Optimizing SSL processing for Web
The Secure Sockets Layer protocol is the de facto means for transmitting data over the Internet privately and securely. The protocol is integrated into every browser and every Web server, allowing any user to interact with any Web site in a secure manner.
Friday, December 22, 2000
Microsoft 'set hacker trap' theory
Hackers who broke into Microsoft's corporate network last month could have been lured into a hacker trap containing nothing more than dummy data, according to researcher Gartner.
Hackers who broke into Microsoft's corporate network last month could have been lured into a hacker trap containing nothing more than dummy data, according to researcher Gartner.
SafeNet
Security is the big question, and the answer is... er, privacy policies and smart cards. These, at least, were the only obvious concrete suggestions Bill Gates had to put forward when he opened Microsoft's prestige Safenet 2000 conference in Redmond yesterday.
Security is the big question, and the answer is... er, privacy policies and smart cards. These, at least, were the only obvious concrete suggestions Bill Gates had to put forward when he opened Microsoft's prestige Safenet 2000 conference in Redmond yesterday.
Security Research Center
The Johns Hopkins University, supported by a $10 million "seed" gift, is establishing a research center to tackle the complex technological, legal, ethical and public policy challenges of keeping information private and computer systems secure in an increasingly electronic world.
The Johns Hopkins University, supported by a $10 million "seed" gift, is establishing a research center to tackle the complex technological, legal, ethical and public policy challenges of keeping information private and computer systems secure in an increasingly electronic world.
Forget passwords, what about pictures?
Instead of creating a password, users select a personal "pass portfolio" of five abstract color images from thousands generated by a random-art computer program. It's necessary to commit them to memory by examining them carefully. Then, when they want to log into a secure system, they are challenged to identify the five out of a line-up of 25, most of them random decoys.
Instead of creating a password, users select a personal "pass portfolio" of five abstract color images from thousands generated by a random-art computer program. It's necessary to commit them to memory by examining them carefully. Then, when they want to log into a secure system, they are challenged to identify the five out of a line-up of 25, most of them random decoys.
Code breakers believe Poe puzzle solved after 150 years
Edgar Allan Poe, master of the mysterious and the macabre, may have uttered his last words from beyond the grave.
A coded message published by Poe in 1841 in a magazine where he worked as editor has been deciphered with the help of modern computing and the intuition of a young puzzle solver, 151 years after Poe's death.
Edgar Allan Poe, master of the mysterious and the macabre, may have uttered his last words from beyond the grave.
A coded message published by Poe in 1841 in a magazine where he worked as editor has been deciphered with the help of modern computing and the intuition of a young puzzle solver, 151 years after Poe's death.
Quality Security Tools
In May/June of 2000, we conducted a survey of 1200 Nmap users from the nmap-hackers mailing list to determine their favorite security tools. Each respondant could list up to 5.
I was so impressed by the list they created that I am putting the top 50 up here where everyone can benefit from them. I think anyone in the security field would be well advisted to go over the list and investigate any tools they are unfamiliar with. I also plan to point newbies to this page whenever they write me saying "I do not know where to start".
In May/June of 2000, we conducted a survey of 1200 Nmap users from the nmap-hackers mailing list to determine their favorite security tools. Each respondant could list up to 5.
I was so impressed by the list they created that I am putting the top 50 up here where everyone can benefit from them. I think anyone in the security field would be well advisted to go over the list and investigate any tools they are unfamiliar with. I also plan to point newbies to this page whenever they write me saying "I do not know where to start".
Secure your Windows 2000
The document is entitled "Secure Internet Information Services 5 Checklist" and lists a dozen specific items that must be addressed in addition to a few tweaks to the underlying Windows 2000 operating system.
The document is entitled "Secure Internet Information Services 5 Checklist" and lists a dozen specific items that must be addressed in addition to a few tweaks to the underlying Windows 2000 operating system.
Nessie
The main objective of the project is to put forward a portfolio of strong cryptographic primitives that has been obtained after an open call and been evaluated using a transparent and open process.
The main objective of the project is to put forward a portfolio of strong cryptographic primitives that has been obtained after an open call and been evaluated using a transparent and open process.
Wednesday, December 20, 2000
Tuesday, December 19, 2000
The Ten Immutable Laws of Security
Here at the Microsoft Security Response Center, we investigate thousands of security reports every year. In some cases, we find that a report describes a bona fide security vulnerability resulting from a flaw in one of our products; when this happens, we develop a patch as quickly as possible to correct the error. In other cases, the reported problems simply result from a mistake someone made in using the product. But many fall in between. They discuss real security problems, but the problems don't result from product flaws. Over the years, we've developed a list of issues like these, that we call the Ten Immutable Laws of Security.
Here at the Microsoft Security Response Center, we investigate thousands of security reports every year. In some cases, we find that a report describes a bona fide security vulnerability resulting from a flaw in one of our products; when this happens, we develop a patch as quickly as possible to correct the error. In other cases, the reported problems simply result from a mistake someone made in using the product. But many fall in between. They discuss real security problems, but the problems don't result from product flaws. Over the years, we've developed a list of issues like these, that we call the Ten Immutable Laws of Security.
Security red alert
If the network administrators and security specialists at the Small Business Administration, in Washington, were to push the panic button every time a potentially serious virus or software vulnerability alert was posted on the Web, the small businesses that rely on the SBA for loans and other assistance would be out of luck.
If the network administrators and security specialists at the Small Business Administration, in Washington, were to push the panic button every time a potentially serious virus or software vulnerability alert was posted on the Web, the small businesses that rely on the SBA for loans and other assistance would be out of luck.
Monday, December 18, 2000
Security Scanners
PC Magazine's review on intrusion detection gives you the bad news you need to avoid worse news later.
PC Magazine's review on intrusion detection gives you the bad news you need to avoid worse news later.
Installing a secure web server
With ``e-commerce'' becoming an important part of many businesses, it's useful to know how to set up your Apache server to run SSL for secure transfer of sensitive information.
With ``e-commerce'' becoming an important part of many businesses, it's useful to know how to set up your Apache server to run SSL for secure transfer of sensitive information.
Subscribe to:
Posts (Atom)