Yes we can!
►
Monday, January 26, 2009
Momentous Victory for Progressivism
NPR's morning edition reported on Friday that President-elect Barack Obama will get to keep his Blackberry. Mr. Obama's won this early and hard-fought political battle over a device he earlier declared to a CNBC interviewer that security officials would have to pry from his hands.
Yes we can!
Yes we can!
Monday, January 19, 2009
The 25 Most Dangerous Villians
The SANS Institute and the Common Weakness Enumeration initiative at MITRE have collaboratively released the 2009 list of the top 25 most dangerous programming errors. SANS Institute and MITRE led the effort to create the list, but input came from more than 30 of the nation’s top security organizations, including Federal agencies, corporations, universities, and professional coalitions. Interestingly, consensus was reached with little debate.
The top 25 weaknesses group neatly into three risk categories—insecure interaction between components (9 errors), risky resource management (9 errors), and porous defenses (7 errors). According to the SANS press release, “Most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale.” That’s surprising, in light of these facts. Most of the identified problems boil down to poor validation and error checking, and code that relies on trust alone—interfaces that allow preprocessing of text strings, hard-coded passwords, excessively privileged processes, and so on. These same issues have been publicized and discouraged for more than a decade.
Last year, two of the top 25 errors alone caused more than 1.5 million web site security breaches. That’s a real problem that needs to be taken seriously. The Internet isn’t a playground for academics anymore. It’s time to invest in new skills and processes that bring software to a credible standard of reliability.
The full top 25 list is available at MITRE’s Common Weakness Enumeration web site.
►
The top 25 weaknesses group neatly into three risk categories—insecure interaction between components (9 errors), risky resource management (9 errors), and porous defenses (7 errors). According to the SANS press release, “Most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale.” That’s surprising, in light of these facts. Most of the identified problems boil down to poor validation and error checking, and code that relies on trust alone—interfaces that allow preprocessing of text strings, hard-coded passwords, excessively privileged processes, and so on. These same issues have been publicized and discouraged for more than a decade.
Last year, two of the top 25 errors alone caused more than 1.5 million web site security breaches. That’s a real problem that needs to be taken seriously. The Internet isn’t a playground for academics anymore. It’s time to invest in new skills and processes that bring software to a credible standard of reliability.
The full top 25 list is available at MITRE’s Common Weakness Enumeration web site.
►
Monday, January 5, 2009
Get Internet-Wise
The average computer user is not a security expert. That’s where GetNetWise comes into play.GetNetWise, a PC Magazine Top 100 pick for 2008, is a resource to “help ensure that Internet users have safe, constructive, and educational or entertaining online experiences.” The public service forum has support from Internet industry corporations and public interest organizations including Microsoft, Google, and Consumer Action. Learn more about GetNetWise here.
►
Subscribe to:
Posts (Atom)
Posts
