Red Hat Security Blog: February 2014 archives

  • Security audits through reimplementation

    For many networking protocols and file formats exist which interoperate with each other. Developing an implementation for a protocol or format diverges from previous implementations in subtle ways, at least initially. Such differences can uncover previously unnoticed corner cases which are not handled properly, and sometimes reveal security vulnerabilities. For example, in the mid-90s, it was discovered that Samba's SMB client, smbclient, did not restrict user name length in the same way...
    Posted 2014-02-26T14:30:23+00:00 - 0
  • Embedded Vulnerability Detection command line tool

    The Victims project is a Red Hat initiative that aims to detect known vulnerable dependencies in Java projects and deployments. Our initial focus was Java projects that were built using Maven. The victims-enforcer plug-in for Maven provides developers with immediate feedback if any of their project dependencies contain known vulnerabilities. However, until recently we did not have a good solution for scanning deployments or tools that work outside of a typical build and release cycle. The alpha...
    Posted 2014-02-05T14:30:45+00:00 - 0