added 2008 Mon May 12 14:09:22 by bloid
For a database application, all security in the end becomes a question of who can read and write to what tables. While this is obvious to veteran database programmers, it is not always so obvious to relative newcomers. A programmer who thinks primarily in terms of code will be used to conceptualizing actions, steps, procedures and so forth. This programmer will therefore think of security in terms of who is allowed to perform what actions. However, when you examine the actions performed by database application code, you find that, no surprise, it is a lot of database reads and writes.
For a database application, all security in the end becomes a question of who can read and write to what tables. While this is obvious to veteran database programmers, it is not always so obvious to relative newcomers. A programmer who thinks primarily in terms of code will be used to conceptualizing actions, steps, procedures and so forth. This programmer will therefore think of security in terms of who is allowed to perform what actions. However, when you examine the actions performed by database application code, you find that, no surprise, it is a lot of database reads and writes.
added 2008 Sun May 11 15:15:00 by jaybol
The US military's famed scientific wingnut farm, DARPA*, has released full details of its planned "National Cyber Range" - a mighty network which could be configured to simulate the cyberspace battlefields of the future. This would allow America's fighting nerds to train for the net conflicts of tomorrow, mounting attacks on simulated enemies..
The US military's famed scientific wingnut farm, DARPA*, has released full details of its planned "National Cyber Range" - a mighty network which could be configured to simulate the cyberspace battlefields of the future. This would allow America's fighting nerds to train for the net conflicts of tomorrow, mounting attacks on simulated enemies..
added 2008 Sun May 11 7:02:32 by MakiMaki
A newfound flaw in Google's Gmail allows would-be spammers to treat the service as an open-relay server. Compounding the issue is the fact that services such as Hotmail and Yahoo "trust" Gmail. This may facilitate e-mail delivery, but it also makes it easier for spammers to reach their intended targets.
A newfound flaw in Google's Gmail allows would-be spammers to treat the service as an open-relay server. Compounding the issue is the fact that services such as Hotmail and Yahoo "trust" Gmail. This may facilitate e-mail delivery, but it also makes it easier for spammers to reach their intended targets.
added 2008 Fri May 9 15:24:13 by nahsrocketeer75
Security researcher Aviv Raff has published code that would allow someone to take control of a computer running Internet Explorer, but there's a catch. He's not saying exactly where he's hidden the attack. "Somewhere in my blog, I embedded a proof-of-concept code which exploits this 0day vulnerability," Raff wrote.
Security researcher Aviv Raff has published code that would allow someone to take control of a computer running Internet Explorer, but there's a catch. He's not saying exactly where he's hidden the attack. "Somewhere in my blog, I embedded a proof-of-concept code which exploits this 0day vulnerability," Raff wrote.
added 2008 Fri May 9 12:10:37 by bloid
Call me old-skool, but I don't like pulling in huge frameworks like Acegi for some simple authentication and authorization stuff. This post will show you how I connected Wicket security to an LDAP through JAAS. This leverages the LDAP configuration and access on the appserver level and keeps the application clean. This was done on JBoss, so YMMV on another server, but this post should help you along when you need to tweak the solution.
Call me old-skool, but I don't like pulling in huge frameworks like Acegi for some simple authentication and authorization stuff. This post will show you how I connected Wicket security to an LDAP through JAAS. This leverages the LDAP configuration and access on the appserver level and keeps the application clean. This was done on JBoss, so YMMV on another server, but this post should help you along when you need to tweak the solution.
added 2008 Fri May 9 6:49:07 by MegaManSE
This annoying error started occurring recently in conjunction with a Flash 9 security update that changed the policy file behavior; this is how to fix it.
This annoying error started occurring recently in conjunction with a Flash 9 security update that changed the policy file behavior; this is how to fix it.
added 2008 Tue May 6 16:24:30 by iching
And some of the edits add evidence to the claims that Dominionists and other extremists in the Christian Right are creeping into it. Creation Science before:Creation science is the attempt to justify a literal interpretation of the Biblical account of creation with supposedly scientific evidence.And after someone in the 56th Com Squadron
And some of the edits add evidence to the claims that Dominionists and other extremists in the Christian Right are creeping into it. Creation Science before:Creation science is the attempt to justify a literal interpretation of the Biblical account of creation with supposedly scientific evidence.And after someone in the 56th Com Squadron
added 2008 Tue May 6 15:00:41 by mklopez
How much of the traffic on the internet is peer-to-peer file trading? Everyone seems to agree it represents a lot of the traffic, but the truth is no one knows (with the possible exception of the ISPs and backbone providers in the middle, and they aren't telling or sharing raw data).
How much of the traffic on the internet is peer-to-peer file trading? Everyone seems to agree it represents a lot of the traffic, but the truth is no one knows (with the possible exception of the ISPs and backbone providers in the middle, and they aren't telling or sharing raw data).
added 2008 Tue May 6 4:00:31 by MrBabyMan
Data released this week on 2007 wiretaps shows that nearly all intercepts are for "portable devices" and 80 percent of all taps target drug criminals. Secret FISA warrants are also up, and no one knows what's happening with warrantless surveillance at the NSA.
Data released this week on 2007 wiretaps shows that nearly all intercepts are for "portable devices" and 80 percent of all taps target drug criminals. Secret FISA warrants are also up, and no one knows what's happening with warrantless surveillance at the NSA.
Sponsors
More tags
Technology Apple Linux Programming Software unix-linux ajax how-to javascript php java tools .net trends frameworks books web design ruby open source reviews web 2.0 humor announcement News Politics iraq Microsoft Windows bush terrorism Immigration usability database standards tech Internet c-and-cpp server google Firefox hack free email threat web services web mac travel hacking business virus spyware Network blog OSX antivirus government wireless reference computer wifi online tips lifehacks funny freeware tool ubuntu web2.0 howto computers hacks tutorial firewall opensource spam data privacy national border identity xss cryptography opinion phishing DNS SQL networking ssh authentication pc password passwords encryption xp apache lockpicking openid Homeland Council
added 2008 Tue May 6 1:55:02 by bloid
This comprehensive guide discusses where to get, how to install, and how to use the various cryptography packages available to enhance the security of your PHP applications.
This comprehensive guide discusses where to get, how to install, and how to use the various cryptography packages available to enhance the security of your PHP applications.
added 2008 Mon May 5 17:44:04 by verge
Ask Pellicano, whose case went to the jury last week, and offered arguably more for people who enjoy talk of encryption software, code-wiping booby traps or the low-tech secrets of phone company networks than anyone else.
Ask Pellicano, whose case went to the jury last week, and offered arguably more for people who enjoy talk of encryption software, code-wiping booby traps or the low-tech secrets of phone company networks than anyone else.
added 2008 Sun May 4 16:47:59 by chris1234
The bounceback e-mail messages come in at a trickle, maybe one or two every hour. The subject lines are disquieting: "Cyails, Vygara nad Levytar," "UNSOLICITED BULK EMAIL, apparently from you."
The bounceback e-mail messages come in at a trickle, maybe one or two every hour. The subject lines are disquieting: "Cyails, Vygara nad Levytar," "UNSOLICITED BULK EMAIL, apparently from you."
added 2008 Sun May 4 7:25:20 by verge
Now it seems the only question is whether the government will be able to turn the net into a controllable, monitorable and trackable pre-internet AOL-type service or whether the chaotic net will live on as just another frontier for the military-industrial complex to start an arm's race and rake in billions of government dollars.
Now it seems the only question is whether the government will be able to turn the net into a controllable, monitorable and trackable pre-internet AOL-type service or whether the chaotic net will live on as just another frontier for the military-industrial complex to start an arm's race and rake in billions of government dollars.
5 Free Tools to Password-Protect Your Website
ma.gnolia tags : css rss OSX Software creativity pixar animation innovation tools macosx apps shareware sync search addictomatic searchengine shopping ebiz rating list portable application @new *features Mock tdd information visualization ben fry United States streets no_tag stuff reading cognitive surplus gin None assigned pictures image illusion optical webdesign website passwords Security
added 2008 Sun May 4 7:00:00 by unknown user
It?s rare that we would want to lock up our website with a password. However, there might be few occasions when we need to protect a few pages of our site (or whole) from the general public and made accessible to a selected group of users. For such times, here are 5 neat free tools that will help you get started. Saved By: olga9999 | View Details | Give Thanks
It?s rare that we would want to lock up our website with a password. However, there might be few occasions when we need to protect a few pages of our site (or whole) from the general public and made accessible to a selected group of users. For such times, here are 5 neat free tools that will help you get started. Saved By: olga9999 | View Details | Give Thanks
added 2008 Fri May 2 19:42:30 by nowsourcing
This no-nonsense machine from EDR Solutions does exactly what its name says, destroying a hard disk in as little as 10 seconds. "It basically 'drills' through the hard drive's spindles which physically creates ripples in the platters making it impossible to recover any data," OhGizmo says.
This no-nonsense machine from EDR Solutions does exactly what its name says, destroying a hard disk in as little as 10 seconds. "It basically 'drills' through the hard drive's spindles which physically creates ripples in the platters making it impossible to recover any data," OhGizmo says.
added 2008 Fri May 2 16:59:00 by igeldard
EFF: HOWTO keep your laptop from being searched at the border
EFF: HOWTO keep your laptop from being searched at the border
added 2008 Thu May 1 10:31:39 by vpetreski
I am going to show you how to use Java Server Faces phase listeners to do three very common things: rendering images located on the filesystem, solving the back button problem and simple application security.
I am going to show you how to use Java Server Faces phase listeners to do three very common things: rendering images located on the filesystem, solving the back button problem and simple application security.
added 2008 Wed Apr 30 21:22:04 by spuncoke
Sometimes you don't need to know everything about wireless to secure a home or home-office network; you only need to know what's important.
Sometimes you don't need to know everything about wireless to secure a home or home-office network; you only need to know what's important.
added 2008 Wed Apr 30 16:53:00 by unknown user
Natalya Kaspersky tells how Kaspersky Lab and "daughter" site InfoWatch are working to keep computers and data safe and sound.
Natalya Kaspersky tells how Kaspersky Lab and "daughter" site InfoWatch are working to keep computers and data safe and sound.
added 2008 Tue Apr 29 22:30:24 by thebookmarker
Over the past few days, Yahoo has been exposing visitors to fraudware banner ads and also ads that try to trick them into installing malware. The ads are displayed across numerous web portal sections, including Yahoo Mail, Yahoo Groups and Yahoo Astrology.
Over the past few days, Yahoo has been exposing visitors to fraudware banner ads and also ads that try to trick them into installing malware. The ads are displayed across numerous web portal sections, including Yahoo Mail, Yahoo Groups and Yahoo Astrology.
added 2008 Tue Apr 29 18:01:03 by Anthony Grace
Apparently there have an estimated half-million attacks on different Web sites this week alone. There seems to have been a rush to judgement in trying to point the finger of blame at a recent Microsoft Security Advisory...
Apparently there have an estimated half-million attacks on different Web sites this week alone. There seems to have been a rush to judgement in trying to point the finger of blame at a recent Microsoft Security Advisory...
added 2008 Tue Apr 29 16:39:40 by rd42462
What is the role of JAAS in J2EE security? Do you think JASS is the underlying security mechanism used in J2EE? This post may be of interest.
What is the role of JAAS in J2EE security? Do you think JASS is the underlying security mechanism used in J2EE? This post may be of interest.
added 2008 Tue Apr 29 15:30:35 by geekchic
Cryptography is an arms race, but the finish line may be fast approaching. Up to now, each time the codemakers made a better mousetrap, codebreakers breed a better mouse. But quantum cryptography theoretically could outpace the codebreakers and win the race. Forever.
Cryptography is an arms race, but the finish line may be fast approaching. Up to now, each time the codemakers made a better mousetrap, codebreakers breed a better mouse. But quantum cryptography theoretically could outpace the codebreakers and win the race. Forever.
added 2008 Tue Apr 29 15:25:22 by putergirl
Matt Cutts, head of Google's Webspam team and an engineer who's been working on the problem for eight years, offered some tips about combating it during a speech at the Web 2.0 Expo here.
Matt Cutts, head of Google's Webspam team and an engineer who's been working on the problem for eight years, offered some tips about combating it during a speech at the Web 2.0 Expo here.
added 2008 Mon Apr 28 14:25:09 by bloid
It’s time to upgrade your Rails 2.0 application with user authentication, and we hear that RESTful Authentication is the way to go, but all the instructions out there (even on the plugin repository sites) are out of date or don’t completely work or only work on Rails 1.2.x. In this tutorial, however, we’ll go step-by-step to install a complete RESTful authentication suite with all the trimmings your advanced Rails 2.0 application requires. Best of all, we’ll maintain complete control of our user administration code instead of relying on 3rd party and/or outdated software.
It’s time to upgrade your Rails 2.0 application with user authentication, and we hear that RESTful Authentication is the way to go, but all the instructions out there (even on the plugin repository sites) are out of date or don’t completely work or only work on Rails 1.2.x. In this tutorial, however, we’ll go step-by-step to install a complete RESTful authentication suite with all the trimmings your advanced Rails 2.0 application requires. Best of all, we’ll maintain complete control of our user administration code instead of relying on 3rd party and/or outdated software.
added 2008 Mon Apr 28 11:44:39 by JackyBrown
The standard idea of code aesthetics, when such an idea manifests itself at all, allows for programmers to have elegance and clarity as their standards. This paper explores programming practices in which other values are at work, showing that the aesthetics of code must be enlarged to accommodate them.
The standard idea of code aesthetics, when such an idea manifests itself at all, allows for programmers to have elegance and clarity as their standards. This paper explores programming practices in which other values are at work, showing that the aesthetics of code must be enlarged to accommodate them.
added 2008 Sun Apr 27 3:40:38 by diggrnumber1
When Société Générale announced Jan. 24 that it had lost ?4.9 billion (now valued at $7.68 billion) due to risky and unauthorized trading by Mr. Kerviel, the bank depicted the former trader as a devious information-technology whiz.
When Société Générale announced Jan. 24 that it had lost ?4.9 billion (now valued at $7.68 billion) due to risky and unauthorized trading by Mr. Kerviel, the bank depicted the former trader as a devious information-technology whiz.
added 2008 Sat Apr 26 17:35:43 by bloid
This plugin provides simple authentication using OpenID. Using OpenID you don't need to store user credentials in your own application, so no registration, forget password, confirmation or other flows need to be implemented anymore. The plugin contains an OpenID controller which takes care of redirecting between your application and the OpenID providers, a handy taglib and a service. Using success and error urls you will be in full control of where the controller and the OpenID provider will redirect to in case of successfull login or error.
This plugin provides simple authentication using OpenID. Using OpenID you don't need to store user credentials in your own application, so no registration, forget password, confirmation or other flows need to be implemented anymore. The plugin contains an OpenID controller which takes care of redirecting between your application and the OpenID providers, a handy taglib and a service. Using success and error urls you will be in full control of where the controller and the OpenID provider will redirect to in case of successfull login or error.
added 2008 Sat Apr 26 16:31:38 by liamvictor
High street chains will be the next victims of cyber terrorism, some of the world's elite hackers have warned. Criminals could use the kind of tactics which crippled Estonia's government and some firms last year.
High street chains will be the next victims of cyber terrorism, some of the world's elite hackers have warned. Criminals could use the kind of tactics which crippled Estonia's government and some firms last year.
added 2008 Sat Apr 26 9:50:41 by jordankasteler
We've got you covered with five freeware or shareware security tools for Linux boxes, Macs, and Windows machines, all recommended by Ars staffers.
We've got you covered with five freeware or shareware security tools for Linux boxes, Macs, and Windows machines, all recommended by Ars staffers.
12345678910111213 ... 62 »
