Whitepapers

Even in our formative Codetalker years, we tried to produce some relevant, factual content once in a while. Other times, we would just rant. This part of the collection represents the factual variety. In their day, these whitepapers were intended to further the awareness and discussion of security issues and technologies.

Designing and Implementing Firewalls

1998-08-13 - Designing for Insecurity - Kjell Wooding

Recently, I was asked to write a paper on getting a Microsoft NetMeeting session safely through a firewall. After a few minutes research, I came to the conclusion that I was in for a rough ride. It would appear to me that, when it comes to security, some of the protocol designers out there just don’t get it. H.323 looks like it was designed for insecurity.

1998-05-11 - Securing Modem Back Doors - Evan Spence

The most common back door in a corporate network is the lowly modem.

Myths and Mumblefoot

1998-07-31 - Mmmm... Cookies - Chris Grant

A cookie is a small amount of data that is stored on your local system by your web browser at the request of a web server. The next time you visit that web server, the cookie is sent back. No stolen files, no credit card numbers. It’s as simple as that.

Protocols and Step Ladders - Chris Grant

Perfectly secure cryptosystems can often lead to absolute insecurity. Why? Because cryptosystems have to be looked at in their entirety.

Back to Basics

1998-07-03 - FTP Reviewed - Chris Grant

The File Transfer Protocol (FTP) is one of the oldest and most often used protocols on the Internet. Because it is often integrated into our browsers, however, it is easy to forget that it is even there. FTP facilitates the vast majority of file transfers across the Internet, and though we all know and use FTP applications every day, every once in a while it’s good to go back to the RFCs and see what FTP is actually doing.

Understanding Denial of Service

1998-06-12 - Magnification Attacks - Smurf and Fraggle - Kjell Wooding

Magnification attacks, such as Smurf and Fraggle make use of intermediate hosts to generate large amounts of network traffic. By directing this traffic at a specific target, network saturation and denial of service may occur. By configuring your network to block troublesome packets, you can avoid becoming an intermediary in these attacks.

Squashing Those Pesky Bugs

1998-06-05 - strcpy and you - Kjell Wooding

Most of the bugs that are found in software today are both obvious and preventable. Although techniques for avoiding these common mistakes have been around for years, many programmers continue to produce insecure and buggy software.

Let’s face it. The C programming language doesn’t help much here. It’s very easy to fall into some of the traps that C digs for hapless programmers. Learning to recognize and avoid these pitfalls is an important step to producing secure and reliable software.

Other People’s Stuff

These are papers written by other folks. We found them handy enough to mirror here (after receiving permission, of course) so that we wouldn’t lose track of them, and have to go a-hunting.

i386 Boot Mysteries - Tobias Weingartner

Toby explains the i386 boot process in excruciating, delicious detail.

pintday.org » Fresh every Tuesday.