Category: security

Human, All Too Human

New security vulnerability! As seen on Bruce Schneier's Blog: Human's aren't secure. Ha!

Link to story

Technorati tags for this post:

Tools Roundup

Tools, tools and more tools for the codemonkey! Here's a little summary of some of the tools I've been using lately.

SCM and Web Tools:

  • ViewCvs: We all love doing "cvs log file.C | more" and then "cvs diff -r1.12 -r1.13 file.C", but I admit that it's really nice to be able to browse the history of your project online. Viewcvs works with cvs and subversion and is used by no less an authority than sourceforge.net.
  • Enscript: I discovered this as it is used by viewcvs to syntax highlight and color code for online viewing. I tend to use it like "encript --language=html --highlight --color=1 -t 'Logger.C' -p Logger.html Logger.C".
  • eSVN: a really nice looking GUI frontend for subversion.
  • GraphViv defines a little language for describing graphs (DAG's and the like). There are utilities for converting the descriptions to beautiful images. See the gallery for examples. GraphViz is so pretty I'll be on the lookout for interesting datasets just so I can graph them.
Code Auditing Tools:
  • Flawfinder and Splint are static program checkers that flag uses of "unsafe" functions (like strcpy). I wish the use of tools like this would become common during development.
  • http://www.daemonkitty.net/lurene/papers/Audit.pdf: OpenBSD continuously audits its codebase, fixing bugs. When a new bug, or class of bugs is found, the entire code base gets re-audited looking for other instances of the bug. There's wisdom in that! We all know about buffer overflows and string format bugs, but what else have the OpenBSD team been fixing? Certainly you could review the security patches they've issued, or watch the changes to the HEAD of their CVS repo. The paper above is a shortcut: it lists the major flaws found in OpenBSD software.

Technorati tags for this post:

< Future 10 | Past 10 >