Analisi dei costi del Vista Content Protection
29 Giugno 2008
Interessante lettura sui costi del Content Protection di Microsoft Vista:
Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called “premium content”, typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it’s not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server). This document analyses the cost involved in Vista’s content protection, and the collateral damage that this incurs throughout the computer industry.
Il testo completo di Peter Gutmann è all’indirizzo http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html
SQL Injection: novità da HP e Microsoft
29 Giugno 2008
HP e Microsoft hanno rilasciato due tool per l’analisi del codice alla ricerca di SQL injection
- HP Scrawlr: Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology to dynamically craft SQL Injection attacks on the fly.
- Microsoft Source Code Analyzer for SQL Injection: Microsoft Source Code Analyzer for SQL Injection is a static dataflow analysis tool to help find SQL Injection vulnerabilities in Active Server Pages (ASP) code.
Sul blog Security Vulnerability Research & Defense c’è un confronto tra Scrawlr, MSCASI e UrlScan.
Nuovo standard per la sicurezza mobile (3G)
9 Giugno 2008
La TIA ha pubblicato uno standard, IMS Security Framework (TIA-1091), sulla sicurezza delle tecnologie 3G. Questo è l’abstract:
TIA-1091 addresses the access and network security for IP-based services. The scope for this document is to specify the security features and mechanisms for secure access to the IM subsystem (IMS) for the 3G mobile telecommunication system. The IMS supports IP Multimedia applications such as video, audio and multimedia conferences using SIP, Session Initiation Protocol, as the signaling protocol for creating and terminating Multimedia sessions, cf.. This document only deals with how the SIP signaling is protected between the subscriber and the IMS, how the subscriber is authenticated and how the subscriber authenticates the IMS.
