Posts tagged ‘Security’

The Internet’s Biggest Security Hole: exploiting the internet routing protocol BGP (Border Gateway Protocol)

[] Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.

The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

Bookmark and Share

Continue Reading 5 September, 2008 at 08:40 2 comments

JSON (JavaScript Object Notation): Concepts, Methods, Examples and Security Threats

JSON logoJSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition – December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

JSON is built on two structures:

  • A collection of name/value pairs. In various languages, this is realized as an object, record, struct, dictionary, hash table, keyed list, or associative array.
  • An ordered list of values. In most languages, this is realized as an array, vector, list, or sequence.

These are universal data structures. Virtually all modern programming languages support them in one form or another. It makes sense that a data format that is interchangable with programming languages also be based on these structures.


Bookmark and Share

Continue Reading 22 July, 2008 at 12:41 8 comments

Single sign-on (SSO): Concepts, Methods and Frameworks

Single sign-on (SSO) is a method of access control that enables a user to log in once and gain access to the resources of multiple software systems without being prompted to log in again. Single sign-off is the reverse process whereby a single action of signing out terminates access to multiple software systems.

As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication.

As IT systems proliferate to support business processes, users and system administrators are faced with an increasingly complicated interface to accomplish their job functions. Users typically have to sign-on to multiple systems, necessitating an equivalent number of sign-on dialogues, each of which may involve different usernames and authentication information. System administrators are faced with managing user accounts within each of the multiple systems to be accessed in a co-ordinated manner in order to maintain the integrity of security policy enforcement.


Bookmark and Share

Continue Reading 21 July, 2008 at 17:34 3 comments

Dan Kaminsky: bug in DNS

A computer researcher revealed a fundamental flaw in the Internet’s addressing system, necessitating a massive Internet security upgrade primarily for businesses and service providers, according to a division of the Department of Homeland Security.

The problem makes it possible for computer hackers to reroute Internet traffic at will, enabling them access to sensitive and valuable information from businesses …

So there’s a bug in DNS, the name-to-address mapping system at the core of most Internet services. DNS goes bad, every website goes bad, and every email goes…somewhere. Not where it was supposed to.


Bookmark and Share

Continue Reading 9 July, 2008 at 13:41 Leave a comment


IT Passion’s Store

Archives

Communities

Get the Source
OSGi supporter
JUG Milano

Upcoming Events



....

Blog Stats

  • 328,400 hits

My PageRank

What's My Google PageRank?