http://dzone.com/links/tag/security.html DZone: fresh links for developers en-us Copyright (c) 2006 DZone, Inc. Fri, 29 Aug 2008 22:12:45 GMT The DZone community 2008-08-29T22:12:45Z en-us Copyright (c) 2006 DZone, Inc. http://dzone.com/links/feed/frontpage/security/rss.xml http://www.dzone.com/images/std/dzone.com_258x55.gif http://www.dzone.com/links/ http://dzone.com/links/rss/flash_exploit_served_by_microsoft.html Microsoft site (msn.no) serves trojan to thousands of users due to known Flash Player bug. flash-flex microsoft security windows Thu, 28 Aug 2008 03:05:22 GMT http://dzone.com/links/107721.html jensa 2008-08-28T03:05:22Z Microsoft site (msn.no) serves trojan to thousands of users due to known Flash Player bug.]]> 107721 2008-08-27T16:56:01Z 2008-08-28T03:05:22Z 8 0 319 0 http://dzone.com/links/images/thumbs/120x90/107721.jpg jensa http://dzone.com/links/images/avatars/295873.gif http://dzone.com/links/rss/zero_to_production_in_15_minutes.html There still seems to be confusion about the relative simplicity or difficulty of deploying a Rails app using JRuby. Many folks still look around for the old tools and the old ways (Mongrel, generally), assuming that "all that app server stuff" is too complicated. I figured I'd post a quick walkthrough to show how easy it actually is, along with links to everything to get you started. frameworks java ruby security Wed, 27 Aug 2008 19:52:24 GMT http://dzone.com/links/106953.html bloid 2008-08-27T19:52:24Z There still seems to be confusion about the relative simplicity or difficulty of deploying a Rails app using JRuby. Many folks still look around for the old tools and the old ways (Mongrel, generally), assuming that "all that app server stuff" is too complicated. I figured I'd post a quick walkthrough to show how easy it actually is, along with links to everything to get you started.]]> 106953 2008-08-25T18:37:44Z 2008-08-27T19:52:24Z 8 0 442 0 http://dzone.com/links/images/thumbs/120x90/106953.jpg bloid http://dzone.com/links/images/avatars/111696.gif http://dzone.com/links/rss/300_php_presentations_online.html The PHP Presentation System hosts over three hundred presentations, covering a slew of different topics including performance, testing, debugging, XML, and security. The presentations are from speakers at a variety of conferences. You will see (and hear if interested) presentations from speakers like Derick Rethans, Tobias Schlitt, Rasmus Lerdorf and many many more. These presentations have been at conferences all around the world and contain a great deal of information. php security web services xml Wed, 27 Aug 2008 18:19:23 GMT http://dzone.com/links/107581.html startrak118 2008-08-27T18:19:23Z The PHP Presentation System hosts over three hundred presentations, covering a slew of different topics including performance, testing, debugging, XML, and security. The presentations are from speakers at a variety of conferences. You will see (and hear if interested) presentations from speakers like Derick Rethans, Tobias Schlitt, Rasmus Lerdorf and many many more. These presentations have been at conferences all around the world and contain a great deal of information.]]> 107581 2008-08-27T12:02:41Z 2008-08-27T18:19:23Z 13 0 469 0 http://dzone.com/links/images/thumbs/120x90/107581.jpg startrak118 http://dzone.com/links/images/avatars/298704.gif http://dzone.com/links/rss/data_filtering_using_phps_filter_functions.html Using PHP's filter_* functions, we can validate and sanitize data types, URLs, e-mail addresses, IP addresses, strip bad characters, and more, all with relative ease. This is part one of two, covering filter_var() and the different constants and flags that can be set. how-to php security Wed, 27 Aug 2008 08:00:32 GMT http://dzone.com/links/106901.html aphpguy 2008-08-27T08:00:32Z Using PHP's filter_* functions, we can validate and sanitize data types, URLs, e-mail addresses, IP addresses, strip bad characters, and more, all with relative ease. This is part one of two, covering filter_var() and the different constants and flags that can be set.]]> 106901 2008-08-25T15:45:55Z 2008-08-27T08:00:32Z 15 0 278 0 http://dzone.com/links/images/thumbs/120x90/106901.jpg aphpguy http://dzone.com/links/images/avatars/276074.gif http://dzone.com/links/rss/administrators_force_secure_passwords_because_use.html The story of how a stolen laptop and a careless employee got me banned from my favorite pawn shop. opinion security server Tue, 26 Aug 2008 13:46:18 GMT http://dzone.com/links/106993.html matt 2008-08-26T13:46:18Z The story of how a stolen laptop and a careless employee got me banned from my favorite pawn shop.]]> 106993 2008-08-25T19:48:34Z 2008-08-26T13:46:18Z 13 0 199 0 http://dzone.com/links/images/thumbs/120x90/106993.jpg matt http://dzone.com/links/images/avatars/2.gif http://dzone.com/links/rss/best_unobtrusive_antispam_technique_not_captcha.html By far one of the best techniques when fighting spam, specially because it doesn't require any special attention from the user! css-html security usability web design Mon, 25 Aug 2008 11:16:15 GMT http://dzone.com/links/106499.html alalex 2008-08-25T11:16:15Z By far one of the best techniques when fighting spam, specially because it doesn't require any special attention from the user!]]> 106499 2008-08-23T22:40:33Z 2008-08-25T11:16:15Z 11 0 715 3 http://dzone.com/links/images/thumbs/120x90/106499.jpg alalex http://dzone.com/links/images/avatars/279625.gif http://dzone.com/links/rss/restrict_ssh_to_run_a_specific_command.html You may know that if you were to include your ssh public key in the remote host's authorized_keys file, you can ssh/scp into that remote machine without password login. This will enable administrator to program script to run without having to interactive with it. security tools unix-linux Sun, 24 Aug 2008 09:19:41 GMT http://dzone.com/links/106125.html bloid 2008-08-24T09:19:41Z You may know that if you were to include your ssh public key in the remote host's authorized_keys file, you can ssh/scp into that remote machine without password login. This will enable administrator to program script to run without having to interactive with it.]]> 106125 2008-08-22T11:52:33Z 2008-08-24T09:19:41Z 12 0 243 0 http://dzone.com/links/images/thumbs/120x90/106125.jpg bloid http://dzone.com/links/images/avatars/111696.gif http://dzone.com/links/rss/my_websites_sql_database_was_hacked.html I received an email from my website manager indicating several errors across different pages. I hate days that start with issues like that, I first thought that someone again broke the website through an edit. But Beyond Compare told me I was totally wrong. I dug even further and realized that values returning from the database were incorrect. database reviews security Sun, 24 Aug 2008 00:42:04 GMT http://dzone.com/links/106361.html mswatcher 2008-08-24T00:42:04Z I received an email from my website manager indicating several errors across different pages. I hate days that start with issues like that, I first thought that someone again broke the website through an edit. But Beyond Compare told me I was totally wrong. I dug even further and realized that values returning from the database were incorrect.]]> 106361 2008-08-23T04:35:12Z 2008-08-24T00:42:04Z 11 0 486 0 http://dzone.com/links/images/thumbs/120x90/106361.jpg mswatcher http://dzone.com/links/images/avatars/225256.gif http://dzone.com/links/rss/tutorial_cracking_wep_using_backtrack_3.html This article will explan how to crack 64bit and 128bit WEP on many WIFI access points and routers using Backtrack, a live linux distribution. Your mileage may very. The basic theory is that we want to connect to an Access Point using WEP Encryption, but we do not know the key. how-to security unix-linux Thu, 21 Aug 2008 18:59:52 GMT http://dzone.com/links/105574.html jeffreybarke 2008-08-21T18:59:52Z This article will explan how to crack 64bit and 128bit WEP on many WIFI access points and routers using Backtrack, a live linux distribution. Your mileage may very. The basic theory is that we want to connect to an Access Point using WEP Encryption, but we do not know the key.]]> 105574 2008-08-21T02:04:47Z 2008-08-21T18:59:52Z 10 0 577 0 http://dzone.com/links/images/thumbs/120x90/105574.jpg jeffreybarke http://dzone.com/links/images/avatars/313145.gif http://dzone.com/links/rss/6_deadly_ajax_drawbacks_are_you_aware.html Some developers view AJAX as the silver bullet for every scenario. However, AJAX introduces its own set of hazards in various areas, which include: development time, browsing history and experience, search engine interaction, accessibility, server load, and security. Let’s take a closer look at each of these 6 areas. ajax javascript security xml Tue, 19 Aug 2008 06:02:33 GMT http://dzone.com/links/104577.html Ashish Nayyar 2008-08-19T06:02:33Z Some developers view AJAX as the silver bullet for every scenario. However, AJAX introduces its own set of hazards in various areas, which include: development time, browsing history and experience, search engine interaction, accessibility, server load, and security. Let’s take a closer look at each of these 6 areas.]]> 104577 2008-08-18T11:52:20Z 2008-08-19T06:02:33Z 10 0 819 4 http://dzone.com/links/images/thumbs/120x90/104577.jpg ashishnayyar911 http://dzone.com/links/images/avatars/282083.gif http://dzone.com/links/rss/soa_security_101_patching_the_firewall_hole.html Service-oriented architectures have opened and connected “black box” software implementations across enterprises, resulting in a new set of interoperable heterogeneous solutions with the common thread of standard protocols. While this level of integration is unprecedented for enterprise systems, it further muddies the water for application security. The objective of this article is to first introduce the new threats associated with service-oriented solutions, and then provide fundamental design considerations to mitigate the risks resulting from these threats. Atif Ghauri Introduce you with the problem and design considerations to reduce these treats. java security web services Mon, 18 Aug 2008 19:10:40 GMT http://dzone.com/links/104546.html Masoud Kalali 2008-08-18T19:10:40Z Service-oriented architectures have opened and connected “black box” software implementations across enterprises, resulting in a new set of interoperable heterogeneous solutions with the common thread of standard protocols. While this level of integration is unprecedented for enterprise systems, it further muddies the water for application security. The objective of this article is to first introduce the new threats associated with service-oriented solutions, and then provide fundamental design considerations to mitigate the risks resulting from these threats. Atif Ghauri Introduce you with the problem and design considerations to reduce these treats.]]> 104546 2008-08-18T10:24:36Z 2008-08-18T19:10:40Z 9 0 97 1 http://dzone.com/links/images/thumbs/120x90/104546.jpg Kalali http://dzone.com/links/images/avatars/89352.gif http://dzone.com/links/rss/password_authentication_without_revealing_your_pa.html The majority of personalized web sites use some kind of form-based password authentication where you have two form fields for username and password, and a login button. When you submit your authentication, the password is sent to the server for verification against a user database. This method has several security implications, and my article describes a possible solution to this, using JavaScript. how-to javascript security Mon, 18 Aug 2008 08:38:40 GMT http://dzone.com/links/104310.html asgeirn 2008-08-18T08:38:40Z The majority of personalized web sites use some kind of form-based password authentication where you have two form fields for username and password, and a login button. When you submit your authentication, the password is sent to the server for verification against a user database. This method has several security implications, and my article describes a possible solution to this, using JavaScript.]]> 104310 2008-08-17T17:17:05Z 2008-08-18T08:38:40Z 13 0 492 6 http://dzone.com/links/images/thumbs/120x90/104310.jpg asgeirn http://dzone.com/links/images/avatars/219690.gif http://dzone.com/links/rss/torvalds_fed_up_with_security_circus.html Linus Torvalds, creator of the Linux kernel, says he's fed up with what he sees as a "security circus" surrounding software vulnerabilities and how they're hyped by security people. opinion security unix-linux Sat, 16 Aug 2008 19:06:56 GMT http://dzone.com/links/104044.html Kirill Grouchnikov 2008-08-16T19:06:56Z Linus Torvalds, creator of the Linux kernel, says he's fed up with what he sees as a "security circus" surrounding software vulnerabilities and how they're hyped by security people.]]> 104044 2008-08-16T07:39:09Z 2008-08-16T19:06:56Z 8 0 473 2 http://dzone.com/links/images/thumbs/120x90/104044.jpg kirillcool http://dzone.com/links/images/avatars/160542.gif http://dzone.com/links/rss/programming_language_synchronicity_where_is_the_n.html Yesterday I spent several hours trying to find the problem with our implementation of OpenSSL Cipher, that caused the Net::SSH gem to fail miserable during negotiation and password verification. After various false leads I finally found the reason for the strange behavior. But I really can't decide if it's a bug, and if it's a bug where the bug is. Is it in Ruby's interface to OpenSSL, or is it in Net::SSH? ruby security server web 2.0 Fri, 15 Aug 2008 18:22:46 GMT http://dzone.com/links/103522.html Thierry.Lefort 2008-08-15T18:22:46Z Yesterday I spent several hours trying to find the problem with our implementation of OpenSSL Cipher, that caused the Net::SSH gem to fail miserable during negotiation and password verification. After various false leads I finally found the reason for the strange behavior. But I really can't decide if it's a bug, and if it's a bug where the bug is. Is it in Ruby's interface to OpenSSL, or is it in Net::SSH?]]> 103522 2008-08-14T09:40:20Z 2008-08-15T18:22:46Z 8 0 152 0 http://dzone.com/links/images/thumbs/120x90/103522.jpg Thierry.Lefort http://dzone.com/links/images/avatars/252611.gif http://dzone.com/links/rss/sql_injection_attacks_in_the_wild_why_theyre_work.html Over the past several days, a significant number (in the thousands) of web applications, some of them well-known and well-used, have fallen victim to a distributed SQL injection attack that takes advantage of weak or non-existent input validation to inject malicious HTML code that then performs a drive-by malware attack on unsuspecting visitors. Since visitors to your site trust it, if your site has been hacked they are more likely to allow the malware to install on their computer (especially if, for example, the malware is delivered in the form of a browser helper object or something along those lines database security Thu, 14 Aug 2008 08:53:41 GMT http://dzone.com/links/103239.html mswatcher 2008-08-14T08:53:41Z Over the past several days, a significant number (in the thousands) of web applications, some of them well-known and well-used, have fallen victim to a distributed SQL injection attack that takes advantage of weak or non-existent input validation to inject malicious HTML code that then performs a drive-by malware attack on unsuspecting visitors. Since visitors to your site trust it, if your site has been hacked they are more likely to allow the malware to install on their computer (especially if, for example, the malware is delivered in the form of a browser helper object or something along those lines]]> 103239 2008-08-13T14:40:03Z 2008-08-14T08:53:41Z 11 0 219 0 http://dzone.com/links/images/thumbs/120x90/103239.jpg mswatcher http://dzone.com/links/images/avatars/225256.gif http://dzone.com/links/rss/common_security_flaws_in_php_applications.html No matter how long you’ve been programming or scripting, once in a while you’ll catch yourself making a serious (security) flaw that you thought you’d never make, because you “have the experience“. Some of the most basic things a programmer should think of, but often forgets - because after all, we have to think of *a lot* of best-practice situations. how-to php security standards Thu, 14 Aug 2008 08:52:36 GMT http://dzone.com/links/103029.html Mojah 2008-08-14T08:52:36Z No matter how long you’ve been programming or scripting, once in a while you’ll catch yourself making a serious (security) flaw that you thought you’d never make, because you “have the experience“. Some of the most basic things a programmer should think of, but often forgets - because after all, we have to think of *a lot* of best-practice situations.]]> 103029 2008-08-12T22:23:57Z 2008-08-14T08:52:36Z 8 0 185 0 http://dzone.com/links/images/thumbs/120x90/103029.jpg Mojah http://dzone.com/links/images/avatars/299814.gif http://dzone.com/links/rss/web_application_security_2.html How would you determine whether your website is being hacked or not? Read the way hacker steals the information and hacks your website. Moreover, how you can help preventing your website being hacked. IS YOUR WEBSITE HACKABLE? Some hackers, for example, will take advantage of web application vulnerabilities and may maliciously inject code within vulnerable web applications to trick users and redirect them towards phisphing sites. This technique is called Cross-Site Scripting and may be used even when the web servers and database engine contain no vulnerabilities themselves. database php security web services Thu, 14 Aug 2008 00:31:11 GMT http://dzone.com/links/102907.html kailashk 2008-08-14T00:31:11Z How would you determine whether your website is being hacked or not? Read the way hacker steals the information and hacks your website. Moreover, how you can help preventing your website being hacked. IS YOUR WEBSITE HACKABLE? Some hackers, for example, will take advantage of web application vulnerabilities and may maliciously inject code within vulnerable web applications to trick users and redirect them towards phisphing sites. This technique is called Cross-Site Scripting and may be used even when the web servers and database engine contain no vulnerabilities themselves.]]> 102907 2008-08-12T14:41:05Z 2008-08-14T00:31:11Z 10 0 310 0 http://dzone.com/links/images/thumbs/120x90/102907.jpg kailashk http://dzone.com/links/images/avatars/324290.gif http://dzone.com/links/rss/java_web_applications_spread_bots_and_keyloggers.html In its report, Cybercrime Trends for 2008, Symantec claims, "Java-based Web applications—small programs, such as video players or interactive maps, that launch themselves from a Web page—are proliferating, which will provide a growing opportunity for cyberthieves to spread bots, keyloggers, and other malicious software." java security usability web design Wed, 13 Aug 2008 23:26:37 GMT http://dzone.com/links/102976.html geertjan 2008-08-13T23:26:37Z In its report, Cybercrime Trends for 2008, Symantec claims, "Java-based Web applications—small programs, such as video players or interactive maps, that launch themselves from a Web page—are proliferating, which will provide a growing opportunity for cyberthieves to spread bots, keyloggers, and other malicious software."]]> 102976 2008-08-12T18:14:45Z 2008-08-13T23:26:37Z 9 0 155 0 http://dzone.com/links/images/thumbs/120x90/102976.jpg geertjan http://dzone.com/links/images/avatars/250147.gif http://dzone.com/links/rss/google_releases_an_open_source_cryptography_toolk.html Google has just released an open source cryptographic toolkit: Keyczar. The company is aiming to make inherently complex cryptography easier and safer for developers to implement. In addition to the Google Code page where you can get the toolkit, there is this information page, and a link to a discussion group. Keyczar is released under an Apache 2.0 license. frameworks java python security Wed, 13 Aug 2008 06:48:39 GMT http://dzone.com/links/102950.html normchow 2008-08-13T06:48:39Z Google has just released an open source cryptographic toolkit: Keyczar. The company is aiming to make inherently complex cryptography easier and safer for developers to implement. In addition to the Google Code page where you can get the toolkit, there is this information page, and a link to a discussion group. Keyczar is released under an Apache 2.0 license.]]> 102950 2008-08-12T17:27:43Z 2008-08-13T06:48:39Z 17 0 1254 2 http://dzone.com/links/images/thumbs/120x90/102950.jpg normchow http://dzone.com/links/images/avatars/306169.gif http://dzone.com/links/rss/death_from_the_mailroom_iphone_hacks_your_company.html The Apple iPhone is great for phone calls and viewing YouTube videos, but it can also be turned into one heck of a wireless hacking tool capable of wrecking havoc on almost any company or government organization from the inside. mobile security Tue, 12 Aug 2008 20:45:23 GMT http://dzone.com/links/102469.html Thierry.Lefort 2008-08-12T20:45:23Z The Apple iPhone is great for phone calls and viewing YouTube videos, but it can also be turned into one heck of a wireless hacking tool capable of wrecking havoc on almost any company or government organization from the inside.]]> 102469 2008-08-11T08:21:28Z 2008-08-12T20:45:23Z 12 0 277 0 http://dzone.com/links/images/thumbs/120x90/102469.jpg Thierry.Lefort http://dzone.com/links/images/avatars/252611.gif http://dzone.com/links/rss/php_code_top_ten_security_vulnerabilities.html Below follows the top ten security vulnerabilities that might be hiding in your PHP code. opinion php security web design Tue, 12 Aug 2008 15:46:05 GMT http://dzone.com/links/102815.html Volume4 2008-08-12T15:46:05Z Below follows the top ten security vulnerabilities that might be hiding in your PHP code.]]> 102815 2008-08-12T10:07:57Z 2008-08-12T15:46:05Z 14 0 428 0 http://dzone.com/links/images/thumbs/120x90/102815.jpg Volume4 http://dzone.com/links/images/avatars/71517.gif http://dzone.com/links/rss/goodbye_passwords_you_arent_a_good_defense.html THE best password is a long, nonsensical string of letters and numbers and punctuation marks, a combination never put together before. Some admirable people actually do memorize random strings of characters for their passwords — and replace them with other random strings every couple of months. Then there’s the rest of us, selecting the short, the familiar and the easiest to remember. And holding onto it forever. opinion security Mon, 11 Aug 2008 02:45:21 GMT http://dzone.com/links/102342.html bloid 2008-08-11T02:45:21Z THE best password is a long, nonsensical string of letters and numbers and punctuation marks, a combination never put together before. Some admirable people actually do memorize random strings of characters for their passwords — and replace them with other random strings every couple of months. Then there’s the rest of us, selecting the short, the familiar and the easiest to remember. And holding onto it forever.]]> 102342 2008-08-10T15:26:32Z 2008-08-11T02:45:21Z 18 0 669 1 http://dzone.com/links/images/thumbs/120x90/102342.jpg bloid http://dzone.com/links/images/avatars/111696.gif http://dzone.com/links/rss/game_over_for_vista.html This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees. security windows Sat, 09 Aug 2008 11:18:41 GMT http://dzone.com/links/102051.html axiomshell 2008-08-09T11:18:41Z This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees.]]> 102051 2008-08-08T19:15:32Z 2008-08-09T11:18:41Z 27 0 916 2 http://dzone.com/links/images/thumbs/120x90/102051.jpg axiomshell http://dzone.com/links/images/avatars/200729.gif http://dzone.com/links/rss/custom_authentication_schemes_with_grails_and_jse.html In my current software project a requirement is an authentication scheme consisting not of the usual user name an password, but user name, password and a store number. Each user name should be unique in for a store but could occur multiple times for all stores. frameworks groovy security Wed, 06 Aug 2008 19:30:41 GMT http://dzone.com/links/101385.html bloid 2008-08-06T19:30:41Z In my current software project a requirement is an authentication scheme consisting not of the usual user name an password, but user name, password and a store number. Each user name should be unique in for a store but could occur multiple times for all stores.]]> 101385 2008-08-06T06:43:16Z 2008-08-06T19:30:41Z 7 0 91 0 http://dzone.com/links/images/thumbs/120x90/101385.jpg bloid http://dzone.com/links/images/avatars/111696.gif http://dzone.com/links/rss/grails_security_tomcat_policy_files.html After some hours i got running our grails application in apache-tomcat 6.0.18 secure mode: frameworks groovy security server Tue, 05 Aug 2008 18:05:58 GMT http://dzone.com/links/101094.html bloid 2008-08-05T18:05:58Z After some hours i got running our grails application in apache-tomcat 6.0.18 secure mode:]]> 101094 2008-08-05T06:49:40Z 2008-08-05T18:05:58Z 8 0 115 0 http://dzone.com/links/images/thumbs/120x90/101094.jpg bloid http://dzone.com/links/images/avatars/111696.gif