. I beleive that windowsblinds uses hardware 
ids but im not sure. The only problem with that is if they ever changed 
hardware they would have to re-download or maybe just enter their 
license info and it will re-encrypt with the new hardware ID.
>
>> The problem with including the email address is that 99% of users
>> (legitimate or not) will use some sort of freemail anyhow. Glod knows I
>> use GMail for everything now, and generating a throwaway would not even
>> be a roadbump.
>
> Good point, thanks.
>
>


0
FireXware
5/20/2010 12:06:51 AM
Reply:

Similar Artilces:

Open software, secure software
Monday, 1 March 2004, 1:51 PM CET Fifty-plus years ago Grace Hopper used her experiences with programming the UNIVAC with FLOW-MATIC (an open-source project) to write her first compiler paper and the modern era of computing programming began. Some would also say that things haven't improved much since her day. Indeed, the National Institute of Standards and Technology (NIST) estimated that in 2001 $59.5 billion annually, about 0.6 percent of the gross domestic product was being lost because of software bugs. The Sustainable Computing Consortium (SCC), an academic, gove...

Software [In]Security: Twitter Security
Making Your Thoughts as Small and Incomplete as Possible Just for the record, I don't use Twitter. But if this column were a Twitter entry, it might read something like: http://www.informit.com/articles/article.aspx?p=1350268&cid=nl_DR_DAILY_T -- "If U know neither the enemy nor yourself,U will succumb in every battle" ...

Is security software becoming a security risk?
"Due to bugs in antivirus software, the security suite becomes a risk by itself, and adding multiple pieces of security software makes the problem worse, not better "... <http://www.infoworld.com/article/07/11/21/Is-security-software-becoming-a-security-risk_1.html> or http://preview.tinyurl.com/2nkk9r -- js http://justheadlines.exofire.net john s. smith wrote: > "Due to bugs in antivirus software, the security suite becomes a risk > by itself, and adding multiple pieces of security software makes the > problem worse, not better "... > ...

Book Review: Software Security
I'm jealous. No seriously. If Cigital is actually ran as depicted in the book Software Security - Building Security In, I have to give kudos to Gary and the gang for making an impressive environment for software security. I'm a fan of Gary's writing. If you are a regular reader, you know I loved both his books on Building Secure Software and Exploiting Software. This latest book is, in my mind at least, a balancing act between the two previous books on the topic. Gary calls it the "Ying and Yang". Which makes total sense, since the book cover is of exactly that, ...

F-Secure Readies Security Software For Linux
F-Secure Corp. on Tuesday unveiled security software for open-source Samba file servers and Linux, addressing a need that's growing within the enterprise market. The Finnish company announced the availability of antivirus software for Samba that automatically detects and removes viruses from files stored on the server. The new product is meant to protect all Samba-attached computers from malicious code that could enter the network from a Windows or Linux machine. Next month, F-Secure plans to ship a Linux version of F-Secure Policy Manager, which will extend centrally managed ...

What do security guards and computer security software have in common???
http://www.securitynewsportal.com/article.php?sid=920&mode=thread&order=0 -- Regard: Joh@nnes� 1216771 Ont.Inc. "Nothing is more damaging to a new truth than an old error" ...

Security software to secure USB flash drives?
Hello, does anyone know of some software (preferably freeware that would password protect access to a USB flash drive?) Currentlty the drive I have is open wide as soon as it is plugged in. Any help would be appreciated. Paul -- Calculating in binary code is as easy as 01,10,11. Paul Jackson wrote: > Hello, > > does anyone know of some software (preferably freeware that would > password protect access to a USB flash drive?) > > Currentlty the drive I have is open wide as soon as it is plugged in. > > Any help would be appreciated. >...

Security Software
What are the top most important software to have for internect securtiy, beside ZAP which I have. (ie- Ad-Aware?? anything?) Antivirus (my favorite: Norton AntiVirus), Antitrojan (recommended: BOClean) , Ad-Aware. Gtz. Tony "Felix919" <Flex@nowhere.com> schreef in bericht news:9ge2bb$18qs$1@news.grc.com... > What are the top most important software to have for internect securtiy, > beside ZAP which I have. (ie- Ad-Aware?? anything?) > > "Felix919" <Flex@nowhere.com> wrote in message news:9ge2bb$18qs$1@news.grc.com... > What a...

Security software
CryptoHeaven v1.0 is now available at www.cryptoheaven.com The product targets individuals in need of security and privacy working together in small groups. Software includes features like instant messaging, chat, and file sharing. Unique feature is an ability to securely share data folders between groups of people combined with remote storage. The source code is freely downloadable for anyone that cares to verify the claims. Asymmetric crypto is based on RSA and for a symmetric cipher, it uses Rijndael. It was released in hope that it would be put to the test by the cryptograp...

security software
Name: Roland Hanke Email: roland_h5atmywaydotcom Product: Firefox Summary: security software Comments: Have you ever thought about doing security software? I would have more confidence in it than most of what is out there. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

Software Security
Hi, How can i secure my software at customer site, so that it may not get copied. Is there any information available on software licencing techniques or algorithms regards sukhvinder There are manys to do that by binding the encrypted registration file with BIOS Serial No, HDD Serial No or Network's Physical Address, etc. to restrict the program to work on only one workstation. > Hi, > How can i secure my software at customer site, so that it > may not get copied. Is there any information available on > software licencing techniques or algorithms > >...

Tough security question using System.Security.Cryptography.RijndaelManaged.
Hi, I have to figure out why we have a problem with special characters in encrypted usernames and passwords. Case: Username: r&bgeorge Password: tigger We allow users to create usernames and passwords with special characters on the website. When we log them in, they have the option to save their login credentials for future logins. User logs in and checks off the “remember your password” option. Then the user closes his browser and opens a new browser window for the application. The user is not logged in and the username field contains “r” only, which the letter b...

GFI Software Enhances its Security Product Offering with the Acquisition of Sunbelt Software
For those of you running VIPRE, this may affect you -=20 <http://www.sunbeltsoftware.com/Press/Releases/?id=3D362> <http://www.techcrunchit.com/2010/07/13/gfi-software-acquires-sunbelt-sof= tware-mainly-for-its-vipre-technology/> --=20 Randy <http://msmvps.com/blogs/siljaline/default.aspx> <http://www.linkedin.com/in/randyknobloch> ...

Valve's Steam Software (posted in security.software also)
Several issues have been brought up recently regarding the security of Valve's (makers of Half-Life and Half-Life2) content delivery system named Steam. I have had some issues as well as numerous posts on their forums regarding the safety of this program. The first place I decided to come was here to see if I could find any info regarding this. Since I have not been able to find anything, I decided to post and see what anyone else has to say regarding this piece of software. The link to their site is www.steampowered.com and www.steampowered.com/forums . If anyone could, pl...

Securing Windows: Inside Microsoft's Battle to Deliver Secure Software
Securing Windows: Inside Microsoft's Battle to Deliver Secure Software http://www.eweek.com/category2/0,4148,1252525,00.asp (A record of virus/worms/holes since August 2003 and how Microsoft has battled them) -- Kayode Okeyode http://www.kayodeok.co.uk/weblog/ http://www.kayodeok.btinternet.co.uk/favorites/webdesign.htm ...

SOwens Technologies announces new line of Security software for DotNetNuke Portal Software
Imagine encrypting specific fields in your database, based on requirements and the needs of your customer or organization. Now do it with a few lines of code and your using InCryptorIT software by SOwens Technologies. Read about our first product in our new line of software at SOwens Technologies.Steven OwensSOwens Technologies...we make the net move Shouln't this be posted in another forum?Do you know the truth when you hear it?...

(Assuming backup software is also security software:) How can I back up my data NOT using MS Backup?
Hi all, XPPRO SP1. I have GB's of data I need to backup. The data changes on a regular basis, so I need to be able to do incremental backups. I don't want to use MS Backup since that compressed data to a MS-format, and I've allready had "can not read, archive damaged" messages on such archives. So, I need a stable product that enables me to backup the original data without compressing it into a specific, non recoverable, format. Of course, the software would need to be able to set archive bits and use these bits in incremental/differential backups. Does anyb...

Security Software Downloads
http://www.wilders.org/index.htm Very interesting site offering a couple of nice programs such as Spybot, to complement Ad-Aware and deal with spyware programs, DLExpert which is a small download manager it DOES install spyware, but this is easily removed with Ad-Aware or the like and also a few Trojan hunters, A/V, Firewalls and the like, some stuff is free, others you have evaluation periods for. ...

An Introduction to Software Security
This paper provides an introduction to software security under Windows. It describes general aspects of software security and its applications with respect to modern commercial software. I've included background information on some basic systems concepts that are prerequisites, an introduction to executable analysis and attack techniques, and common tamper resistance techniques that are the basis of commercial software security implementations. By: Casey Sheehan casey@sasystems.com Revision 1.1 Updated August 20, 2003 http://makeashorterlink.com/?T29512EB6 -- Regard:...

Software Security Device?
Logging in on web I get a popup with Mozilla icon. Message headed "Password Required" with underneath "Please enter the master password for the Software Security Device". I have hunted everywhere and am unable to find anything relating to this. The message an be cancelled and one can log in but password cannot be saved. -- johnmidl ------------------------------------------------------------------------ johnmidl;2375527 Wrote: > Logging in on web I get a popup with Mozilla icon. Message headed > "Password Required" with underneath &q...

Security Software Tests
Some interesting firewall tests by matousec http://www.matousec.com/projects/proactive-security-challenge/results.php "teddy" <teddy@nospam.net> wrote in message news:h9vuq3$1tn9$1@news.grc.com... > Some interesting firewall tests by matousec > > http://www.matousec.com/projects/proactive-security-challenge/results.php Interesting indeed, one definitely doesn't like to see a firewall on any_test showing up in red (bad) zone. ;) They do at least note which firewalls tested have paid or freeware versions and include download links to same. K...

Web resources about - Securing Software - grc.techtalk.cryptography

Securing Email Communications from Facebook
It's very important to us that the people who use Facebook feel safe and can trust that their connection to Facebook is secure; for instance ...

Securing Graph API Calls - Facebook-Entwickler
Graph API calls can be made from clients or from your server on behalf of clients. Calls from a server can be better secured by adding a parameter ...

Securing your Twitter experience with HTTPS - Twitter Blogs
... makes your Twitter experience more secure by protecting your information, and it’s especiall... Skip to main content Sign in Search Securing ...

Securing the landing zone - Flickr - Photo Sharing!
U.S. Army 1st Sgt. Gerald Eagan, with the 6th Engineer Battalion, throws his rucksack in front of him while pulling security on a remote mountain ...

Slamming Boss Against Wall, Shouting ‘I Need More Cash!’ Still Leading Tactic For Securing Raise - YouTube ...
Subscribe to The Onion on YouTube: http://bit.ly/xzrBUA Calling it the most effective method for reaching one’s full earning potential, a report ...

AFC president calls for more on-pitch success from Asian nations after securing a new term - The National ...
The Asian Football Confederation (AFC) is more united than it has been before but its teams must do better on the field, Shaikh Salman Bin Ebrahim ...

IN PICTURES: Securing the journey to the Cloud roundtable - Slideshow - ARN
... to discuss the journey towards the cloud. ARN in conjunction with itX, Trend Micro and VMware hosted the exclusive discussion on the securing ...


Veterans' families serve by securing the base in wartime
There are no memorials to the families of soldiers. There should be.

Securing the network beyond passwords - consumerization of IT, BYOD, MDM, Networking, security, wireless ...
Passwords have been a weakness of network security since the development of computer networks. Through guessing weak passwords, exploiting weak ...

Resources last updated: 3/6/2016 1:33:54 PM