SecurityRatty: tag: unsafe

Banning function calls, assurance, and retrofitting

2008-03-18 19:48:00 by Security Retentive in Security Retentive

...unsafe" functions defined. The list includes the standard cast such as scanf, strcpy, strcat, etc. On top of that though they add some things that didn't make Microsoft's list ; for example, rand I don't technically have a problem with including rand() in the list of things to be extremely careful about, but whereas it is nearly impossible...

Tags: code review experience, code, security sensitive context, context, security critical context, unsafe context, static analyzer, file defects, rand

10 things you should be doing to protect your company against email risks

2007-11-02 23:30:15 by Administrator in Email security & compliance blog

...unsafe work environment. For external mails this is to protect the reputation of your company and to avoid libel lawsuits. You must also check attachments and use word filtering to avoid confidential data leaving the company. For instance you can block external emails containing Social Security Numbers, credit card details or patient...

Tags: policy, email policy violations, email-policy, email policy rules, rules, email policy, risks, email risks, email

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

2008-01-04 23:37:00 by sdl in The Security Development Lifecycle

...unsafe "lstrcpy()" function is used to copy each line read from the file into fixed sized stack and heap buffers There is a very high probability that the SDL would catch this because lstrcpy (and all its evil brethren) are on the Banned API list. We have seen bugs that do not affect Windows Vista because of banned API removal, one such...

Tags: linker sdl requirements, sdl requirements, ibm, sdl, requirements, symantec, bugs affect ibm, bugs, sdl refers

Squirreling Backdoors Into Distribution Points

2007-12-19 22:16:35 by Chris Eng in Zero in a bit

...unsafe from that point forward. Even though practical attacks had not yet been formulated, the writing was on the wall. Unfortunately, the rest of the world either didnt notice or didnt care Cryptographers have since developed increasingly sophisticated attacks stemming from Wangs original work. Recently, researchers in the Netherlands...

Tags: md5 collisions, md5, md5 hashes, distribution, php, execute php code, execute, code, md5 unsafe

Linksys, Trend Micro pair security software with routers

2008-03-20 00:00:00 by HASH0x8b5e434 in Network World on Security

Linksys will offer Trend Micro's ProtectLink Gateway to help smaller businesses ward off spam, phishing, and viruses, while allowing control over what sites are visiting, including blocking of known unsafe sites

Tags: unsafe sites, sites, offer trend micro, businesses ward, linksys, protectlink gateway, spam, viruses, control

The Conscious Competence Security Model

2007-10-05 12:44:00 by Allen Baranov, CISSP in Security Thoughts

...unsafe your network and information really is You work at it, struggling all the time to get a proper plan in place and back it up with all the good stuff you can such as technological solutions, training, awareness, processes etc all the time refining and updating the process to get more secure. At the same time new projects have security...

Tags: information security field, information, information security spin, information security, security, security incident, computer security, conscious competence, model

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive

...unsafe way. Unfortunately our best techniques for detecting and eradicating them are going to be either dynamic languages where we don't get buffer overflows, or lots of static analysis and strict code reviews of all places we handle static-sized buffers. One partial solution is to simply use an environment that isn't itself to buffer...

Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security

Protecting the web-surfing public

2008-06-05 14:19:23 by Doug Woodall in The Spyware Biz Blog

...unsafe site. I checked my site, came out clean and spiffy clipped from wiki.ittoolbox.com Google Safe Browsing Diagnostic Page (268 views Googles Safe Browsing Diagnostic Page has been introduced in response to an increased effort by Yahoo and McAfee , the security company, to provide this for Yahoo surfers, to secure Web search engine...

Tags: site url, site, url, google, unsafe site, diagnostic page, google safe, malicious, yahoo

It Changed My Life: My Review of "Geekonomics"

2008-06-05 17:53:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...unsafe software in general and less about "hackable" software. The author chose to not make this distinction very clear, perhaps on purpose So, everybody in software business, security business - in fact, just everybody who uses a computer - MUST READ THIS BOOK! Seriously, understanding the point made there might be a matter of life or death...

Tags: software, software manufactures, typical software, software development, insecure, insecure software, bad software, bad, open-source software

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo