CGI/Perl Taint Mode FAQ For example, if $form_data{"email"} is "tainted", then the following would still be legal: print $form_data{"email"} . "\n"; because the print command is not an unsafe operation. Hardening Linux Web Servers Security is a process, not a result. It is a process which is difficult to adopt under normal conditions; the problem is compounded when it spans several job descriptions. All the system level security in the world is rendered useless by insecure web-applications.
File Encryption Software AxCrypt is the leading open source file encryption software for Windows. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files. We have received 3,251,237 registrations, so it is tried and proven! AxCrypt is a great complement to services such as Dropbox, Google Drive, Live Mesh, SkyDrive and Box.net . Security Summit Network World - Can security be a competitive advantage? Are security and privacy at odds with speed and collaboration? How has Sarbanes-Oxley complicated the security challenge?
Marco Ramilli's Blog Hi folks, today I was seeking something able to grab pieces of web. I'm building a kind of spam-message-compositor for one research of mine, and what I found is pretty much interesting. It's called Web-Harvest, and of course it does much than a simple grab, but for my purpose is more than enough. Web-Harvest is Open Source Web Data Extraction tool written in Java. It offers a way to collect desired Web pages and extract useful data from them. In order to do that, it leverages well established techniques and technologies for text/xml manipulation such as XSLT, XQuery and Regular Expressions.
How Private Are Sites' Membership Lists? Something like this is actually possible with quite a few well-known sites -- given a person's e-mail address, it is possible to find out if they have an account with Match.com, PayPal, Netflix, eBay, Amazon, and Google (and, by the way, Slashdot [CT: We'd fix it if I thought it mattered]). For some of those sites, it may even be possible to take a long list of e-mail addresses and use an automated process to find out which of those addresses have accounts with those sites (something I didn't want to risk trying myself, but as a general rule, if you can do it once, you can do it many times, at least if you do it slowly enough). It does not enable the attacker to extract addresses from a site's membership rolls, which is a much more serious type of breach -- in this case, the attacker would have to already know a list of e-mail addresses, and would only be able to find out which of those addresses have accounts with a given service. Try to create a new account with that e-mail address.
Exploit writing tutorial part 11 : Heap Spraying Demystified Introduction A lot has been said and written already about heap spraying, but most of the existing documentation and whitepapers have a focus on Internet Explorer 7 (or older versions). Although there are a number of public exploits available that target IE8 and other browsers, the exact technique to do so has not been really documented in detail. Macintosh Security Site -> SubRosa Utilities easy-to-use encryption and shredding software for Mac OS and X SubRosa Utilities (encryption/decryption file deletion) Information: SubRosa Vol 1-File Utilities is SubRosaSoft.com Ltd's first line of privacy products which help Macintosh users secure themselves and their personal data. The suite of software to protect your files consist of the following; file and folder encryption, multi-pass shredder, and free decryptor. Each one of these programs make it easy enough for any Mac user to enforse digital security on the personal data that is stored on the computer. SubRosa Encryptor The SubRosa Encryptor allows you to take files or folders and convert them into a encrypted archive that you can store safely using 128 bit key encryption. The archives are made in a format which allows users to transfer them over the Internet without being currupted upon arrival.
How to Prevent DoS Attacks Denial of Service (DoS) attacks are among the most feared threats in today's cybersecurity landscape. Difficult to defend against and potentially costly, DoS attacks can cause outages of web sites and network services for organizations large and small. DoS attacks can also be lucrative for criminals, some of whom use these attacks to shake down businesses for anywhere from thousands to millions of dollars. Any deliberate effort to cut off your web site or network from its intended users qualifies as a DoS attack. Such attacks have been successfully deployed against major online businesses including Visa and Mastercard, Twitter, and WordPress. Automating Firewall Log Scanning Firewalls are computers dedicated to filtering particular kinds of network traffic between two networks. They are usually employed to protect a LAN from the rest of the Internet. Securing every box on the LAN is much more costly and time consuming than deploying, administering and monitoring a single firewall. A firewall is particularly essential to those institutions permanently connected to the Internet. Depending on the network configuration, the router can be set up as a packet filter; usually, though, it is more convenient to set up a dedicated box to act as a firewall. Because they can be made extremely secure and have a low cost, Linux boxes can be very effective firewalls.