ZDNet UK / Blogs / Software application development

Developer guidance on “unsafe” cryptographic algorithms

By , 20 March, 2009 07:05

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

About this blog

ZD Staff

Software application development

This blog is intended to provoke discussion and exchange between like minded software application developers, engineers, architects, project managers - and keen hobbyists too.

With the UK’s Infosecurity Europe show little more than a month away now, the security vendor community is busily polishing up its latest batch of cure-alls and wonder-tools to aid developers and security specialists in the good fight against ‘rouge’ code.

There will be talk of firewalls, new detection techniques and possibly even self-learning apps that use social networking threads to gauge threat status as viral malware starts to evidence itself across the web.

While it would be unfair to say that some of this will lean towards scaremongering, there will no doubt be some pretty creative story pitches.

A vague whisper of the kind of report that may surface next month landed (safely and without malicious intent) in my inbox earlier this week. Centred around developer ‘confusion’ over safe versus unsafe cryptographic algorithms, there is now a “manifesto” to provide programmers with an encryption check-list to ensure safer builds result at every level.

So an unsafe cryptographic algorithms guide; hogwash, hullabaloo or home-truth?

The report is available here for free download without registration. Unsurprisingly there is a security vendor behind this; in this case it is Fortify. Credit to them for at least making it free without any extra surfing on their site over and above the link I have shown here.

Before you get your self a cup of tea and get ready to phone your CTO with ground-breaking news, this is an eight page “manifesto” in 1409 words – and 318 of those are the references appendix. So it’s not exactly the security developer’s Magna Carta.

That being said, the report’s author has taken the trouble to draw an important distinction and differentiate between problems that introduce real risk to systems being developed today, as opposed to hypothetical research focused on attacks that won’t be feasible in the mainstream for years.

As always with these things, be as sceptical about the validity of the reports and tools being proffered as you about the very threats that exist on the web and inside the systems and ecosystem in which you live. That way, we all stay sharp and we all stay safe I reckon.
« Previous post Next post »

Talkback

'rouge' code?
I've not come across this jargon - presumably it's malware propagated by those of a politically leftward leaning?

filthylooker 20 March, 2009 13:10
Reply

Well - if the PR world can coin a phrase or two I thought it was probably open season for new jargon.

:-)

Adrian

Adrian Bridgwater 20 March, 2009 14:22
Reply

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

apexwm

NanWag : A Windows Server 2008 is being used because the environment that the Macs are in is a heavy Windows environment. I am proposing that...

52 minutes ago by apexwm on Windows Server 2008 drops the ball for Mac compatibility
BellamysIT

Really good article. You bring to light a few really good things. However, isn't it true that over 70% of fortune 500 companies use sharepoint?...

54 minutes ago by BellamysIT on Designing a SharePoint farm: Tiers before bedtime
annonymous2

If Piratebay is a crime then so is borrowing a dvd you purchased to a family member or a friend. Why should we not be aloud to share. Most of the...

3 hours ago by annonymous2 on UK ISPs ordered to block Pirate Bay website
NanWag

File Services For Macintosh was causing Excel to prompt for Overwriting changes or Save Another Copy because it was changing the timestamp on the...

3 hours ago by NanWag on Windows Server 2008 drops the ball for Mac compatibility
Regis Machado

creative cloud $48/month in the USA, £48/month in the UK ($79). good for the competitors

5 hours ago by Regis Machado via Facebook on Adobe move promotes piracy
Tom Espiner

Hello KosGirl, Good question. I've asked Belfius for a response. The latest post I can find on Pastebin about it is here:...

5 hours ago by Tom Espiner on Hackers hold bank to ransom over stolen data
KosGirl

Have there been any further updates to this story? I can't find any information on whether the hackers released the data or not.

6 hours ago by KosGirl on Hackers hold bank to ransom over stolen data
SandJ

I have done 7 speed tests this morning on different speed test tools. They tell me my download speed is: 12.3, 12.3, 12.3, 11.1, 12.7, 12.7, 11.7...

7 hours ago by SandJ on Watchdog: TalkTalk's broadband speed test misled users
Jack Schofield

@Mary Microsoft could always send Mozilla a spec sheet and oblige them to meet the same standards as IE. Then Mozilla can spend millions of...

10 hours ago by Jack Schofield on Windows RT browsers and the point of Windows RT
goth1csnake3

Not before time, that people making films,dvd's get whats coming to them. Well done, Virgin Media.

12 hours ago by goth1csnake3 on Virgin Media: Spotify deal will bring down piracy
Simon Bisson and Mary Branscombe

Apex - the question then is what about letting the user choose to have a tablet where they don't have to have that responsibility? why can't the...

22 hours ago by Simon Bisson and Mary Branscombe on Windows RT browsers and the point of Windows RT
Simon Bisson and Mary Branscombe

Moley, Apex, thanks; I think there's an interesting other dimension of choice - the choice to have a platform that is 'locked down' in the sense...

22 hours ago by Simon Bisson and Mary Branscombe on Mozilla accuses Microsoft of shutting Firefox out of WOA
Yellowcave

Not surprised. I once used the methods to let my firewall just notify me of breaches. Not one single logged event was genuine. Once, we all...

1 day ago by Yellowcave on Mobile porn filters catch innocent content, says report
duplex

live realy sucks in facebook becuase people hack your profile

1 day ago by duplex on Irish watchdog: Facebook privacy still falls short
Ed Macnair

If only it was that simple. When you start accessing Cloud applications you are stuck with the security model the vendor provides...........unless...

1 day ago by Ed Macnair via Facebook on IT security? You're doing it wrong!
Phil at Cloud4

Another good updaet, I have enjoyed going on the journey reading this series on SharePoint 2010 and have learned alot. Great writing.

1 day ago by Phil at Cloud4 on Designing a SharePoint farm: Tiers before bedtime
muteen

roumers of an ipad Mini, isnt that just an iTouch!?

1 day ago by muteen on Apple rebrands iPad 4G as 'Wi-Fi + Cellular' for UK
apexwm

Thanks for this article and bringing this issue to light. Unfortunately this type of activity is common not only with Adobe, but many other...

1 day ago by apexwm on Adobe move promotes piracy
Andy Bolstridge

there's a very thin line between tax avoidance and tax efficiency - earning £850 a month and claiming dividends to bring my income up to normal...

1 day ago by Andy Bolstridge via Facebook on The Idle Self-employed
Andy Bolstridge

I see that they are happy to announce these numbers.. but no-one will take any notice until they start announcing sales numbers too.

1 day ago by Andy Bolstridge via Facebook on Microsoft's score card for Smoked by Windows Phone

Keep up with ZDNet UK

Twitter Follow us

Linkedin Join our network

ZDNet UK App Download now

Facebook Like us

RSS Feeds Subscribe now

Newsletters Subscribe today

Featured white papers

Gartner - Next Generation Intrusion Prevention

Hewlett-Packard (HP)

Gartner - Next Generation Intrusion Prevention

Threats are becoming more sophisticated and targeted. The Solution: HP TippingPoint's Next-Generation... Read more

Six iPad tests for multimedia-grade Wi-Fi

Aruba Networks

Six iPad tests for multimedia-grade Wi-Fi

The University of Ottawa, Apple, Aruba Networks and others validate a multimedia grade Wi-Fi environment for scaling voice and video... Read more

Tech breakthroughs to watch in 2012

ZDNet UK

Tech breakthroughs to watch in 2012

From invisibility cloaks to virtual atom smashing, from Cern to Nasa, this ZDNet UK guide presents the discoveries to watch in... Read more

Community highlights

BarryGill

Darth Vader brought his own device...

Blog Post A few weeks ago I wrote a blog piece called "Bring Your Own Delusion (BYOD)"....

16 May, 2012 by BarryGill
Jack Schofield

Mobile phone sales dip while smartphones boom

Blog Post Worldwide sales of mobile phones to end users fell by 2 percent to 419.1...

16 May, 2012 by Jack Schofield
First Take

HTC One V

Blog Post HTC's One range of handsets comprises three models. There's the flagship HTC...

16 May, 2012 by First Take
Simon Bisson and Mary Branscombe

Contribute, contract; endorse? Technology reputations

Blog Post Technology companies need to be careful about who and what they're seen to...

16 May, 2012 by Simon Bisson and Mary Branscombe

Inside ZDNet UK

HTC One V

HTC One V

Darth Vader brought his own device...

Darth Vader brought his own device...

Dell PowerEdge T320

Dell PowerEdge T320

Gartner - Next Generation Intrusion Prevention

Gartner - Next Generation Intrusion Prevention

Top travel apps for the iPhone

Top travel apps for the iPhone

SharePoint 2010: A migration odyssey

SharePoint 2010: A migration odyssey

Ubuntu 12.04 LTS: The morning after

Ubuntu 12.04 LTS: The morning after