SEARCH RESULTS
 
Showing 1-10 of 487 records
 
Expand article

The cost of a code signing certificate

The Article has images
2008-01-17 07:31:00 by Keith Brown in Security Briefs
...code signing certificates aren't cheap. If you look at the major vendors like VeriSign and Thawte , you'll find they charge between $500 and $300 for a cert that's valid for a year Scott commented that you can get cheap code-signing certs, as Jon Robbins points out . 80 bucks sounds like quite a deal, but a quick look at Jon's post reveals...
 
Tags: code, cheap, cheap code, cert, root store, root, philosophical question, issue, install
 
 
 
 
Expand article

New Banking Code shifts more liability to customers

2008-04-09 14:08:49 by Steven J. Murdoch in Light Blue Touchpaper
 
...Code , the voluntary consumer-protection standard for UK banks, was released last week . The new code claims to give customers the most up to date information on how to protect their accounts from fraud. This sounds like a worthy cause, but closer inspection shows customers could be worse off than they were before Clause 12.11 of the code...
 
Tags: code, customers, banks, fraud-detection algorithms, fraud, code claims, electronic fraud, code deals, fraud threat
 
 
 
 
Expand article

Can I just comment out these lines of code?

2008-05-23 10:53:20 by Burton Group in Security and Risk Management Strategies Blog
 
...code, which was generating error messages in a certain software quality assurance tool , happened to be a critical part of the random number generator in a cryptographic library package . By removing this code, the strength of the cryptographic key material was reduced to a point where cracking the key would take minutes instead of decades....
 
Tags: process purportedly, process, fix specific process, software development process, commercial development process, code, low-assurance process, development, specific
 
 
 
 
Expand article

Advisory: CiscoWorks Arbitrary Code Execution Vulnerability

2008-05-29 01:56:52 by Dave Lewis in Liquidmatrix Security Digest
 
...Code Execution Vulnerability Release Date: 28 May 2008 Reference: LSD003-2008 Discover: Dave Lewis CVE Number: CVE-2008-2054 Vendor: Cisco Systems Systems Affected: CiscoWorks Common Services (various versions): Cisco Unified Operations Manager (CUOM), Cisco Unified Service Monitor (CUSM), CiscoWorks QoS Policy Manager (QPM), CiscoWorks LAN...
 
Tags: vulnerability, cisco, cisco systems, cisco advisory, cisco security manager, vulnerability exists due, execute arbitrary code, ciscoworks common services, security
 
 
 
 
Expand article

Can I just comment out these lines of code?

2008-05-23 10:53:20 by Burton Group in Security and Risk Management Strategies Blog
 
...code, which was generating error messages in a certain software quality assurance tool , happened to be a critical part of the random number generator in a cryptographic library package . By removing this code, the strength of the cryptographic key material was reduced to a point where cracking the key would take minutes instead of decades....
 
Tags: process purportedly, process, fix specific process, software development process, commercial development process, code, low-assurance process, development, specific
 
 
 
 
Expand article

SQL Server source code analysis and management adds database security

2008-04-24 11:41:32 by Heidi Sweeney in WhatIs: Enterprise IT tips and expert advice
 
Manage and protect your SQL Server databases by implementing source code analysis. Source code is the foundation of any application, and integrating methods to test and debug this code adds a key layer of security. IT security specialist Kevin Beaver explains why source code analysis should be a fundamental component of your SQL Server security...
 
Tags: source code, code, source code analysis, sql server databases, fundamental component, key layer, security, test, application
 
 
 
 
Expand article

We can't write secure code

2008-05-16 07:00:00 by Stuart King in Stuart King's Security and Risk Management Blog
 
...code or developing better testing tools. We need to get things right much earlier in the development process." It's a subject I've been harping on about for some time, with many references to excellent resources such as OWASP , and great leaders on the subject such as Mark Curphey . Over the last few years I've heard many solutions proposed...
 
Tags: code, secure, code secure, secure code, secure software, security, security holes, security requirements, security patches
 
 
 
 
Expand article

Safari & IE Attack Code Released

2008-06-11 01:59:04 by Dave Lewis in Liquidmatrix Security Digest
 
...code for the latest Safari problem was released on Sunday From Network World A hacker has posted attack code that exploits critical flaws in the Safari and Internet Explorer Web browsers The source code, along with a demo of the attack, was posted Sunday on a computer security blog. It can be used to run unauthorized software on a victims...
 
Tags: attack, attack code, safari, safari bug, safari users, exploits critical flaws, computer security blog, chief technical officer, shavlik technologies
 
 
 
 
Expand article

Why code quality matters

2008-07-31 09:46:07 by Kevlin Henney in WhatIs: Enterprise IT tips and expert advice
 
Poor code quality is a disaster waiting to happen. For example, making changes to bad code can result in broken code. Kevlin Henney explains the importance of catching problems in code at the source so that they don't manifest into large problems that are difficult and costly to repair
 
Tags: code, bad code, poor code quality, kevlin henney explains, source, importance, repair, costly, disaster