Tag Archives: security

ACCU Security Conference 2009

Posted on by
Reply

Let’s take the leader of Colossus reconstruction project, the author of The Code Book, the original creator of the PGP e-mail encryption package and horde of people as hungry of knowledge & fun as a bears of berries, and what you get?

ACCU :: Security: Yesterday, Today, and Tomorrow

You get ACCU :: Security: Yesterday, Today, and Tomorrow conference:

On November 7th 2009, the ACCU will be holding a one day conference at Bletchley Park, home of the legendary World War II ‘Enigma’ code breakers, and the site at which the world’s first digital computer went operational.

The event is put on the official calendar of events in Bletchley Park – National Codes Centre. It’s also announced by ZDNet.

By the way, who knows about the crucial role of the Polish Cipher Bureau and Polish mathematical geniuses in breaking Enigma? I can bet that many people still believe in this story which follows principles of canonical Hollywood education.

I think one of the things we need to make clear to Hollywood is, yes you’re in the entertainment business but the people who see your movies are going to come away thinking that’s information, not just entertainment.

By the way, I’ve read on ACCU forum that one of the speakers will probably talk about new his VoIP protocol and why his protocol spanks all other VoIP protocols as well as the effects of public policy and living in a surveillance society. The conference is going to kick!

ATL Security Update

Posted on by
Reply

Those of you who use Visual Studio in daily work have probably noticed there is has been new security update issued for Active Template Library. The Channel 9 also published very interesting webcast in which three engineers from Microsoft explain what’s inside the update for ATL.

Developers who have built controls using vulnerable versions of ATL should take immediate action to review and identify any vulnerabilities, modify and recompile their affected controls and components using the updated versions of ATL and finally distribute a non-vulnerable version of the controls and components to their customers.

Along with security fixes, the update includes one more interesting feature. Damien Watkins announced (12 min 20 sec) that now:

you can include ATL as a kind of header only implementation

I suppose, it may make it easier to port ATL features to development environments produced by parties like MinGW, so users of these will likely be able to use Windows Template Library (WTL) based on ATL. I’m dreaming, am I?

Inside the Active Template Library (ATL) Security Update | Jul 28th @ 10:02 AM

Learning the OpenID problems

Posted on by
2

OpenID logoContinuing my recent discussion about OpenID and considering OpenID usage for authenticating to OSGeo services, I wanted to make a short review of its disadvantages. The OpenID advantages are well-known and can be described with a short statement:

open, decentralized, free framework, which allows Internet users to control their digital life with single identity

Stefan Brand collected number of opinions about OpenID and compiled a very interesting post on his blog about problem(s) with OpenID. Stefan’s blog entry is pretty long, so to understand his findings easier, I decided to abstract key thoughts on that matter.

Stefan summarized main problems and sources of OpenID criticism as follows:

OpenID is highly vulnerable to phishing and other attacks, creates insurmountable privacy problems, is not a trust system, suffers from usability problems, and makes it unappealing to become an OpenID consumer.

Next, complaints about the OpenID framework are presented in a few categories, which I’m going to summarize below.

Continue reading