SecurityFocus

Pandora 1.1 released! 2005-05-16
acid_lemon hotmail com

Pandora v1.1 is released. This is a major release from 1.0 and
contains a lot of new features, improved stability and bugfixes from
version 1.0.

The new version is available at http://pandoramon.sourceforge.net

Pandora is a distributed system to monitor processes, performance,
status, applicatio

[ more ] [ reply ]

dll security 2005-05-13
Huygens Frederic (merovingien03 hotmail com)

Hi,

I followed the thread "Dll security". did any of you already evaluated some
of the following software protection to slow down hacking on legitimate
software:

- Obsidium (http://www.obsidium).
- Asprotect (http://www.aspack.com/)
- Cloakware: http://www.cloakware.com/products/suite.html#prot

[ more ] [ reply ]

Detecting SoftICE ? 2005-05-10
Bruce Klein (bruce klein iovation com) (1 replies)

Hello all,

I am writing a Win32 DLL and am currently trying to detect if SoftICE is present.

I am trying the "classic" detection methods and for my version of SoftICE (4.3.2) under Windows XP, so far no method has succeeded at detecting it.

The methods I am trying are well described in Viega

[ more ] [ reply ]

Re: Detecting SoftICE ? 2005-05-11
Thierry Haven (thierry haven xmcopartners com)

Credentials for Application use 2005-05-10
Mikey (mike_chan_ hotmail com) (1 replies)

This is a broad question around the current practices and recommendation of
what not to do when it comes to credentials used by applications to gain
access to a resource or data stored elsewhere.

As an example, I have some middleware components that need to gain access
to a data repository that

[ more ] [ reply ]

Re: Credentials for Application use 2005-05-18
Alexander Klimov (alserkli inbox ru)

Announcement: The Web Security Mailing List 2005-05-08
contact webappsec org

The Web Application Security Consortium (WASC) is proud to present 'The Web Security Mailing List'.

What is The Web Security Mailing List?
The Web Security Mailing List is an open information forum for discussing topics relevant to
web security. Topics include, but are not limited to, industry ne

[ more ] [ reply ]

Dll Security 2005-05-06
VP (pelasaco gmail com) (3 replies)

Hi, i have a dll and i want to encrypt it to hide (obfuscate ??) an
important algorithm used here.

Well today i'm using a following approach:

I'm encrypting the dll with a program, then when i want to loadlibrary() it,
i decrypt it to a plain-text file, then i loadlibrary the plain-text file.
So i

[ more ] [ reply ]

RE: Dll Security 2005-05-09
Slavisa Dojcinovic (slavisa dojcinovic bravostudio com) (1 replies)

Re: Dll Security 2005-05-10
Slashroot (slashroot free fr)

Re: Dll Security 2005-05-08
Valdis Kletnieks vt edu

Re: Dll Security 2005-05-07
Keith Oxenrider (koxenrider sol-biotech com) (1 replies)

Re: Dll Security 2005-05-10
VP (pelasaco gmail com) (1 replies)

RE: Dll Security 2005-05-10
Chris Matthews (cmatthews xn com)

tools for analyzing java code 2005-05-05
Mads Rasmussen (mads opencs com br) (1 replies)

Anyone knows any tools to analyze security problems with java code?

I have come across some, like

Lint4j (open source)
http://www.jutils.com/index.html

CodePro Analytix
http://www.instantiations.com/codepro/download.asp

Jtest
http://www.parasoft.com/jsp/products/home.jsp?product=Jtest&itemId=14

[ more ] [ reply ]

Re: tools for analyzing java code 2005-05-05
Jeff Williams (jeff williams aspectsecurity com)

Re: Java keystore password storage 2005-04-25
Fredrik Hesse (fredrik hesse nexus se)

Indeed a classic problem, unfortunately there are
no platform-independant services for storing things like this.
But a config-file with proper access-restrictions goes a long way..
And I guess thats the solution you're leaning against if I read
between the lines.
3 is good since it doesn't require s

[ more ] [ reply ]

RE: Java keystore password storage 2005-04-25
Michael Howard (mikehow microsoft com) (1 replies)

Oh this thorny issue again!

On Windows you can call into the Data Protection API (CryptProtectData
etc), which uses keys derived from the user's password to protect secret
data like this, or uses a machine key if you want to lock the key down
to the machine. Mac OSX offers a similar technology call

[ more ] [ reply ]

Re: Java keystore password storage 2005-04-25
black love (black love83 gmail com)

Java keystore password storage 2005-04-25
john bart (sysadmin256 hotmail com)

Hello to all the list.
I need some advice on where to store the keystore's password.
Right now, i have something like this in my code:

keystore = KeyStore.getInstance("JKS");
keystore.load(new FileInputStream("keystore.jks"),"PASSWORD");

the question is, where do i store the password string? all o

[ more ] [ reply ]

Recon 2005 - Speakers list 2005-04-20
hfortier (hfortier recon cx)

RECON 2005

Montreal, Quebec, Canada
17 - 19 June 2005

We are pleased to announce the final paper selection for the RECON
conference.
RECON is a computer security conference taking place in downtown
Montreal from
the 17th to the 19th of June 2005.

Please take note that we have extended the early

[ more ] [ reply ]

Patch to flawfinder... 2005-04-09
George V. Neville-Neil (gnn neville-neil com)

Howdy,

I have created a patch to flawfinder by David Wheeler to allow for the
creation of external rulesets. The patch, and documentation, can all
be found here:

http://www.codespelunking.org/pages/cs_flawfinder.html

while the original program can be found here:

http://www.dwheeler.com/flawfind

[ more ] [ reply ]

Re: secprog Digest 2 Apr 2005 19:17:38 -0000 Issue 293 2005-04-05
David A. Wheeler (dwheeler ida org)

I said:
>> My flawfinder home page at http://www.dwheeler.com/flawfinder
>> links to a number of tools & papers for static source code
>> analysis to find security flaws.

Ashish Popli said:
> A good introductory article on static analysis of source code for
> analyzing security issues can be fou

[ more ] [ reply ]