PGP is 15 years old

PGP Corporation salutes the 15th anniversary of PGP encryption technology. Developed and released in 1991 by Phil Zimmermann, Pretty Good Privacy 1.0 set the standard for safe, accessible technology to protect and share online information.

PGP is used for encryption and signing of content, but it is under utalized on the internet. For a while I used it to sign my email messages and other communications. This is a good opportunity to go look at PGP again and check out what all has been updated and is new.

From what I did digging for finding PGP software, the Authoritative source for PGP software is http://philzimmermann.com The other sites that have related information are http://www.openpgp.org and http://www.pgp.com and for the international people http://www.pgpi.org

read more | digg story

Buffer Overflows and Security

Buffer overflows and security are very common topics these days and Dr Dobb's just ran an article on it Illusion of Safety. They also ran a follow up article on The Unsecured Integer. The first article presents two options which can be used to prevent buffer overflows brute force and prevention by design. Brute force requires some form of verifying that all incoming data is verified for length before copying with problematic functions. Prevention by design pushes the responsibility to verify that the data doesn't overflow to the edges of the system and has the possibilities to make applications simpler, smaller and run faster, but it requires that each data flow be traced and verified. Preventions is harder to enforce than the brute force method but provides possible efficiency improvements.

One other related article Integral Security . There are 3 variants on integer errors overflow, sign errors and trundication. They reference a special publication 500-262 from NIST as a reference for how to handle Integer Safety.

Also of interesting note they referenced Secure Coding in C and C++, by Robert C. Seacord which appears to be an interesting reference book.

Spyware

For anti-spyware, i recommend the following 4 things, in combination:
SpyBot: Search & Destroy ( http://www.safer-networking.net )
AdAware ( http://www.lavasoft.com/ )
Spyware Blaster ( http://www.javacoolsoftware.com/spywareblaster.html )
Hosts File ( http://everythingisnt.com/hosts.html )

Underhanded C Contest

2006 Underhanded C Contest

Ever wonder why a program just runs slow on your machine and just fine on other machines?

This Programming contest actually encourages people to make programs that run just fine and even pass light code review to be correct but take a looooooonngg time to run on another platform. Go check it out for a few chuckles.

SD West 2006

Last Week March 13-17, 2006 I was at a Software Development Conference
http://www.sdexpo.com/ or SD West 2006 Blog



I Enjoyed the conference and expo!

More thoughts and ideas to come.

Gentoo SSH security fix

I run several Gentoo Systems, here is a very interesting article about denyhost for securing your system against dictionary ssh attacks

http://utah-gentoo.org/article.php?story=2006030111575620