Secure Programming for Linux and Unix [PDF]

This book provides a set of design and implementation guidelines for writing secure programs for Linux and Unix systems. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs. Specific guidelines for C, C++, Java, Perl, PHP, Python, Tcl, and Ada95 are included.

This book describes a set of guidelines for writing secure programs on Linux and Unix systems. For purposes of this book, a “secure program” is a program that sits on a security boundary, taking input from a source that does not have the same access rights as the program. Such programs include application programs used as viewers of remote data, web applications (including CGI scripts), network servers, and setuid/setgid programs.

This book does not address modifying the operating system kernel itself, although many of the principles discussed here do apply. These guidelines were developed as a survey of “lessons learned” from various sources on how to create such programs (along with additional observations by the author), reorganized into a set of larger principles.

http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.pdf

—————-
Now playing: Metallica – Metallica – Until It Sleeps
via FoxyTunes

Stallman – If you want freedom don’t follow Linus Torvalds

The founder of the Free Software Foundation asks readers whether they will fight for freedom or be too lazy to resist.

“Please don’t call GNU ‘Linux’,” says Richard Stallman, the founder of the Free Software Foundation. In this interview, he also asks readers whether they will fight for freedom or be too lazy to resist.

http://www.pcworld.idg.com.au/index.php/id;211669437
—————-
Now playing: Metallica – Bleeding Me
via FoxyTunes

75million Zombie Computers in USA are owned by China

A former senior U.S. information security official says there are nearly three-quarter million personal computers in the United States taken over by Chinese hackers. “This is a fact that should get everyone’s attention,” Paul Strassmann told Government Executive magazine columnist Bob Brewin. Strassman, who was director of defense information in the early 1990s, is now back at the Pentagon as a senior advisor, according to Brewin.

“As of the morning of Sept. 14, there were exactly (remember, Strassmann is an engineer and likes precision) 735,598 computers in the United States infested by Chinese zombies,” writes Brewin in his Monday column.

Zombies are malicious software packages downloaded by unsuspecting users from infected e-mail messages or Web sites.

They infect computers at a very basic level, making them hard to find and root out, and they enable the hackers who wrote them to create large networks of “slave” computers that can be used in massive, if unsophisticated, cyber attacks using a technique called Denial of Service, or DoS.


—————-
Now playing: Metallica – For Whom The Bell Tolls
via FoxyTunes

Follow

Get every new post delivered to your Inbox.