Expert analysis
Security in Plan 9
The security architecture of the Plan 9 operating system has recently been redesigned to address some technical shortcomings. This redesign provided an opportunity also to …
Five Microsoft Security Bulletins Released
Microsoft was pretty active in the past few days – they released five security bulletins dealing with the following products: SQL Server 2000, Windows Media Player, …
Trusted Paths for Browsers: An Open-Source Solution to Web Spoofing
This paper reports the results of our work to systematically defend against Web spoofing, by creating a trusted path from the browser to the user. Starting with the Mozilla …
Secure Execution Via Program Shepherding
We introduce program shepherding, a method for monitoring control flow transfers during program execution to enforce a security policy. Program shepherding provides three …
Setuid Demystified
Access control in Unix systems is mainly based on user IDs, yet the system calls that modify user IDs (uid-setting system calls), such as setuid, are poorly designed, …
More Enforceable Security Policies
We analyze the space of security policies that can be enforced by monitoring programs at runtime. Our program monitors are automata that examine the sequence of program …
Linux Security Modules: General Security Support for the Linux Kernel
The access control mechanisms of existing mainstream operating systems are inadequate to provide strong system security. Enhanced access control mechanisms have failed to win …
PGP Outlook Encryption Plug-in Vulnerability
eEye staffers Marc Maiffret and Riley Hassell, were again busy on finding the bugs, so a new advisory hit the “streets” today. This time, there is a remote …
DSL Security Whitepaper
This contribution provides an overview of some of the security aspects of DSL-based corporate networks. With the expansion of the Internet and the increasing use of Internet …
Microsoft SQL Server Passwords (Cracking the password hashes)
SQL Server uses an undocumented function, pwdencrypt() to produce a hash of the user’s password, which is stored in the sysxlogins table of the master database. This is …
Security in Open versus Closed Systems – The Dance of Boltzmann, Coase and Moore
Some members of the open-source and free software community argue that their code is more secure, because vulnerabilities are easier for users to find and fix. Meanwhile the …
Creating Arbitrary Shellcode In Unicode Expanded Strings
The paper is intended to be read by the portion of the security community responsible for creating protective mechanisms to guard against “shellcode” type security …
Featured news
Resources
Don't miss
- The API security crisis and why businesses are at risk
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)
- Casio UK site compromised, equipped with web skimmer
- Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities
- Why logs aren’t enough: Enhancing SIEM with AI-driven NDR