Expert analysis
Public Key Infrastructure (PKI): A Primer
As the Internet becomes an increasingly important means of conducting transactions and the volume of e-business grows exponentially, a secure infrastructure is needed to …
Protecting the Distributed Enterprise
Shows how a distributed security strategy can cost-effectively extend the reach of enterprise-class security and remote access throughout the enterprise. Download the paper in …
Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
We recently noted that PGP and other e-mail encryption protocols are, in theory, highly vulnerable to chosen-ciphertext attacks in which the recipient of the e-mail acts as an …
Exploiting design flaws in the Win32 API for privilege escalation – Shatter Attacks – How to break Windows
Introduction This paper presents a new generation of attacks against Microsoft Windows, and possibly other message-based windowing systems. The flaws presented in this paper …
Infranet: Circumventing Web Censorship and Surveillance
An increasing number of countries and companies routinely block or monitor access to parts of the Internet. To counteract these measures, we propose Infranet, a system that …
A General and Flexible Access-Control System for the Web
We describe the design, implementation, and performance of a new system for access control on the web. To achieve greater exibility in forming access-control policies – …
Proprietary Certificates
Certificates play an essential role in public-key cryptography, and are likely to become a cornerstone of commerce-related applications. Traditional certificates, however, are …
OpenSSL Security Vulnerabilities Roundup
OpenSSL Security Advisory issued on 30 July 2002 that points to several security issues within OpenSSL. There are four remotely exploitable buffer overflows in OpenSSL. There …
Hacking the Invisible Network: Insecurities in 802.11x
Wireless local-area networks (WLANs) are becoming increasingly popular but, at the same time, they have introduced new security issues. The convenience of WLANs introduces …
Proxy-Based Security Protocols in Networked Mobile Devices
We describe a resource discovery and communication system designed for security and privacy. All objects in the system, e.g., appliances, wearable gadgets, software agents, …
Security in Plan 9
The security architecture of the Plan 9 operating system has recently been redesigned to address some technical shortcomings. This redesign provided an opportunity also to …
Five Microsoft Security Bulletins Released
Microsoft was pretty active in the past few days – they released five security bulletins dealing with the following products: SQL Server 2000, Windows Media Player, …