Expert analysis
Secure Personal Identification Systems: Policy, Process and Technology Choices for a Privacy-Sensitive Solution
This paper describes policy, process and technology issues that need to be considered in implementing a privacy-sensitive secure personal ID system. The different ID …
Shatter attacks – more techniques, more detail, more juicy goodness.
Introduction Well, It’s now two weeks since the release of Shatter, and my inbox has finally started calming down. I’ve tried to reply to most of the messages …
Public Key Infrastructure (PKI): A Primer
As the Internet becomes an increasingly important means of conducting transactions and the volume of e-business grows exponentially, a secure infrastructure is needed to …
Protecting the Distributed Enterprise
Shows how a distributed security strategy can cost-effectively extend the reach of enterprise-class security and remote access throughout the enterprise. Download the paper in …
Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG
We recently noted that PGP and other e-mail encryption protocols are, in theory, highly vulnerable to chosen-ciphertext attacks in which the recipient of the e-mail acts as an …
Exploiting design flaws in the Win32 API for privilege escalation – Shatter Attacks – How to break Windows
Introduction This paper presents a new generation of attacks against Microsoft Windows, and possibly other message-based windowing systems. The flaws presented in this paper …
Infranet: Circumventing Web Censorship and Surveillance
An increasing number of countries and companies routinely block or monitor access to parts of the Internet. To counteract these measures, we propose Infranet, a system that …
A General and Flexible Access-Control System for the Web
We describe the design, implementation, and performance of a new system for access control on the web. To achieve greater exibility in forming access-control policies – …
Proprietary Certificates
Certificates play an essential role in public-key cryptography, and are likely to become a cornerstone of commerce-related applications. Traditional certificates, however, are …
OpenSSL Security Vulnerabilities Roundup
OpenSSL Security Advisory issued on 30 July 2002 that points to several security issues within OpenSSL. There are four remotely exploitable buffer overflows in OpenSSL. There …
Hacking the Invisible Network: Insecurities in 802.11x
Wireless local-area networks (WLANs) are becoming increasingly popular but, at the same time, they have introduced new security issues. The convenience of WLANs introduces …
Proxy-Based Security Protocols in Networked Mobile Devices
We describe a resource discovery and communication system designed for security and privacy. All objects in the system, e.g., appliances, wearable gadgets, software agents, …
Featured news
Resources
Don't miss
- The API security crisis and why businesses are at risk
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)
- Casio UK site compromised, equipped with web skimmer
- Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities
- Why logs aren’t enough: Enhancing SIEM with AI-driven NDR