Expert analysis
Backdoored dsniff, fragroute and fragrouter
In a recent hack of irssi server, attacker modified the configure script which gave him shell access to any system that installed the backdoored irssi program. The same thing …
Keeping Secrets in Hardware: the Microsoft XBox Case Study
This paper discusses the hardware foundations of the cryptosystem employed by the Xbox video game console from Microsoft. A secret boot block overlay is buried within a system …
RSA Security enhances RSA Keon
In support of its commitment to make the deployment and use of digital certificates easy for conducting secure and cost-effective e-business, RSA Security announced that its …
Security Advisories Week: 22-29 May 2002
Title: OpenServer popper buffer overflow and denial of service Date: May 22 2002 Vendor: Caldera Vulnerable systems: OpenServer 5.0.5 and OpenServer 5.0.6 Full advisory: …
Cyclone: A Safe Dialect of C
Cyclone is a safe dialect of C. It has been designed from the ground up to prevent the buffer overflows, format string attacks, and memory management errors that are common in …
Cross Site Scripting “the security gap”
I wonder if Microsoft applies the patches on their systems of their products. This question is always on my mind. I personally think that sufficient effort is not made on this …
Corporate Security Overview: 21-28 May 2002
A number of security companies send us their company press releases, which we republish in the press section of Help Net Security. This is an overview of interesting …
Basic security with passwords
The password. It really gives you power doesn’t it? You’re the only one that has the “key” to the workstation or something else that has to be kept …
A test of the ‘Email Security Testing Zone’
GFI is a worldwide supplier of security and communication tools for NT/2000 administrators. GFI’s security product range consists of MailSecurity email content checking …
Symantec announces VelociRaptor 1.5
VelociRaptor 1.5 is a popular firewall and VPN appliance. The new version now provides support for Advanced Encryption Standard (AES) and new proxy functions to best secure …
Corporate Security Overview: 15-20 May 2002
A number of security companies send us their company press releases, which we republish in the press section of Help Net Security. This is an overview of interesting …
Evolution of Cross-Site Scripting Attacks
It seems today that Cross-Site Scripting (XSS) holes in popular web applications are being discovered and disclosed at an ever-increasing rate. Just glancing at the Bugtraq …
Featured news
Sponsored
Don't miss
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)
- Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)
- Is an open-source AI vulnerability next?
- OWASP dep-scan: Open-source security and risk audit tool
- Ebury botnet compromises 400,000+ Linux servers