Every once in a while, Kurt sees some new security development that really sets him on edge. In this case, DERA has come up with a way to combat email borne viruses.
More articles by Kurt Seifried
Email is probably the favorite Internet related service for most. It's also the one that causes the most problems, with regard to security. People cannot live without email anymore. Most Internet spam is now delivered by email, and more importantly, most viruses are now spread via email.
FTP was built to be an extremely flexible protocol, and therein lie many of its security problems.
There are hundreds of thousands of certificates floating around. The whole premise of certificates is that multiple parties trust a central certificate authority. This form of security and verification is not without issues.
Kurt Seifried discusses security with a focus on CGI scripts. Does you site--or your ISP's--have CGI scripts that are a security risk?
Running a network? You probably already consider your firewall of utmost importance. The important next step is realizing that proper deployment is everything and that firewall ownership does not necessarily equal protection.
PKI hasn't taken off like many would have expected. Some of the issues tied to this center on certificates and the Certificate Authorities.
Guess what? Data that would normally be blocked by a firewall can typically be tunneled through HTTP(S)--and reach its destination with no trouble at all.
Code walk throughs and code audits are a part of any good software development process. John Viega answers questions about his product, ITS4 (Its The Software Stupid). According to Kurt Seifried, this is the only tool worth using.
Suidnet--the ambitious project to create a more robust IRC platform--has some persistent security issues to overcome. Are the benefits provided by large-scale chat solutions worth the security risks?
Do you think your Linux system is less vulnerable to viruses? Read this overview from SecurityPortal and find out what your risks really are.
Kurt Seifried has read pretty much every single vendor-issued security advisory, along with advisories for software packages on Bugtraq and other mailing lists, Web sites, etc. Here's his take on the status of the security advisory.