Dr. Dobb's Security Blogs

CRC: The C Stands for Confusion

Fri, 25 Jul 2014 07:37:00 -0400

Because it is so often abstracted, people don't always make smart choices about selecting and specifying CRCs.

Java SE 8 Beyond Lambdas: The Big Picture

Mon, 31 Mar 2014 12:33:00 -0400

In addition to Lambdas, Java 8 features changes to the way annotations are handled, array processing, VM size, garbage collection, and so much more.

BodyCom Development Kit

Tue, 23 Apr 2013 11:27:00 -0400

Use your body's electric field to authenticate

Arms in the Clouds

Sat, 09 Mar 2013 13:30:00 -0500

Would you use a cloud-based IDE?

Wall Street and the Mismanagement of Software

Wed, 08 Aug 2012 13:47:00 -0400

How Knight Capital becomes a knight errant when it came to software design and delivery.

Head in the Clouds

Wed, 16 Mar 2011 14:53:45 -0400

For developers, programming for the cloud, especially public clouds, is no simple task

Peepers, Terrorists, Doctors and Data Threats - Oh My!

Wed, 19 Jan 2011 16:20:31 -0500

Recently there's been more evidence of employees disregarding privacy rights because of curiosity, opportunities to sell information, and assisting criminals and even terrorists.

Government Seeking Comments on Cloud Security Proposal

Wed, 05 Jan 2011 12:28:00 -0500

The US government has established the Federal Risk and Authorization Management Program (FedRAMP) to define the security environment in which those applications in the cloud must operate.

Rush to the Cloud

Sat, 01 Jan 2011 17:49:38 -0500

The Kundra plan calls for each government agency to identify three services that must move to the cloud, enabling them to benefit from "commodity IT funding". There's an expectation that moving applic...

SQL Injection Attacks and Data Theft

Tue, 16 Nov 2010 02:14:12 -0500

SQL databases are everywhere. Many are accessible from Internet connections, such as for use with web-facing applications. But even today not all database servers tied to the Internet are hardened and...

Misuse of Computers: Shadowcrew and soupnazi

Thu, 09 Sep 2010 14:48:35 -0400

Shadowcrew members used a combination of instant messaging, encryption, and anonymizers (virtual private networks, proxy servers, and rotating IP addresses) to hide their activity and they succeeded in operating for more than two years.

The Misuse of Computers: A Rogue's Gallery

Tue, 31 Aug 2010 17:25:21 -0400

Methods have changed over the decades but today's criminal is often seeking the same pot at the end of the rainbow as his counterpart 25 years - financial systems, often debit and credit card payment systems.

Annual Security Report Released: Threats On the Rise

Sun, 28 Feb 2010 00:00:00 -0500

IBM has released its annual X-Force Trend and Risk Report and, if you're a bit paranoid about computer security, the news isn't good. And if you aren't paranoid about security, well maybe you should be.

Terabytes to Petabytes: Reflections on 1999-2009

Mon, 04 Jan 2010 00:00:00 -0500

Data thieves exploiting flaws in retail systems and the public cloud

Mon, 14 Dec 2009 00:00:00 -0500

Safe Systems from Unreliable Parts

Thu, 29 Oct 2009 00:00:00 -0400

Commenting on Commenting

Tue, 25 Aug 2009 00:00:00 -0400

If you look hard enough these days, you can still find reasonable -- and even valuable -- feedback provided by reasonable -- even intelligent -- people. Where? How about the National Institute of Standards and Technology . That's right -- NIST, the non-regulatory federal agency within the U.S. Department of Commerce that promotes innovation by setting measurements for science, standards, and technology. But NIST doesn't do this in a vacuum. Rather, the agency relies on public comment by (hopefully) citizen experts. And for the most part, this makes for some fascinating reading.

50 Ways to Inject Your SQL, In Harmony (Sort Of Anyway)

Mon, 15 Jun 2009 00:00:00 -0400

Paco, I love your creativity, but seriously dude, don't give up your day job. Paul Simon you aren't, although the melodious one does break through a time or two -- but nowhere near 50 times. For those of you wondering who Paco is and what I'm talking about, well, Paco is, a Technical Manager at security firm

Obama on Cybersecurity : "Who needs a law?"

Thu, 11 Jun 2009 00:00:00 -0400

In my article Extraordinary Government Powers over the Internet a few weeks ago, it was noted that the US Senate was considering S.773 which would apparently give a shadowy government directorate full control over every computer in the universe. Now it appears that the Obama adminstration may not bother with the formality of a "law".

Gray Hat Python Book Review

Tue, 26 May 2009 00:00:00 -0400

Being a fan of the Python programming language, I immediately gravitate toward any new book title with Python in the title. Gray Hat Python explores the relatively easy security penetration testing and, in particular, Windows-centric hacking using Python and several free security testing libraries. Does it deliver the goods? Read on to find out.

Stealing the Network: The Complete Series Collector's Edition Review

Fri, 08 May 2009 00:00:00 -0400

I have been a fan of the Stealing the Network series since the first book was released six years ago. The series finally concludes with the release of this special collector's edition. Did it go out with a bang or a wimper? Read on to find out.

Extraordinary Government Powers over the Internet

Thu, 30 Apr 2009 00:00:00 -0400

As has been reported in and around the blogosphere, Senate Bill S773 , the Cybersecurity Act of 2009 currently before the United States Congress, asserts extraordinary government powers over the Internet and sets the stage for all sorts of meddling in the name of national security.

In Honor of Ada...A Conversation with Eva

Mon, 23 Mar 2009 00:00:00 -0400

Security Reminder, or Who's That Looking Over Your Shoulder?

Wed, 25 Feb 2009 00:00:00 -0500

It doesn't matter which coffee shop -- Henry's, Z's, or the Bourgeois Pig -- I end up at, it's always the same ever since free WiFi came on the scene. There are more laptops than coffee mugs, and never enough places to sit. But I'm as bad as the rest. What with free wireless Internet access and a cell phone, well, I haven't been in the office for year or so now, and even the concept of a home-office is becoming more remote.

Sharing Secrets Among Friends

Tue, 13 Jan 2009 00:00:00 -0500

Originally published in Computer Language back in 1992, Bruce Schneier's essay on the proper way to share secrets still holds weight.

Sharing Secrets Among Friends

Whether you’re protecting a nuclear missile or your new recipe for burger sauce, polynomial encryption can prevent people from stealing your secrets.