Previous
Attack Surface: Mitigate Security Risks By Minimizing The Code You Expose To Untrusted Users
White Papers ASR is a compromise between perfect safety and unmitigated risk that minimizes code exposed to untrusted users. The core tenet of the attack surface reduction (ASR) philosophy is that all code has a nonzero likelihood of containing one or more...
[December 24, 2004, 23:00]
Comparing Java And .NET Security: Lessons Learned And Missed
White Papers Many systems execute untrusted programs in Virtual Machines (VMs) to limit their access to system resources. Sun introduced the Java VM in 1995, primarily intended as a lightweight platform for execution of untrusted code inside web pages.
[July 2, 2007, 0:00]
.NET Security: Lessons Learned And Missed From Java
White Papers Many systems execute untrusted programs in Virtual Machines (VMs) to limit their access to system resources. Sun introduced the Java VM in 1995, primarily intended as a lightweight platform for execution of untrusted code inside web pages.
[June 27, 2007, 0:00]
KLASSP: Entering Passwords On A Spyware Infected Machine Using A Shared-Secret Proxy
White Papers This paper examines the problem of entering sensitive data, such as passwords, from an untrusted machine. By untrusted it means that it is suspected to be infected with spyware which snoops on the user's activity.
[May 23, 2007, 0:00]
NetSpy: Automatic Generation Of Spyware Signatures For NIDS
White Papers NetSpy determines whether an untrusted program is spyware by correlating user input with network traffic generated by the untrusted program. This paper presents NetSpy, a tool to automatically generate network-level signatures for spyware.
[July 6, 2007, 0:00]
Spyware Resistant Web Authentication Using Virtual Machines
White Papers The system consists of two components: a browser extension that runs in an untrusted environment with the browser and other applications, and an authentication agent that runs in an environment that is protected from spyware.
[March 16, 2006, 23:00]
Critical Flaw Opens Windows To Rogue Java
News One of the first security bulletins to rate Microsoft's new, tougher Critical criteria is MS02-069, which includes notice of a COM Object Access Vulnerability that may let attackers run untrusted Java applets and therefore take over a Windows...
[December 24, 2002, 22:52]
Security Flaws Emerge In Windows Update
News Last week, German company Heise Security announced that two flaws could be used to circumvent the new warnings that Windows XP Service Pack 2, or SP2, normally would display about running untrusted programs, potentially giving a leg up to a would...
[August 19, 2004, 9:30]
Security Hole In IE5, Patch In Progress
News These actions will provide full functionality for all trusted sites, while preventing untrusted sites from being able to exploit the security hole, officials said. Each zone -- Internet Zone, Local Intranet Zone (where all local Web sites exist...
[October 14, 1999, 10:46]
Apple QuickTime Zero-day Flaw 'extremely Critical'
News Secunia is advising that users do not browse untrusted websites, follow untrusted links, or open untrusted QuickTime Media Link files. Security research firm Secunia has reported what it calls an "extremely critical" vulnerability in media...
[November 26, 2007, 11:46]
Microsoft Releases November Security Bulletin
News However, these best practices don't protect you from an embedded image in an Office document, but you can mitigate that threat by not opening documents from untrusted sources. As a workaround for the most serious threat, the Graphics Rendering...
[November 16, 2005, 16:00]
Analysis Of Vulnerabilities In Internet Firewalls
White Papers Firewalls protect a trusted network from an untrusted network by filtering traffic according to a specified security policy. A diverse set of firewalls is being used today. As it is infeasible to examine and test each firewall for all possible...
[April 24, 2008, 0:00]
Towards Multi-Layer Trusted Virtual Domains
White Papers Confining transactions in distributed untrusted environments is crucial for Web services, distributed computing, and most e-commerce applications relying on those technologies. This paper addresses the fine-grained control of information flow...
[September 11, 2007, 0:00]
BeCrypt Releases Secure OS On USB Drive
News Trusted Client is an encrypted operating system that its maker, BeCrypt, claims will "provide a trusted environment on an untrusted host". The system is being advertised as particularly suitable for employees that occasionally work from home or...
[April 17, 2007, 14:52]
How To Login From An Internet Cafe Without Worrying About Keyloggers
White Papers Roaming users who use untrusted machines to access password protected accounts have few good options. An internet cafe machine can easily be running a key-logger. The roaming user has no reliable way of determining whether it is safe, and has no...
[July 6, 2007, 0:00]
Secure Scalable Streaming And Secure Transcoding With JPEG-2000
White Papers Secure Scalable Streaming (SSS) enables low-complexity, high-quality transcoding at intermediate, possibly untrusted, network nodes without compromising the end-to-end security of the system. SSS encodes, encrypts, and packetizes video into secure...
[January 8, 2007, 23:00]
Securing Network-Based Client Computing: User And Machine Security
White Papers The IT industry is addressing two complementary aspects of securing client computers on "untrusted" networks: user security and machine security. This white paper explains the concepts of user and machine security and distinguishes between the two.
[January 6, 2005, 23:00]
Using SSH Tunneling
White Papers It refers to a connection, usually encrypted, that connects two computers together across another, usually untrusted network. A tunnel is a networking term with an appropriate name. Rather than connecting to the mail server directly, we establish...
[September 25, 2007, 0:00]
Foundational Typed Assembly Language For Grid Computing
White Papers This paper describes a type theory for certified code, called TALT-R, in which type safety guarantees cooperation with a mechanism to limit the CPU usage of untrusted code. At its core is the foundational typed assembly language TALT, extended with...
[November 16, 2004, 23:00]
GuerrillaBrowser
Downloads Unlike full-featured conventional browsers, which are fine and even necessary for enjoying the benign Internet, GuerrillaBrowser protects you on the untrusted Internet by giving you direct control over your interaction with web servers and by...
[May 5, 2008, 11:46]
