SEARCH RESULTS
 
Showing 1-10 of 84 records
 
Expand article

A cryptographic hash function reading guide

2007-11-23 16:01:18 by George Danezis in Light Blue Touchpaper
 
...function NIST has announced a competition to determine the next Secure Hash Algorithm, SHA-3. SHA-0 is considered broken, SHA-1 is still secure but no one knows for how long, and the SHA-2 family are desperately slow. (Do not even think about using MD5, or MD4 for which Prof. Wang can find collisions by hand, but RIPEMD-160 still stands.)...
 
Tags: function, hash functions, cryptographic hash functions, functions, functions secure, design, hash function design, compression functions, secure hash function
 
 
 
 
Expand article

Security Function as a Business Enabler

The Article has images
2008-06-27 20:50:00 by RaviC in Musings on Information Security
...function (as part of IT) as an overhead of an overhead. It is utmost important for security manager to run the security function in a way that it enables the business The various components (sub functions) of security organization should align with the business objectives of the IT and the whole organization. There needs to be a cohesive...
 
Tags: security, view security organization, security organization, business, information security function, organization, information security, cohesive security strategy, strategy
 
 
 
 
Expand article

Banning function calls, assurance, and retrofitting

2008-03-18 19:48:00 by Security Retentive in Security Retentive
 
...functions defined. The list includes the standard cast such as scanf, strcpy, strcat, etc. On top of that though they add some things that didn't make Microsoft's list ; for example, rand I don't technically have a problem with including rand() in the list of things to be extremely careful about, but whereas it is nearly impossible to...
 
Tags: code review experience, code, security sensitive context, context, security critical context, unsafe context, static analyzer, file defects, rand
 
 
 
 
Expand article

WordPress 2.5 Cookie Forging Explained

2008-04-25 21:46:49 by Chris Eng in Zero in a bit
 
...function generates the cookie as follows key = wp hash($user->user login . $expiration); $hash = hash hmac('md5', $user->user login . $expiration, $key); $cookie = $user->user login . '|' . $expiration . '|' . $hash Each subsequent request that your browser makes to WordPress contains the authentication cookie, which the software then...
 
Tags: cookie, wordpress authentication cookie, authentication cookie, cookie integrity bug, hash, hash hmac, user, user identity, maintain cookie uniqueness
 
 
 
 
Expand article

Ask the Auditor: Who is Responsible for Information Security?

2007-12-29 06:24:50 by Editor in Security Links
 
...functions all have significant roles in auditing information security. The big question for many companies is how these stakeholders should work together to ensure that everything that should be done to protect sensitive data is being doneand that the companys key assets are protected appropriately 1) Staff and line-of-business managers must...
 
Tags: information, information security, information policy, information security risks, information assurance, information security governance, information security managers, information security management, assign information security
 
 
 
 
Expand article

The Moo Security through Sacredness

The Article has images
2007-08-29 04:30:13 by RaviC in Musings on Information Security
...function is considered as an extension of IT, it is an overhead of an overhead - it is not sacred. Security function usually is the foremost to feel the pinch due to IT budget cut. A good way to make security function "secure" is to make it sacred. There are standards like ISO27001, COBIT which are well respected and considered sacred in the...
 
Tags: cow, cow roams, security function, dried dung cake, secure animal, dung, animal, india, secure
 
 
 
 
Expand article

Relentless Reflection - What it Means in Risk Management

2008-08-26 17:55:40 by Alex in RiskAnalys.is
 
...function . And I hate to debate (post-mortem) the father of Toyota quality success when he says that Hansei is the check in Plan/Do/Check/Act, but I think that Hansei also applies to the Plan of the P/D/C/A or Deming cycle Youll recall the P/D/C/A cycle can be thought of even as an implementation of Scientific Method, in that it is...
 
Tags: risk management, risk, call risk management, call, relentless reflection, relentless, reflection, risk analyst, risk decision
 
 
 
 
Expand article

What Does SHA1 is Broken Mean?

2007-12-12 07:35:00 by Eric Marvets in The Security Samurai
 
...function for the example (modifying an existing application to store hashed passwords The videos I did were part of the How Do I series, and not exactly the place to explain why it was appropriate to use SHA1. But for those of you looking to understand the why behind the example, Ill take a few minutes to explain it What exactly is SHA1 ...
 
Tags: sha1, choose sha1, sha1 protects, hash data, data, sha1 drops, hash function, hash, function
 
 
 
 
Expand article

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle
 
...function is used to copy each line read from the file into fixed sized stack and heap buffers There is a very high probability that the SDL would catch this because lstrcpy (and all its evil brethren) are on the Banned API list. We have seen bugs that do not affect Windows Vista because of banned API removal, one such example is MS06-078 in...
 
Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers
 
 
 
 
Expand article

Whats driving the MSSP craze - critical, but non-core functions are fair game for outsourcing

2008-06-13 03:29:37 by HASH0x8bb419c in StillSecure, After All These Years