Krishna There are three basic types of vulnerability disclosures: full disclosure, partial disclosure, and nondisclosure. Each type has its advocates, and long lists of pros and cons can be debated regarding each type. CERT and RFP take a rigid approach to disclosure practices; they created strict guidelines that were not always perceived as fair and flexible … Read more
The Securely Protect Yourself Against Cyber Trespass (SPY Act) was passed by the House of Representatives, but never voted on by the Senate. Several versions have existed since 2004, but the bill has not become law as of this writing. The SPY Act would provide many specifics on what would be prohibited and punishable by … Read more
Several years ago, Congress determined that the legal system still allowed for too much leeway for certain types of computer crimes and that some activities not labeled “illegal” needed to be. In July 2002, the House of Representatives voted to put stricter laws in place, and to dub this new collection of laws the Cyber … Read more
Today’s CEOs and management not only need to worry about profit margins, market analysis, and mergers and acquisitions; now they also need to step into a world of practicing security with due care, understanding and complying with new government privacy and information security regulations, risking civil and criminal liability for security failures (including the possibility … Read more
Since technology can be used by the good and bad guys, there is always a fine line that separates the two. For example, BitTorrent is a peer-to-peer file sharing protocol that al- lows individuals all over the world to share files whether they are the legal owners or not. One website will have the metadata … Read more
LaTeX is a markup language for describing a document. It can also be defined as a document preparation system. LaTeX is mainly used to create technical or scientific articles, papers, reports, books or Ph.D. thesis. There are a number of LaTeX distributions you can install on Ubuntu. One such distribution is TeX Live. To install … Read more
Look at the following two pieces of text: The text on the left side is a secret message. The message has been encrypted , or turned into a secret code. It will be completely unreadable to anyone who doesn’t know how to decrypt it (that is, turn it back into the plain English message.) The … Read more
Hypertext Markup Language (HTML) injection is also sometimes referred to as virtual defacement. This is really an attack made possible by a site allowing a malicious user to inject HTML into its web page(s) by not handling that user’s input properly. In other words, an HTML injection vulnerability is caused by receiving HTML, typically via … Read more
Even the strongest safe deposit box can be opened with the right key. Your valuables might be safe in the strongest, most fortified bank in the world, but if the key is sitting on the bar with your car keys, it only takes a simple and quick attack to defeat every layer of the bank’s … Read more
Your application might be the most secure application ever written, but unbeknownst to you, the operating system is unintentionally working against your security. I’ve tested many applications that were otherwise securely written, but leaked clear text copies of confidential information into the operating system’s caches. From web caches that store web page data, to keyboard … Read more