SEARCH RESULTS
 
Showing 1-10 of 521 records
 
Expand article

The cost of a code signing certificate

The Article has images
2008-01-17 07:31:00 by Keith Brown in Security Briefs
...code signing certificates aren't cheap. If you look at the major vendors like VeriSign and Thawte , you'll find they charge between $500 and $300 for a cert that's valid for a year Scott commented that you can get cheap code-signing certs, as Jon Robbins points out . 80 bucks sounds like quite a deal, but a quick look at Jon's post reveals...
 
Tags: code, cheap, cheap code, cert, root store, root, philosophical question, issue, install
 
 
 
 
Expand article

New Banking Code shifts more liability to customers

2008-04-09 14:08:49 by Steven J. Murdoch in Light Blue Touchpaper
 
...Code , the voluntary consumer-protection standard for UK banks, was released last week . The new code claims to give customers the most up to date information on how to protect their accounts from fraud. This sounds like a worthy cause, but closer inspection shows customers could be worse off than they were before Clause 12.11 of the code...
 
Tags: code, customers, banks, fraud-detection algorithms, fraud, code claims, electronic fraud, code deals, fraud threat
 
 
 
 
Expand article

Can I just comment out these lines of code?

2008-05-23 10:53:20 by Burton Group in Security and Risk Management Strategies Blog
 
...code, which was generating error messages in a certain software quality assurance tool , happened to be a critical part of the random number generator in a cryptographic library package . By removing this code, the strength of the cryptographic key material was reduced to a point where cracking the key would take minutes instead of decades....
 
Tags: process purportedly, process, fix specific process, software development process, commercial development process, code, low-assurance process, development, specific
 
 
 
 
Expand article

Advisory: CiscoWorks Arbitrary Code Execution Vulnerability

2008-05-29 01:56:52 by Dave Lewis in Liquidmatrix Security Digest
 
...Code Execution Vulnerability Release Date: 28 May 2008 Reference: LSD003-2008 Discover: Dave Lewis CVE Number: CVE-2008-2054 Vendor: Cisco Systems Systems Affected: CiscoWorks Common Services (various versions): Cisco Unified Operations Manager (CUOM), Cisco Unified Service Monitor (CUSM), CiscoWorks QoS Policy Manager (QPM), CiscoWorks LAN...
 
Tags: vulnerability, cisco, cisco systems, cisco advisory, cisco security manager, vulnerability exists due, execute arbitrary code, ciscoworks common services, security
 
 
 
 
Expand article

Can I just comment out these lines of code?

2008-05-23 10:53:20 by Burton Group in Security and Risk Management Strategies Blog
 
...code, which was generating error messages in a certain software quality assurance tool , happened to be a critical part of the random number generator in a cryptographic library package . By removing this code, the strength of the cryptographic key material was reduced to a point where cracking the key would take minutes instead of decades....
 
Tags: process purportedly, process, fix specific process, software development process, commercial development process, code, low-assurance process, development, specific
 
 
 
 
Expand article

We can't write secure code

2008-05-16 07:00:00 by Stuart King in Stuart King's Security and Risk Management Blog
 
...code or developing better testing tools. We need to get things right much earlier in the development process." It's a subject I've been harping on about for some time, with many references to excellent resources such as OWASP , and great leaders on the subject such as Mark Curphey . Over the last few years I've heard many solutions proposed...
 
Tags: code, secure, code secure, secure code, secure software, security, security holes, security requirements, security patches
 
 
 
 
Expand article

Safari & IE Attack Code Released

2008-06-11 01:59:04 by Dave Lewis in Liquidmatrix Security Digest
 
...code for the latest Safari problem was released on Sunday From Network World A hacker has posted attack code that exploits critical flaws in the Safari and Internet Explorer Web browsers The source code, along with a demo of the attack, was posted Sunday on a computer security blog. It can be used to run unauthorized software on a victims...
 
Tags: attack, attack code, safari, safari bug, safari users, exploits critical flaws, computer security blog, chief technical officer, shavlik technologies
 
 
 
 
Expand article

Feature Request #1: Stable Code

2008-06-30 04:01:00 by JJ in Security Uncorked
 
...code and properly functioning features. Unfortunately, I cannot always choose the hardware my customers are using in their infrastructure. However, if you would like for me to recommend they continue purchasing and using it, then the product must demonstrate to me that it is: capable, reliable, predictable and well-documented. If your product...
 
Tags: code, stable code, support, post-sales support, current maintenance contract, current, maintenance contract, security engineer, security
 
 
 
 
Expand article

Money for nothin, code for free - if you don't own the copyright you could be in Dire Straits

2008-03-19 01:45:00 by HASH0x8aede64 in StillSecure, After All These Years
 
...Code for Free ".Not sure how big a music fan Bob is but I think he has Dire Straits (the band who did that song) spelled wrong, but that is not the only thing I think wrong with Bob's article. Bob lays out Untangles revenue models as this Untangle makes money from software by selling proprietary, for-profit extensions to our core open source...
 
Tags: software untangle, software, core software, source security software, commercial, commercial product, source, source code, larger commercial customers