December 2011 – Page 8 – WindowsTechs.com

Your app shouldn’t suffer SSL’s problems

Posted on December 5, 2011 by Moxie Marlinspike

From Swindle To Hazard

In recent months, Comodo has been
hacked repeatedly, DigiNotar was
compromised, and the security of CAs as a whole has been found to be
not altogether inspiring. The consensus finally seems to be shifting from the notion … Continue reading Your app shouldn’t suffer SSL’s problems→

Should I enable domain authentication in my DMZ

Posted on December 3, 2011 by Kirk

Traditionally at my place of work we have an internal subnet that is completely protected behind our firewall. No ports are allowed to be opened to direct connections from the public network. We also run a DMZ where we only a… Continue reading Should I enable domain authentication in my DMZ→

Two generals’ agreement

Posted on December 3, 2011 by user1079062

I am trying to figure an agreement protocol on an unreliable channel. Basically two parties (A and B) have to agree to do something, so it’s the two generals’ problem.

Since there is no bullet-proof solution, I am trying to … Continue reading Two generals’ agreement→

Security for a low latency online multiplayer game

Posted on December 3, 2011 by Kai

I am designing an online multiplayer game and I am looking for a good tradeoff of secure communications with minimal CPU and bandwidth utilization. My ideal solution would only use UDP packets since TCP is a poor choice for the realtime re… Continue reading Security for a low latency online multiplayer game→

Filter user input before the database or upon display?

Posted on December 3, 2011 by bstpierre

Given a web application where user data must be properly escaped to avoid XSS, is it better to try to remove the “bad stuff” before it enters the database, or is it best to allow it in the database but be careful about escaping output when… Continue reading Filter user input before the database or upon display?→

Mobile Carrier Javascript Injection

Posted on December 1, 2011 by user102804

So it appears that T-Mobile in the UK are injecting a javascript file into the head of files that are transfered over their mobile data network.

The file in question is 1.2.3.8/bmi-int-js/bmi.js (contents below)

My question is this

H… Continue reading Mobile Carrier Javascript Injection→

ssh public/private key pair

Posted on December 1, 2011 by Keeto

I am having problems understanding how ssh really works. I know it uses a public key cryptography to encrypt messages. However, I can ssh to a server without first generating a public/private key pair for me. I checked my .ssh folder and t… Continue reading ssh public/private key pair→

Oracle ExaData Security best practice

Posted on December 1, 2011 by AaronS

Does anybody have experience with Oracle ExaData Security?
Client wants to move all of his Oracle DB to central Oracle ExaData server.
So on same machine will be hosted DBs of different vendors and even competitors.
What shou… Continue reading Oracle ExaData Security best practice→

How is a worm different from a virus?

Posted on December 1, 2011 by DuckMaestro

In spite of various online articles, I’m a bit unclear on the distinction between a “worm” and a “virus”.

Two related questions–

Is there a useful and clear distinction here or no? If so, what is it?
If there is a meanin… Continue reading How is a worm different from a virus?→