Five common Web application vulnerabilities
Article on security focus on common web app vulnerabilities. Nice to see an article that doesn't just repeat the obvious but acually goes into some detail about how the attacks are carried out...
April 2006 Archives
CERIAS Weblogs » Security Myths and Passwords
Good article looking at some of the assumptions and laziness that lead to companies adopting security policies without actually thinking through the consequences for their envrionment.
Whilst I'd agree generally with the thrust of the argument (password policies forcing periodic password rotation can actually decrease rather than increase overall system security) there's a good point made in the comments by Michael Spencer , that password rotation does help by reducing the window of time that an attacker can access the information made available by a compromised account (in certain circumstances).
Overall I think that companies would be well served by actually looking at authentication policies for their environment and conducting an analysis of what would policy be the most effective for them, rather than just blindly accept "best practice" which may not be appropriate.
Security-Protocols :: The Bug Hunters Blog - Latest on OS X research..
Post about some serious security flaws in OSX, found by a security researcher.
I must say, I'm not surprised.
There's not been a lot of focus on security of Apple products in the past, but it seems that when it comes, with the increasing popularity of the platform, there will be a decent quantity of problems.
Whilst the UNIX-like underpinnings of OSX provide certain security advantages, there's nothing that I'm aware of which makes their security inherently better, at an application-level. And if they're typical of most tech companies, they won't be paying a huge amount of attention to secure development practices, until they start getting problems with published flaws/virii/worms...
How The Anti-Virus Industry Is Turning A White Hat Black, or (at least) Gray
Some interesting information about some work done to create an encrypted rootkit for winodws.. The worrying bit is that three months after it was put out, the main anti-virus still can't find it...
more information here.
