Security and open source
Security problems in software are of course an extremely bad thing, regardless of the business model under which the software was written. I want to consider why anybody …
Expert analysis
OpenSSH Remote Vulnerability Roundup
In a recent discussion about the Apache Chunk Handling vulnerability, which consisted of many debates and rants on how the reporting was done, ISS mentioned that they found …
Security: Source Access and the Software Ecosystem
The goal of this paper is to explore the relationship between the security of software and the model under which that software was produced and distributed. Additionally, this …
TrueSign: Under the Hood
Electronic document exchange and digital signatures are often considered as systems both hard to understand and difficult to use for the end user. This fear is often caused by …
Achilles’ Shield: A New Internet Security System for Protecting Networks and Computer Systems Against Viruses and Malicious Code
A comprehensive look at what constitutes malicious code, the inherent weakness of all signature-based scanning methods, and the technology behind the Achilles’Shield …
Apache Chunk Handling Roundup
Internet Security Systems and NGSSoftware found a security issue with chunk encoding in the popular Apache web server. The problems may lead to a remote compromise and denial …
Roundup on BIND Denial of Service
Short description (from Incidents.org Handler’s Diary): There is a Denial of Service vulnerability in ISC Bind (versions 9 up to 9.2.1) When this is exploited by a …
Understanding the Email-Borne Threat
In the past few years, email has become the predominant purveyor of viruses. This rapid communications technology outpaces the signature-based scanner updates, allowing …
Virus Protection: All Roads Lead To A Multi-Modal, Modular Approach
The purpose of this paper is to explain why we have concluded that the future of virus protection lies with architecture, rather than product, and why a multi-modal, modular …
Corporate Security Overview: 04-11 June 2002
A number of security companies send us their company press releases, which we republish in the press section of Help Net Security. This is an overview of interesting …
Usability and privacy: a study of Kazaa P2P file-sharing
P2P file sharing systems are rapidly becoming one of the most popular applications on the internet, with millions of users online exchanging files daily. While primarily …
An Introduction to Snort
This is a presentation at the Houston ISSA Meeting in April by Ricard Bejtlich, a senior forensic consultant for Foundstone. Download the presentation in PPT format here.