Expert analysis
More Enforceable Security Policies
We analyze the space of security policies that can be enforced by monitoring programs at runtime. Our program monitors are automata that examine the sequence of program …
Linux Security Modules: General Security Support for the Linux Kernel
The access control mechanisms of existing mainstream operating systems are inadequate to provide strong system security. Enhanced access control mechanisms have failed to win …
PGP Outlook Encryption Plug-in Vulnerability
eEye staffers Marc Maiffret and Riley Hassell, were again busy on finding the bugs, so a new advisory hit the “streets” today. This time, there is a remote …
DSL Security Whitepaper
This contribution provides an overview of some of the security aspects of DSL-based corporate networks. With the expansion of the Internet and the increasing use of Internet …
Microsoft SQL Server Passwords (Cracking the password hashes)
SQL Server uses an undocumented function, pwdencrypt() to produce a hash of the user’s password, which is stored in the sysxlogins table of the master database. This is …
Security in Open versus Closed Systems – The Dance of Boltzmann, Coase and Moore
Some members of the open-source and free software community argue that their code is more secure, because vulnerabilities are easier for users to find and fix. Meanwhile the …
Creating Arbitrary Shellcode In Unicode Expanded Strings
The paper is intended to be read by the portion of the security community responsible for creating protective mechanisms to guard against “shellcode” type security …
Information Survivability: Required Shifts in Perspective
The events of recent years and especially of recent months have greatly increased awareness of information and infrastructure security, whether they are media reports of the …
(more) Advanced SQL Injection
This paper addresses the subject of SQL Injection in a Microsoft SQL Server/IIS/Active Server Pages environment, but most of the techniques discussed have equivalents in other …
Network InSecurity
This technical brief will overview the inherent flaws that plague the internet today, making it vulnerable to corporate espionage, money laundering, grand larceny, trading …
Violating Database – Enforced Security Mechanisms
This paper discusses the feasibility of violating the access control, authentication and audit mechanisms of a running process in the Windows server operating systems. …
Security and open source
Security problems in software are of course an extremely bad thing, regardless of the business model under which the software was written. I want to consider why anybody …
Featured news
Sponsored
Don't miss
- Prompt Fuzzer: Open-source tool for strengthening GenAI apps
- How insider threats can cause serious security breaches
- Most people still rely on memory or pen and paper for password management
- What AI can tell organizations about their M&A risk
- Breaking down the numbers: Cybersecurity funding activity recap