tssci security

Archive for November, 2007

2007 Security Testing tools in review

In my last post, I explored some ways of using formal method tools to perform security testing in the most advanced scenarios. It may have been over the heads of many people, so I wanted to offset that by talking to some basic tools which I think anyone [...]

Formal Methods and Security

Most information security practices, whether system, network, application, software, or data -- come from original sources such as the Orange Book. Most people assume that the Orange Book is no longer valid for use in security today. If we had built [...]

Contributing towards a solution

Roger Halbheer, Chief Security Advisor for Microsoft Europe, Middle East, and Africa posted a comment last week in response to my post on "Operating Systems are only as secure as the idiot using it." Roger is looking for some open discussion on improving [...]

Blacklisting, XSS filter evasion and other resources

So the other day I was doing a web site review and looking for XSS issues. I came across one ASP form that used various URL parameters to make up parts of the form. Well, I poked around and and tried injecting the usual, <script>alert('xss')</script>. [...]

Roothack revival -- and TSSCI is participating!

Epic and the gang over at roothack.org have revived the old but popular and fun wargames in a new style. The old games used to be 72-hour team-based games but are now level-based Capture the Flag (CTF) along the same vein as the PullThePlug games. If PTP [...]

Get more out of OS X with tcshrc

The default user environment on OS X is not exactly very productive. On my Linux and FreeBSD systems I prefer to work in a highly customized user environment that allows me to work faster and more efficiently. I have tried numerous ways of accomplishing [...]

Operating systems aren't any more secure than the idiot using it

So this week, we've had a roundup of posts on Apple's latest OS X release, Leopard, and the security "features" that went into it, where they fall short, and what's missing. Thomas Ptacek has a great post over at Matasano with even more insightful [...]
blog comments powered by Disqus