Know-how
Good numbers, bad numbers
A number of users and administrators are still unsure about the causes and effects of the problems in the Debian Linux project's OpenSSL library. We help you understand how all this came about [--] and how you can assess your personal risk. more…
A pocket guide to OpenSSL
Debian's debacle with unsafe OpenSSL keys is having repercussions. SuSE, Red Hat and even Windows may be in danger. To make things worse, test tools do not work reliably, and some users lock themselves out during updates. more…
Vista's Integrity Levels, Part 1
In Vista, Microsoft adds integrity levels to Windows' previous security model which allow high-risk programs to be partitioned off from the system. This article describes the basic principles using practical examples. more…
Fuzzy ways of finding flaws
Fuzzing, aka fuzz testing, has revolutionized the automated search for programming flaws. Nowadays, you simply use corrupt data to cause programs to crash and detect flaws even without access to the source code. more…
- Manipulated ATMs
- Modern Hydra - the new tricks of spammers and phishers
- Password stealing for dummies
- The Common Vulnerability Scoring System - Magic Numbers or Snake Oil?
- Web application security
- Breaking into a VPN
- How Skype & Co. get round firewalls
- Ajax Security: Stronger than Dirt?
- Brute Force
- You can't Bank on Security
