http://www.usefulsecurity.com Solving real security problems that matter to real users Tue, 02 Jun 2009 20:26:21 +0000 http://backend.userland.com/rss092 en I was pleased to see that Google Chromium (the open project behind Google Chrome) is utilizing OS X sandboxes as well. This is the first I've heard of a third-party application developer utilizing sandboxes. Kudos to Google for pushing the limit when it comes to browser security. You can read ... http://www.usefulsecurity.com/2009/06/sandboxes-used-in-google-chromium/ It looks like Apple will be using sandboxes for a bit more than the current couple processes in the future (perhaps Snow Leopard). Looking at the CUPS code (CUPS was purchased by Apple in February of last year), they've added support for sandboxes to their development tree, which will theoretically ... http://www.usefulsecurity.com/2008/06/apple-sandboxes-further-use/ Here are a couple of examples of using sandboxes in Leopard. Both examples involve confining a test application that needs to read a file, but should not be able to write that file. I realize that this could be easily implemented with standard Discretionary Access Control (DAC) mechanisms, but this ... http://www.usefulsecurity.com/2007/11/apple-sandboxes-part-2/ Linux isn't the only operating system with activity in the enhanced access control department. Apple recently released Mac OS X 10.5 Leopard, which includes a new feature called a sandbox (or seatbelt, depending on where you're looking) as well. I delved into the sandbox mechanisms a bit and wanted to ... http://www.usefulsecurity.com/2007/11/apple-sandboxes-part-1/ I had the distinct opportunity to speak at the Montavista Vision conference about SELinux in embedded devices. I'd like to say thanks to all who attended my talk. A copy of the slides is available here. Thanks for all the questions. I hope I answered them to your satisfaction. Some of ... http://www.usefulsecurity.com/2007/10/montavista-vision-2007/ I'd like to say thanks to all who attended my talk at LinuxWorld. A copy of the slides is available here. I hope you enjoyed it and got a lot out of it. I just posted the second demo in full here, and I'll try to get the last one ... http://www.usefulsecurity.com/2007/08/linuxworld-07/ Problem While it is always preferable to keep confidential information such as customer records away from a website, that is often not feasible. This is especially true in ecommerce, but is true in other areas as well. In order to protect this information, most people will employ some sort of authentication ... http://www.usefulsecurity.com/2007/08/preventing-disclosure/ Problem Web applications can be a source of very frequent vulnerabilities. These vulnerabilities can stem from bugs in the program itself as well as the libraries and frameworks upon which it depends. These vulnerabilities are often used as the entry-point for an attacker to upload malicious software onto a system. This ... http://www.usefulsecurity.com/2007/08/vulnerable-web-applications/ Welcome to usefulsecurity.com. This blog is dedicated to providing tips, pointers, howtos, and other information on solving real security problems. Too often today security professionals come up with "solutions" that don't really help users solve their security problems. This stems from many reasons, including not understanding the problem correctly, not ... http://www.usefulsecurity.com/2007/08/useful-security/