Common Style Mistakes, Part 2 by John Coggeshall
Writing code well means balancing expressiveness with elegance. Remember, you're writing code that must be maintained. In the second of a series on PHP Paranoia, John Coggeshall gives three tips to write code that's easier to understand. 07/10/2003

Summer GNATS Trouble by Noel Davis
Noel Davis looks at problems in OpenSSH, radiusd-cistron, Ethereal, ypserv, lbreakout, GNATS, frox, poster, eldav, and PerlEdit. 06/30/2003

More Kernel Trouble by Noel Davis
Noel Davis looks at problems in Linux kernels, GNU Zip, xaos, Speak Freely, eterm, Hangul Terminal, typespeed, mikmod, kon2, zblast/xzb, and zenTrack. 06/16/2003

Apache Vulnerabilities by Noel Davis
Noel Davis looks at vulnerabilities to denial-of-service attacks with Apache web server and with CUPS; buffer overflows in PHP, glibc, and gps; and problems with ghostscript, Apache Portable Runtime (APR), mod_gzip, Batalla Naval, and Xmame. 06/04/2003

Common Style Mistakes, Part 1 by John Coggeshall
Programming securely is more than working down a list of checkboxes. You must adopt a security mindset. In the first of a series called PHP Paranoia, John Coggeshall explains several PHP style mistakes that make writing solid code more difficult. 05/29/2003

Adventures with Kerberos, CVS, and GSS-API by Jennifer Vesperman
One of the difficulties of writing about technology is exploring the dark corners where no one's ever been before. Jennifer Vesperman, author of the upcoming Essential CVS, recently tried to make her CVS installation use Kerberos authentication. She describes how she went about integrating the two in this article. 05/22/2003

Linux Kernel Problems by Noel Davis
Noel Davis looks at problems in Linux 2.4 kernels, sendmail, IMAP clients, cdrecord, lv, GNU Privacy Guard, EnGarde Secure Linux's sudo, SCO OpenLinux's mgetty and faxspool directory, BEA WebLogic Server, Unreal Engine, and WebLogic Express. 05/19/2003

Monkey Trouble by Noel Davis
Noel Davis looks at problems in Portable OpenSSH, Portable OpenSSH under AIX, ATM on Linux, Qpopper's poppassd, Monkey HTTPd, Red Hat's mod_auth_any, pptpd, EPIC4, HPUX's rexec, and vulnerabilities in Cisco equipment. 05/05/2003

Working with Forms in PHP, Part 2 by John Coggeshall
If you're doing any serious work with PHP, you'll eventually have to deal with file uploads. John Coggeshall explains how to process HTTP file uploads with PHP 4.3. 05/01/2003

Snort Problems by Noel Davis
Noel Davis looks at buffer overflows in Snort and SheerDNS, and problems in Xinetdvixie-cron, Oracle E-Business Suite FNDFS, xfsdump, Ximian Evolution, GtkHTML, kdegraphics, and psbanner. 04/21/2003

Apache Security Update by Noel Davis
Noel Davis looks at a security update to Apache; a major problem in sendmail; buffer overflows in Balsa, libsmtp, passlogd, lpr-ppd, and Solaris' dtsession; and problems in NetPBM, Eye of GNOME, the Progress database, and Red Hat Linux 9's vsftpd daemon. 04/07/2003

Ten Security Checks for PHP, Part 2 by Clancy Malcolm
The same global access that makes web apps useful means that you have to keep on top of security. Though it's easy to create sites in PHP, it's not immune to sloppy coding. Clancy Malcolm explains how to recognize and fix five potential security holes with PHP in the second of two articles. 04/03/2003

Linux Kernel Root Hole by Noel Davis
Noel Davis looks at a root hole in the Linux kernel; buffer overflows in Samba, qpopper, ircii, Mutt, DeleGate, SuSE's lprold, and Ethereal; and problems in OpenSSL, MySQL, man, tcpdump, and Red Hat's rxvt. 03/24/2003

Ten Security Checks for PHP, Part 1 by Clancy Malcolm
The same global access that makes web apps useful means that you have to keep on top of security. Though it's easy to create sites in PHP, it's not immune to sloppy coding. Clancy Malcolm explains how to recognize and fix five potential security holes with PHP in the first of two articles. 03/20/2003

Working with Forms in PHP, Part 1 by John Coggeshall
PHP is handy for templating and displaying dynamic data, but you're missing its full power until you handle user data. John Coggeshall explains how PHP 4.3 handles form submissions securely and sanely. 03/13/2003

Buffer Overflows in sendmail by Noel Davis
Noel Davis looks at buffer overflows in sendmail; Snort; the gzprintf() function supplied with the zlib library; and the lprm utility under OpenBSD, as well as problems in BIND; file; tcpdump; terminal emulators; Internet Message; and Messaging in the Emacs World. 03/11/2003

OpenSSL Timing Attack by Noel Davis
Noel Davis looks at problems in OpenSSL, Oracle, mod_php, MySQL, pam_xauth, VNC, apcupsd, nethack, Rogue, and BitchX. 02/24/2003

Working with Permissions in PHP, Part 2 by John Coggeshall
Having explained the Unix security model in his last column, John Coggeshall explains the permissions functions in PHP and how to use them. 02/20/2003

Understanding .NET Permissions: Where Did That Permission Come From? by Mike Gunderloy
The .NET security system is a marvelously intricate invention. You can customize the permissions available to an individual assembly or a group of assemblies (such as all code from a particular publisher) on an amazingly granular level. But many developers are a bit hazy on how all the pieces fit together to generate these permissions. In this article, Mike Gunderloy will walk you through the process of calculating permissions by hand. Armed with this knowledge, you can more effectively configure .NET to secure your assemblies. 02/18/2003

Linux Kernel Problems by Noel Davis
Noel Davis looks at problems in the Linux kernel, Kerberos, dchp3, the Blade encoder, WebSphere Advanced Server, SpamAssasin, OpenBSD's chpass, Red Hat Linux 8.0's kernel-utils package, w3m, Window Maker, and HPUX's wall. 02/10/2003

Basic Crypto w/ the .NET Framework by Ben Lowery
The .NET Framework offers basic support for cryptographic operations inside of the System.Security.Cryptography namespace in the mscorlib assembly. Out of the box, you are provided with implementations of many common symmetric key and public key-based algorithms. In addition, the cryptography framework was designed to be extensible, so that your implementation of any algorithm can be plugged in quite easily. In this article by Ben Lowery, he gets you started with Cryptography in .NET. 02/10/2003

Working with Permissions in PHP, Part 1 by John Coggeshall
The last series of PHP Foundations explained the basics of files and directories. If you're making your files public, though, you need some security. PHP follows the Unix model of user, group, and world permissions. John Coggeshall explains the Unix permission model. 02/06/2003

CVS Problems by Noel Davis
Noel Davis looks at problems in Concurrent Versions System (CVS), DHCP, slocate, Vim, Linux printer drivers, susehelp, fnord, mpg123, Astaro Security Linux firewall, and phpLinks. 01/27/2003

CUPS Vulnerabilities by Noel Davis
Noel Davis looks at buffer overflows in libmcrypt, HSphere Webshell, HTTP Fetcher Library, LCDproc, and UnixWare and Open UNIX's ps; and problems in the Common Unix Printing System, BitKeeper, FreeBSD's fpathconf(), S-PLUS, dhcpcd, leafnode, and Middleman. 01/13/2003

Buffer Overflows in SSH and PHP by Noel Davis
Noel Davis looks at buffer overflows in SSH, PHP, typespeed, Cyrus IMAP Server, Cyrus SASL library, and pdftops; and problems with PFinger, KDE, and zkfingerd. 12/30/2002

Samba Vulnerabilities by Noel Davis
Noel Davis looks at problems in Samba, Pine, FreeS/WAN, Solaris priocntl(), Traceroute NANOG, kon2, libcgi-tucbr, Python, pServ, and Alcatel OmniSwitch switches. 12/06/2002

BIND Issues by Noel Davis
Noel Davis looks at a large set of problems in BIND; buffer overflows in KDE's LISA, libpng, masqmail, FreeBSD resolver code, Windowmaker, Tiny HTTPd, and Zeroo HTTP Server; and problems in Lib HTTPd, KDE's telnet and rlogin KIO code, Kgpg, Squid, and UnixWare and OpenUnix's talkd. 11/18/2002

TriSentry, a Unix Intrusion Detection System by Glenn Graham
Security isn't only about locking your doors. You have to know when and where the bad guys are sniffing around outside. Glenn Graham's convinced that the tripartite TriSentry suite can help keep your network secure. 11/14/2002

Abuse Attack by Noel Davis
Noel Davis looks at buffer overflows in Abuse, log2mail, kadmind, Heimdal, ypserv, and trek; and problems in PHP-Nuke, lprng, pam_ldap, uudecode, and bzip2. 11/04/2002

Denial-of-Service Vulnerabilities by Noel Davis
Noel Davis looks at denial-of-service vulnerabilities in xinetd, syslog-ng, net-snmp, and Sun's lockd; problems with heartbeat, dvips, OpenOffice, and Cisco CatOS embedded HTTP server; and security vulnerabilities in kpf, gnome-gv, ggv, Mozilla, and PAM. 10/22/2002

A Technical Comparison of TTLS and PEAP by Matthew Gast
Strong authentication is a key component of wireless LAN security. Matthew Gast, author of 802.11 Wireless Networks: The Definitive Guide, looks at the latest wireless LAN authentication protocols. 10/17/2002

Apache Vulnerabilities by Noel Davis
Noel Davis looks at buffer overflows in Apache, fetchmail, Heimdal, logsurfer, ghostview, kghostview, and WN Server; and problems in unzip, tar, gv, SMRSH, and rogue. 10/07/2002

Slapper Worm by Noel Davis
Noel Davis looks at the Linux Slapper worm; a large set of vulnerabilities in NetBSD; and problems in libX11.so, OS X's nidump, DB4Web, joe, BRU Workstation, xbreaky, and Tru64/OSF1 version 3.x. 09/23/2002

PHP Injection Attack by Noel Davis
Noel Davis looks at an injection attack against PHP; several problems in KDE and Konqueror; buffer overflows in gain, kadmin, multiple applications in Tru64, and Ethereal; and problems in cacti, mhonarc, wordtrans, scrollkeeper, and the Cisco VPN Client. 09/16/2002

Bugzilla Security Problems by Noel Davis
Noel Davis looks at buffer overflows in PostgreSQL, and UnixWare and Open UNIX's ndcfg; and problems in PHP, scponly, the kernel supplied with Red Hat Linux 7.3, Bugzilla, EPIC Script Light, UnixWare DNS Resolver, Mantis, an exploit for the Cisco IOS TFTP Server bug, and Red Hat's tcl/tk and expect. 08/26/2002

C Call Vulnerabilities by Noel Davis
Noel Davis looks at buffer overflows in calloc(), Sun's ONE/iPlanet Web Server, dietlibc, OpenAFS, Kerberos 5 Administration System, and PNG libraries; and problems in FreeBSD's Berkeley Fast File System, CVS, iSCSI, Red Hat Secure Web Server, tinyproxy, and IRIX named. 08/12/2002

Promiscuous Mode Problems by Noel Davis
Noel Davis looks at a vulnerability in PHP; buffer overflows in Cisco IOS, Fake Identd, HylaFAX, and EnGarde Secure Linux's resolver libraries; and problems in the reporting of Promiscuous Mode by the Linux kernel, Sun Fire servers, chfn, chsh, Pine, GNU Mailman, and the VNC challenge and response. 07/30/2002

Squid Trouble by Noel Davis
Noel Davis looks at buffer overflows in Squid, mod-ssl, the Solaris Volume Manager, ATPhttpd, iPlanet, and kcms_configure; and problems in the CDE ToolTalk Database Server, the Linux kernel, nn, Icecast, NcFTP, and Sharp's Zaurus handheld computer. 07/15/2002

OpenSSH Remote Challenge Vulnerability by Noel Davis
Noel Davis look at remotely exploitable vulnerabilities in OpenSSH and Apache; a denial-of-service attack against BIND 9; buffer overflows in libc, tcpdump, and some RADIUS daemons; and problems in dnstools, XChat, UnixWare and Open UNIX's ppptalk, and IRIX's pmpost. 07/01/2002

X-Window Mozilla Attack by Noel Davis
Noel Davis looks at a denial-of-service attack against X Window servers; buffer overflows in the Oracle 9iAS Reports Server and Sun's AnswerBook2; and problems in Simpleinit, CGIscript.net scripts, Cisco IP Telephones, Mailman, Sun's snmpdx and mibiisa, the StepWeb Search Engine, FreeBSD's accept_filter, and Ghostscript. 06/17/2002

Trojaned Networking Tools by Noel Davis
Noel Davis looks at trojaned networking tools; a new version of OpenSSH; buffer overflows in fetchmail, mnews, Debian Solaris Netstd, Informix, and BannerWheel; and problems in dhcpd, Sendmail, Solaris' rwalld, and FreeBSD's rc. 06/03/2002

Seven Security Problems of 802.11 Wireless by Matthew Gast
Matthew Gast, author of O'Reilly's 802.11 Wireless Networks: The Definitive Guide, outlines the seven biggest risks of wireless networks, and tells us what to do about them. 05/24/2002

OpenSSH 3.2.2 Released by Noel Davis
Noel Davis looks at a new version of OpenSSH that corrects several security problems; buffer overflows in Wu-imapd, Solaris' lbxproxy, tcpdump, mpg321, lukemftp, and OpenServer sar; and problems in bzip2, FreeBSD's k5su, SuSE's shadow/pam-modules utilities, Red Hat's XML Extras Mozilla packages, and the Quake II server. 05/21/2002

Solaris Buffer Overflows by Noel Davis
In this week's column, Noel Davis look at buffer overflows in Solaris' admintool and cachefsd, the Kerberos4 FTP client, and dtprintinfo; problems in mod_python, Nautilus, Red Hat Linux's DocBook stylesheet, IRIX's nsd, and Solaris' rwall; and talks about reducing the risk of security problems. 05/06/2002

Vulnerabilities in FreeBSD by Noel Davis
This week Noel Davis looks at buffer overflows in OpenSSH, Squid, Listar/Ecartis, slrnpull, and IRIX's syslogd; problems in Sudo, MHonArc, and Mosix; and a local root hole and a DOS attack in FreeBSD. 04/29/2002

SSH Port Forwarding by Daniel J. Barrett and Richard E. Silverman
Port forwarding is another method of allowing SSH through a firewall. This excerpt also touches on some security concerns and SSH authentication. Excerpted from Chapter 11 of SSH, The Secure Shell: The Definitive Guide. 04/25/2002

Oracle9i Database Server Problems by Noel Davis
Noel Davis looks at problems with the Oracle9i Database Server; buffer overflows in XPilot, Tru64 Unix's libc and dtprintinfo, and the Melange Chat Server; and problems in Snort, Mandrake's rsync, Raptor Firewall, restricted shells, and the Informix Web DataBlade. 04/22/2002

Wireless LAN Security: A Short History by Matthew Gast
Matthew Gast, author of O'Reilly's 802.11: The Definitive Guide, explains the security flaws in 802.11 wireless networks and looks ahead to the remedies. 04/19/2002

Open BSD Local Root Exploit by Noel Davis
In this week's Security Alerts, Noel Davis reports on an OpenBSD local root exploit; problems with OpenBSD's rshd, rexecd, and atrun; new versions of Red Hat Linux's tcpdump, libpcap, and arpwatch; and problems in Webalizer, Open Unix and UnixWare's libX11, IMP, ntop, SuSE's ucd-snmp library, Anthill, INN, and several IRIX utilities. 04/16/2002

Using SCP Through a Gateway by Daniel J. Barrett and Richard E. Silverman
Using SCP though a gateway requires a bit more configuration than SSH. 04/11/2002