Security References
Jump to navigation
Jump to search
Development
- CWE/SANS TOP 25 Most Dangerous Programming Errors
- Reflections on Trusting Trust How does writing the C compiler in C bear on security issues? Well, it does (Ken Thompson, Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763)
- The idea is to hide a trojan code in the C compiler so that to inject a trojan code in eg. the login command code, and another trojan code so that to automatically re-inject itself when the C code is compiled with the infected compiler.
PKI
On trust model flaw in browser CAs:
- "it will CLEARLY not solve the browser security problem.", "the certifications made by even the best of those CAs are effectively MEANINGLESS" "the users are well trained to ignore EVERY browser warning they EVER get" "the ENTIRE question of OCSP is somewhat irrelevant." "spritzing the SKUNK with eau de cologne." "hanging garlands from the corpses ears."' (Cfr mail A mighty fortress is our PKI, Part II (ventzi nikov, 2010 Jul 29 09:06)