Security DevCenter
oreilly.comSafari Books Online.Conferences.


Security DevCenter Articles

151 to 200 of 211 Prev Next

PHP's Encryption Functionality by W.J. Gilmore
Encryption and hashing allow you to secure and verify data. W. J. Gilmore introduces encryption functions and hashing methods available to PHP. 07/26/2001

AudioGalaxy Flubs Security by Marc Hedlund
Security is a key concern for P2P systems. AudioGalaxy is not helping the cause by passing user passwords in URLs, Marc Hedlund writes. 07/24/2001

Security Alerts: Remote Root Exploit in Telnet Daemon by Noel Davis
Noel Davis shows us a root exploit in BSD derived telnet daemons; buffer overflows in xman, the Merrit and Lucent RADIUS servers, ypbind, the AIX libi18n Library, and tcpdump; temporary-file race conditions in lmail and tripwire; and vulnerabilities in SSH Secure Shell 3.0.0, Lotus Domino Server, IMP, SSLeay/OpenSSL, and squid. 07/23/2001

Security Alerts: sudo root exploit by Noel Davis
Noel Davis shows us buffer overflows in sudo, SuSE's dip, Scotty's ntping, and UnixWare's statd; a flaw in FreeBSD's rfork(); two vulnerabilities in Check Point's VPN-1/FireWall-1 firewall products; a new version of the rpm package manager; two vulnerabilities in Macromedia's ColdFusion Server; a minor Apache bug; a brute-force attack against SuSE's AXP Alpha xdm utility; and more on the cfingerd remote vulnerability. 07/16/2001

Tools of the Trade: Part 3 by Carl Constantine
A look at syslog and snort as security protection in this third article of our "Tools of the Trade" series. 07/13/2001

Professional Paranoia: Secrets of Security Experts by Michael W. Lucas
Michael Lucas tackles the question "How do I become a security professional?" and gives practical advice on how to be more security-conscious. 07/12/2001

Security Alerts: PHP Weaknesses? by Noel Davis
Noel Davis shows us a correction to the report on the AIX rsh buffer overflow; buffer overflows in Solaris' whodo, and UnixWare's su, uucp, and crontab packages, and xvt; temporary file symbolic link race condition vulnerabilities in Red Hat's LPRng, and Red Hat's crontab; problems in Poprelayd, PHP Safe mode, ePerl, 802.11b Access Points, Gnatsweb, SquirrelMail, and phpMyAdmin; and a paper on common PHP vulnerabilities. 07/09/2001

SAMBA Remote Root Exploit by Noel Davis
Noel Davis shows us buffer overflows in the GazTek HTTP Daemon, Solaris Printer Daemon, and w3m; a problem in default SAMBA installations that can be used to gain root access; and problems in Cisco 6400 NRP2, udirectory, Tarantella, Oracle 8i SQLNet,, OS X directory permissions, and kdesu. 07/02/2001

AIX Remote Root Exploit by Noel Davis
Noel Davis shows us buffer overflows in AIX's rsh, the curses library, Red Hat Linux's XFree86 packages, xinetd, MDBMS, BestCrypt, and cfingerd; format-string vulnerabilities in Kaspersky AntiVirus, eXtremail, and the Solaris at command; a symbolic-link race condition in KTVision; and problems in pmpost, AIX's diagrpt, and iptables. 06/25/2001

Tools of the Trade: Part 1 by Carl Constantine
In this first of a three-part series, Carl Constantine covers tools and techniques that system administrators can use to protect their networks, including discussion of nmap, Ethereal, and how to set up honey pots. 06/22/2001

OpenBSD Local Root Exploit by Noel Davis
Noel Davis shows us a race condition in the OpenBSD kernel; cross-site request forgeries; a new version of tcpdump; buffer overflows in rxvt, fetchmail, the HP-UX implementation of CDE, and UW-IMAP; a symbolic-link race condition in mandb; and vulnerabilities in SITEWare Editor's Desktop, Apache under Mac OS X client, LPRng, Caldera's Volution, and Slackware 7.1's /etc/shells. 06/18/2001

Remote Root Exploit in QPopper
Noel Davis shows us buffer overflows in the Solaris mail utility, Qpopper, and TIAtunnel; temporary-file race conditions in Imp, kmmodreg, and ispell; format-string vulnerabilities in GnuPG and exim; denial-of-service attacks against NetBSD and Fpf; and problems in OpenSSH, the Cisco Content Service Switch, and BestCrypt. 06/11/2001

Proper Paranoia: Educating Your Co-Workers by Michael W. Lucas
Michael Lucas runs a new security trainee through the gauntlet of patching live servers. He also shows how to instill a healthy attitude toward network security in those you work with by teaching them to be properly paranoid. 06/07/2001 Server Compromised by Noel Davis
Noel Davis shows us the compromise of the Apache Software Foundation Server; buffer overflows in yppasswd, Qpopper, and mailtool; vulnerabilities in TWIG, webmin, and GnuPG; a new type of attack against sendmail; and discuss the use of the user nobody. 06/04/2001

Clean Up Your Code with Flawfinder by Noel Davis
Noel Davis shows us buffer overflows in the FTP daemon included in the krb5-workstation package, Debian's ftpd, HP OpenView NNM v6.1, and ncurses; temporary-file race conditions in scoadmin and InoculateIT; problems in Cisco CBOS, Cisco IOS, and Solaris 8 fingerd; new versions of OpenSSH and Red Hat's mktemp; and two tools to scan C and C++ source code for potential errors. 05/29/2001

Carnivore: A System Admin's Concerns by Mike DeGraw-Bertsch
The packet-sniffing Carnivore box gives the FBI the ability to nab and read a suspect's e-mail and web page requests. But those are abilities every sysadmin already has, so why are we so upset? 05/29/2001

Cheese Worm Plugs Hole Left by Lion Worm by Noel Davis
Noel Davis shows us buffer overflows in man, DQS, Netscape Enterprise Web Publisher, and IRIX Embedded Support Partner; a temporary-file race condition in the ARCservIT Unix Client; problems in Zope, Cisco Content Service Switch, CUPS, i386 syscalls in Solaris x86, and the Logitech Wireless Desktop; and talks about Cheese the "friendly" worm. 05/22/2001

Solaris Worm Attacks IIS Servers by Noel Davis
Noel Davis shows us problems in vixie cron, Oracle ADI, EnGarde Secure Linux, and Samba 2.0.8; discuss the sadmind/IIS worm; and how to protect your system against worms and other attackers. 05/15/2001

Predictable Initial Sequence Numbers by Noel Davis
Noel Davis shows us predictable initial sequence number attacks; a format string vulnerability in minicom; a buffer overflow in mailx; a new version of GnuPG; and problems in SAP R/3 demo, Bugzilla, and Red Hat Linux 7.1's mount package 05/08/2001

Looking at the lpdw0rm Worm by Noel Davis
Noel Davis shows us the lpdw0rm worm; an updated version of OpenSSL; buffer overflows in MIT Kerberos 5's FTP Daemon, and Mercury for NetWare's POP3 Daemon; a string format vulnerability in gftp; a symbolic link race condition in nedit's backup files; a temporary file race condition in rpmdrake; and problems in phpMyAdmin, Debian's zope packages, and the Tektronix PhaserLink 850's Web Server. 05/01/2001

Sudo Contains Root Exploit by Noel Davis
Noel Davis shows us buffer overflows in sudo, innfeed, and Cyberscheduler; symbolic link race conditions in Samba, VMware, exuberant-ctags, and nedit; and problems in Red Hat FTP iptables, mgetty, DCForum, Cyberscheduler, and sendfiled. 04/24/2001

FTP Buffer Overflows by Noel Davis
Noel Davis shows us buffer overflows in FTP daemons, Oracle Application Server, Solaris ipcs, Solaris Xsun, and SCO OpenServers; temporary-file race conditions in pine and pico; format string bugs in HylaFAX and cfingerd; a bug that causes Netscape to execute JavaScript placed in a GIF comment; and problems in Midnight Commander, mkpasswd, Alcatel ADSL-Ethernet Bridges, and Interscan VirusWall. 04/17/2001

A New Worm Targets Linux by Noel Davis
Noel Davis shows us the Linux based Adore Worm; buffer overflows in xntpd and ntpd; and vulnerabilities in SharePlex, Ultimate Bulletin Board, Lucent/ORiNOCO Closed Network, Red Hat's OpenSSH, Cisco Content Services Switches, and IPFilter. 04/10/2001

Lion Worm Continues Rampage by Noel Davis
Noel Davis shows us the Lion worm; a race condition in the Linux kernel; buffer overflows in several SCO Unix utilities; a new version of MySQL that fixes a major security problem; vulnerabilities in some Cisco routers, switches, and concentrators; and problems with Raptor Firewall, CrazyWWWBoard, Solaris tip, and Pitbull LX. 04/03/2001

Beyond Firewalls by Carl Constantine
Now that you have your firewall up and running, you're all set, right? Well, not exactly. Carl Constantine explains how to plug some of the common security holes beyond the firewall. 03/30/2001

Securing a PHP Installation by Darrell Brogdon
Darrell Brogdon shows us a few basic things that should be done to secure a PHP installation. 03/29/2001

MySQL File Overwrite Vulnerability by Noel Davis
Noel Davis shows us a buffer overflow in ASPSeek; a denial of service attack against timed; a new version of OpenSSH with many improvements; an attack against the private keys used by GnuPG; a race condition in the UFS and EXT2FS file systems; and problems with MySQL, VIM, FCheck, Solaris perfmon, Interchange, and Compaq's management software. 03/27/2001

Security Concerns Miss the P2P Point by Jon Orwant
An InfoWorld column by P.J. Connolly tars all of P2P with the security brush. O'Reilly CTO Jon Orwant responds that security depends on how P2P systems are used in your organization. 03/27/2001

Apache Insecurity Reveals Directory Contents by Noel Davis
Noel Davis discusses buffer overflows and format string vulnerabilities in icecast, Half-Life Dedicated Server, Solaris SNMP, ipop2d, ipop3d, imapd, mutt, and cfengine; temporary-file problems in the SGML-Tools package and Mesa; and problems with Apache, several FTP daemons, a Solaris SNMP agent, vBulletin, FTPFS, and Ikonboard. 03/20/2001

Multi-Homed Server Vulnerabilities by Noel Davis
This week: Buffer overflows in ircd, ePerl, MIT Kerberos 4 and 5, ascdc, and slrn; temporary file problems in MIT Kerberos 4 and 5, the GNU C Library, and Athena widgets; problems with proftpd under Debian, Midnight Commander, Cisco Aironet 340 Bridges, and man2html; and loopback devices and multi-homed routing. 03/13/2001

Is Your Router Insecure? by Noel Davis
Noel Davis shows us a problem in Cisco IOS that can be used to predict TCP sequence numbers in routers; problems in PHP-Nuke, Chili!Soft ASP, Nortel Networks Connectivity Extranet Switches, Joe, Veritas Cluster Server, and fcron; and a buffer overflow in mailx. 03/06/2001

Java JDE Allows Unauthorized Commands by Noel Davis
Noel Davis shows us a problem in Java that allows Java code to execute unauthorized commands; buffer overflows in CUPS and sudo; temporary file problems with StarOffice, MicroFocus COBOL, and CUPS; and vulnerabilities in pgp4pine, the Solaris LDAP PAM module, adcycle, and Zope. 02/27/2001

Using SSH Tunneling by Rob Flickenger
UC Berkeley researchers have found weaknesses in the Wired Equivalent Privacy algorithm used in the 802.11 wireless LAN standard. Rob Flickenger shows how to set up Secure Shell (SSH) to keep your wireless access secure. 02/23/2001

MySQL Buffer Overflow; Secure PHP Coding by Noel Davis
Noel Davis shows us buffer overflows in MySQL, analog, vixie cron, and Kerberos IV; problems with kicq, licq, and kaim; root exploits in NetBSD i386 kernels; and insecure coding with PHP and MySQL. 02/20/2001

Linux Kernel Problems; SSH Design Flaw by Noel Davis
Noel Davis shows us a system-call problem and a race condition in Linux; buffer-overflow problems in SSH-1 and XMail; DOS attack vulnerabilities in BIND 9.0.1 and ProFTPD; string format problems in man; design flaws in wireless networking security code; and temporary file problems in FreeBSD's sort. 02/13/2001

Buffer-Overflow Problems in BIND by Noel Davis
Buffer-overflow bugs are discovered in BIND, gnuserv, tinyProxy, and INN; developers report issues with ntop and LPRng. 02/06/2001

New Security Problems and a Warning About Checking User Input by Noel Davis
Noel Davis summarizes new security issues including buffer overflows in splitvt, bing, write, and Lotus Domino's SMTP server; temporary file problems with webmin and Apache's mod_rewrite; format string problems with icecast; ip firewalling problems with FreeBSD; and SQL problems in Postaci. 01/30/2001

Ramen Worm Attacks Red Hat Linux Machines by Noel Davis
An Internet worm that attacks Red Hat Linux machines has cracked hundreds of machines. Noel Davis describes this and other security problems brought to light this week. 01/22/2001

Insecure Temporary File Functions by Noel Davis
Noel Davis reports on the latest security problems and news, including the Immunix OS security audit, issues with GNU C library, ReiserFS, linuxconf and more. 01/15/2001

IBM Websphere, Shockwave Flash, and emacs Advisories by Noel Davis
Problems this week include minor problems with sendmail, exposure problems with Lotus Domino, problems in the default setup of Informix Webdriver and IBM Websphere Commerce Suite, a buffer overflow in Shockwave Flash, denial of service attacks against login, privacy problems in emacs, symlink attack in exmh, and a potential exploit against GTK+. 01/08/2001

PalmOS, Half-Life Server, and Ethereal Vulnerabilities by Noel Davis
Problems this week include more symlink problems with catman and dialog, buffer overflows in oops, halflifeserver, and ethereal, key problems with gnupg, problems with PalmOS devices, and a prime example of amazing vulnerabilities in third-party software packages. 01/02/2001

Security Alerts: OpenBSD, Zope, syslogd, and More by Noel Davis
Security-related advisories this week include a remote root exploit of OpenBSD and NetBSD, more temporary file problems in Solaris's patchadd and ksh, local root vulnerabilities in Stunnel, syslogd, and klogd, and new tools for man in the middle attacks. 12/27/2000

Security Alerts: SAMBA, pine, ircd, and More by Noel Davis
Noel Davis summarizes recent open source and Unix security-related advisories. Problems this week include symlink problems with joe, pico, and samba, a buffer overflow in bftpd, and problems with pine. 12/19/2000

Learning From Mistakes by Stephen Figgins
A quick security fix for the Python wiki program MoinMoin presents an opportunity to learn from the mistakes of others. 12/13/2000

Security Alerts: KTH Kerberos, Red Hat PAM, and More by Noel Davis
Noel Davis summarizes open source and Unix exploits. Problems this week include local and remote root exploits in KTH Kerberos, buffer overflows in Red Hat's PAM, a discussion of security problems with web-based applications, and an example of one of these security problems in phpGroupWare. 12/12/2000

Security Alerts: Twig, Midnight Commander, and More by Noel Davis
Noel Davis summarizes published open source and Unix exploits. Problems this week include arbitrary code execution in Twig, new symlink attacks, a hidden control code attack on Midnight Commander, and a LANGUAGE attack on glibc. 12/06/2000

Commercial Python IDEs by Stephen Figgins
Python developers looking for a commercial IDE now have a choice, PythonWorks 1.1 or WingIDE. 12/06/2000

Wiki Python by Stephen Figgins
MoinMoin and ZWiki, two Python-related projects, provide collaborative environments for Web communities. 11/29/2000

Security Alerts: Koules Local Root Exploit And More. by Noel Davis
This week's exploits include a local root compromise in Koules 1.4, a buffer overflow in modutilities, and various problems with Alladin Ghostscript. 11/28/2000

Security Alerts: Vixie cron Exploit and More by Noel Davis
This week's column includes exploits reported for Vixie cron, OpenSSH, tcsh, and more. 11/20/2000

151 to 200 of 211 Prev Next

Sponsored by: