MCS 494, UNIX Security Holes, Fall 2004 edit / delete

Dan Bernstein's Unix security module. This is a bit dated now, but the material is interesting, and the assessment materials have some nice ideas.

to security teaching unix ... on 10 November

Willy Tarreau's stuff: Look back to an end-of-life LTS kernel : 3.10 edit / delete

"The end of the 3.10 branch is a good opportunity to have a look back at how that worked, and to remind some important rules regarding how to choose a kernel for your products, or the risks associated with buying products running unmaintained kernels."

to kernel linux lts security software-engineering support ... on 05 November

Twice the bits, twice the trouble: vulnerabilities induced by migrating to 64-bit platforms | the morning paper edit / delete

"In this study, Wressnegger et al. reveal how a codebase originally written for 32-bit, and which is perfectly secure on 32-bit platforms, can have new vulnerabilities simply by compiling it for 64-bit systems." No surprises for anyone who follows oss-security etc., but the paper's a good overview.

to architecture porting security vulnerabilities ... on 06 April

Trammell Hudson's Projects edit / delete

Lots of interesting electronics, security and retrocomputing projects; in particular, PDP-11 restoration and interesting USB input devices.

to electronics retrocomputing reverse-engineering security usb ... on 26 February

Peterman edit / delete

The history of twentieth-century Scottish safecracking. (The author is skeptical about John Ramensky's exploits.)

to crime folk-song history ramensky scotland security ... on 11 January

Mid-2016 Tor bug retrospective, with lessons for future coding | The Tor Blog edit / delete

"I recently did an informal review of our major bugs from the last few years. ... My goals were to see if we're right in our understanding of what causes bugs in Tor, and what approaches to avoid bugs and limit their impact would be most effective."

to bug security software-engineering tor ... on 06 December 2016

"though I would consider the requirements for writing really secure software qui... | Hacker News edit / delete

Links to some projects doing secure software engineering in practice.

to security software-engineering ... on 06 December 2016

stealth/pam_schroedinger: Uncertainty for brute forcers during login. edit / delete

"pam_schroedinger prevents from dicitionary/brute-force attacks against PAM accounts by only returning PAM_SUCCESS if there was no previous login or attempt within a certain timeframe." Cute. Not sure how practical this is!

to authentication pam security ... on 18 October 2016

Browser bookmarks: tasty+ | tasty= Log in | Export | Atom

Tags related to security

- security
 
1 + academia
1 + access-control
1 + acme
1 + ag0700
1 + ag0803
2 + ag0907
6 + amusements
2 + api
1 + architecture
1 + arduino
2 + arm
1 + authentication
1 + autoconf
1 + avr
1 + bitcoin
1 + blockchain
1 + bounds-checking
1 + bounty
1 + browser
2 + buffer
2 + buffer-overflow
2 + bug
2 + bugs
1 + build-systems
2 + c
2 + c++
4 + ca
1 + camera
1 + capability
1 + capsicum
4 + ccc
4 + certificate
1 + certificates
1 + cesrg
1 + checking
1 + chromium
1 + chroot
1 + clang
1 + cloud
1 + code
2 + compiler
1 + conference
2 + container
1 + coop
1 + coverage
1 + coverage-directed
1 + coverity
1 + cpu
1 + crime
10 + crypto
12 + cryptography
1 + cs
1 + cypherpunks
1 + debian
1 + debugging
1 + dect
1 + design
1 + dh
2 + djb
1 + ebooks
1 + ecc
1 + economics
1 + el0805
1 + elective
3 + electronics
3 + encryption
1 + ethereum
1 + ethical-hacking
1 + ethics
3 + exploit
1 + firefox
1 + folk-song
3 + formal-methods
1 + freedom
1 + fuzzing
2 + gameboy
5 + games
1 + gcc
1 + git
1 + goto
2 + gpg
1 + gsm
2 + hardening
4 + history
1 + homebrew
1 + homeplugav
1 + http
1 + https
1 + intel
1 + ip
1 + ipsec
1 + javascript
1 + journalism
1 + jquery
1 + kerberos
3 + kernel
1 + keyboard
1 + keylogger
1 + langsec
2 + language-design
1 + letsencrypt
1 + library
1 + licensing
12 + linux
1 + livecd
1 + lts
1 + luks
1 + lvm
1 + mac
1 + metaphors
2 + mgo
1 + microcode
4 + microcontroller
1 + mmc
1 + monitoring
3 + nacl
5 + network
6 + networking
1 + noise
1 + notary
1 + ocaml
1 + openssh
2 + openssl
1 + org
2 + os
2 + overflow
2 + p2p
1 + packet
1 + pam
2 + papers
1 + parser
1 + password
1 + patterns
1 + pgp
2 + philosophy
2 + phone
1 + phreaking
1 + pki
1 + playstation
1 + podcasts
2 + politics
1 + porting
1 + prime
2 + privacy
1 + privilege-separation
4 + programming
1 + proof
1 + ps2
2 + python
1 + radio
1 + ramensky
1 + random
1 + research
2 + retrocomputing
1 + retrotech
6 + reverse-engineering
1 + risc
1 + rop
1 + safe
2 + safety
4 + sandbox
1 + scanner
1 + scm
1 + scotland
1 + sd
1 + search
2 + seccomp
1 + shuffle
1 + sni
1 + snowden
14 + software
5 + software-engineering
3 + ssh
12 + ssl
4 + static-analysis
1 + stoll
1 + strategy
1 + support
1 + syscall
1 + systems
1 + tandy
1 + tcp
1 + tea
6 + teaching
1 + telecom
4 + testing
14 + tls
2 + tor
1 + tunnel
3 + unix
1 + usability
1 + usable-security
2 + usb
1 + varan
3 + verification
1 + video
1 + vpn
1 + vulnerabilities
1 + vulnerability
3 + web
1 + webcam
1 + whistleblowing
2 + wireless
1 + wpa
1 + writing
1 + xbox