Feeds
The Register Columnists

Jason Miller

Contact Mail Follow RSS feed
channel

Sendmail and secure design

Recently, Mark Dowd of ISS discovered a signal handling vulnerability in Sendmail. We don't see major bugs in software that's as popular as Sendmail very often (at least, in the Unix world anyways), and that's probably a good thing. According to sendmail.com, Sendmail still handles about 70 per cent of all email on the internet …
Jason Miller, 07 May 2006
channel

The value of vulnerabilities

There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public? One of the things I really love about information security is the large number …
Jason Miller, 08 Mar 2006
For Sale sign detail

How not to respond to a security advisory

A recently announced weakness in the BSD securelevel system isn't going to be fixed in OpenBSD. While securelevel may have problems, the vendor's security response is unacceptable and doesn't fit with its stated goals. Recently, I stumbled across an interesting security advisory by RedTeam Pentesting, that discussed a …
Jason Miller, 19 Jan 2006
channel

Apple patch fiasco invites trouble

According to the Apple website, Security Update 2005-007 was released to the public on August 12, 2005. And, as with all of their recent security updates, it is available to all Apple customers free of charge. I'm sure none of you reading this article will argue with me about that being a good thing. For those of you that …
Jason Miller, 19 Aug 2005