Twice the bits, twice the trouble: vulnerabilities induced by migrating to 64-bit platforms | the morning paper edit / delete

"In this study, Wressnegger et al. reveal how a codebase originally written for 32-bit, and which is perfectly secure on 32-bit platforms, can have new vulnerabilities simply by compiling it for 64-bit systems." No surprises for anyone who follows oss-security etc., but the paper's a good overview.

to architecture porting security vulnerabilities ... on 06 April

Trammell Hudson's Projects edit / delete

Lots of interesting electronics, security and retrocomputing projects; in particular, PDP-11 restoration and interesting USB input devices.

to electronics retrocomputing reverse-engineering security usb ... on 26 February

Peterman edit / delete

The history of twentieth-century Scottish safecracking. (The author is skeptical about John Ramensky's exploits.)

to crime folk-song history ramensky scotland security ... on 11 January

Mid-2016 Tor bug retrospective, with lessons for future coding | The Tor Blog edit / delete

"I recently did an informal review of our major bugs from the last few years. ... My goals were to see if we're right in our understanding of what causes bugs in Tor, and what approaches to avoid bugs and limit their impact would be most effective."

to bug security software-engineering tor ... on 06 December 2016

"though I would consider the requirements for writing really secure software qui... | Hacker News edit / delete

Links to some projects doing secure software engineering in practice.

to security software-engineering ... on 06 December 2016

stealth/pam_schroedinger: Uncertainty for brute forcers during login. edit / delete

"pam_schroedinger prevents from dicitionary/brute-force attacks against PAM accounts by only returning PAM_SUCCESS if there was no previous login or attempt within a certain timeframe." Cute. Not sure how practical this is!

to authentication pam security ... on 18 October 2016

netsniff-ng toolkit edit / delete

Various low-level packet tools -- I found this while looking for tunnelling systems based on NaCl.

to crypto ecc nacl networking packet security tunnel ... on 18 October 2016

The Cryptopals Crypto Challenges edit / delete

"We give you problems to solve. They're derived from weaknesses in real-world systems and modern cryptographic constructions. We give you enough info to learn about the underlying crypto concepts yourself." These are really good.

to crypto security teaching ... on 14 October 2016

Perspectives Project | Connect securely to https websites – Blog and info for the Perspectives project edit / delete

Certificate notary service -- the idea being both to detect forged (but valid) certificates, and to provide trust in self-signed certs.

to ca certificate notary security tls ... on 14 October 2016

Browser bookmarks: tasty+ | tasty= Log in | Export | Atom

Tags related to security

- security
 
1 + academia
1 + access-control
1 + acme
1 + ag0700
1 + ag0803
2 + ag0907
6 + amusements
2 + api
1 + architecture
1 + arduino
2 + arm
1 + authentication
1 + autoconf
1 + avr
1 + bitcoin
1 + blockchain
1 + bounds-checking
1 + bounty
1 + browser
2 + buffer
2 + buffer-overflow
2 + bug
2 + bugs
1 + build-systems
2 + c
2 + c++
4 + ca
1 + camera
1 + capability
1 + capsicum
4 + ccc
4 + certificate
1 + certificates
1 + cesrg
1 + checking
1 + chromium
1 + chroot
1 + clang
1 + cloud
1 + code
2 + compiler
1 + conference
2 + container
1 + coop
1 + coverage
1 + coverage-directed
1 + coverity
1 + cpu
1 + crime
10 + crypto
12 + cryptography
1 + cs
1 + cypherpunks
1 + debian
1 + debugging
1 + dect
1 + design
1 + dh
2 + djb
1 + ebooks
1 + ecc
1 + economics
1 + el0805
1 + elective
3 + electronics
3 + encryption
1 + ethereum
1 + ethical-hacking
1 + ethics
3 + exploit
1 + firefox
1 + folk-song
3 + formal-methods
1 + freedom
1 + fuzzing
2 + gameboy
5 + games
1 + gcc
1 + git
1 + goto
2 + gpg
1 + gsm
2 + hardening
4 + history
1 + homebrew
1 + homeplugav
1 + http
1 + https
1 + intel
1 + ip
1 + ipsec
1 + javascript
1 + journalism
1 + jquery
1 + kerberos
2 + kernel
1 + keyboard
1 + keylogger
1 + langsec
2 + language-design
1 + letsencrypt
1 + library
1 + licensing
11 + linux
1 + livecd
1 + luks
1 + lvm
1 + mac
1 + metaphors
2 + mgo
1 + microcode
4 + microcontroller
1 + mmc
1 + monitoring
3 + nacl
5 + network
6 + networking
1 + noise
1 + notary
1 + ocaml
1 + openssh
2 + openssl
1 + org
2 + os
2 + overflow
2 + p2p
1 + packet
1 + pam
2 + papers
1 + parser
1 + password
1 + patterns
1 + pgp
2 + philosophy
2 + phone
1 + phreaking
1 + pki
1 + playstation
1 + podcasts
2 + politics
1 + porting
1 + prime
2 + privacy
1 + privilege-separation
4 + programming
1 + proof
1 + ps2
2 + python
1 + radio
1 + ramensky
1 + random
1 + research
2 + retrocomputing
1 + retrotech
6 + reverse-engineering
1 + risc
1 + rop
1 + safe
2 + safety
4 + sandbox
1 + scanner
1 + scm
1 + scotland
1 + sd
1 + search
2 + seccomp
1 + shuffle
1 + sni
1 + snowden
14 + software
3 + software-engineering
3 + ssh
12 + ssl
4 + static-analysis
1 + stoll
1 + strategy
1 + syscall
1 + systems
1 + tandy
1 + tcp
1 + tea
4 + teaching
1 + telecom
4 + testing
14 + tls
2 + tor
1 + tunnel
2 + unix
1 + usability
1 + usable-security
2 + usb
1 + varan
3 + verification
1 + video
1 + vpn
1 + vulnerabilities
1 + vulnerability
3 + web
1 + webcam
1 + whistleblowing
2 + wireless
1 + wpa
1 + writing
1 + xbox