This index covers articles that appeared in LWN on various security-related topics. Articles from 2007 on are indexed here.
Anonymity
Eavesdropping on Tor traffic (September 12, 2007)
TorProxy and Shadow (October 14, 2009)
The Amnesic Incognito Live System: A live CD for anonymity (April 27, 2011)
Phantom: Decentralized anonymous networking (June 8, 2011)
Apache
Apache attacked by a "slow loris" (June 24, 2009)
Apache range request denial of service (August 31, 2011)
AppArmor
Linux security non-modules and AppArmor (June 27, 2007)
The future of AppArmor (October 17, 2007)
TOMOYO Linux and pathname-based security (April 14, 2008)
Application binary interface (ABI)
Cascading security updates (February 27, 2008)
Authentication
Fedora accepting YubiKey one-time passwords (October 13, 2010)
OATH: yesterday, today, and tomorrow (December 15, 2010)
Trusted internet identity (January 12, 2011)
The end of OpenID? (February 2, 2011)
BrowserID: A new web authentication scheme (July 27, 2011)
Password storage on Android devices (August 3, 2011)
SSSD: System Security Services Daemon (September 27, 2011)
Enforcing password strength (October 12, 2011)
A Periodic Table of password managers (November 9, 2011)
Biometric
Fingerprint recognition using fprint (November 21, 2007)
Biometrics for identification (April 2, 2008)
Bypass
Authentication bypass in routers (March 5, 2008)
Backdoors
The backdooring of WordPress (March 7, 2007)
The backdooring of SquirrelMail (December 19, 2007)
A backdoor in UnrealIRCd (June 16, 2010)
Berkeley Internet Name Daemon (BIND)
Cache poisoning vulnerability found in BIND (July 25, 2007)
The dangers of weak random numbers (February 20, 2008)
Books
Book Review: Hacking VoIP (January 28, 2009)
Book review: Nmap Network Scanning (February 18, 2009)
Botnets
Storm worm gains strength (August 29, 2007)
ITU getting serious about botnets (November 28, 2007)
Storm botnet used to study spam (November 12, 2008)
Linux botnets (March 25, 2009)
SCALE 8x: Ten million and one penguins (March 10, 2010)
Browser cookies
Session cookies for web applications (May 21, 2008)
Another kind of cookie (October 29, 2008)
Should web developers say no to cookie-based authentication? (March 24, 2010)
Bug reporting
Counting vulnerabilities (June 22, 2007)
Cascading security updates (February 27, 2008)
Secrecy and the DNS flaw (July 9, 2008)
Injunction lifted against MIT students (August 20, 2008)
Partial disclosure (October 8, 2008)
Distribution advisories (November 26, 2008)
"Vishing" advisory targets Asterisk (December 17, 2008)
Vulnerability disclosure policies (July 7, 2010)
The future of vendor-sec (March 9, 2011)
Python vulnerability disclosure (April 27, 2011)
An odd vulnerability report for LibreOffice (October 5, 2011)
CAPTCHA
Breaking CAPTCHA (March 19, 2008)
CERT
GCC and pointer overflows (April 16, 2008)
Certificate Authorities (CAs)
Mozilla and CNNIC (February 3, 2010)
EFF analyzes SSL certificates and certificate authorities (August 11, 2010)
The case of the fraudulent SSL certificates (March 23, 2011)
Fallout from the fraudulent SSL certificates (March 30, 2011)
Certificates and "authorities" (September 7, 2011)
Convergence: User-controlled SSL certificate checking (October 19, 2011)
Certifications
Red Hat and IBM get certified (June 20, 2007)
Fedora and CAPP (December 10, 2008)
chroot()
What chroot() is really for (October 3, 2007)
Cross-site scripting (XSS)
Extended Validation certificates and cross-site scripting (March 12, 2008)
Mozilla's Content Security Policy (July 1, 2009)
Cross-site scripting here at LWN (November 4, 2009)
Chrome reflective XSS protection (November 4, 2009)
Cryptography
BruCON: Can we trust cryptography? (September 30, 2009)
Bitcoin: Virtual money created by CPU cycles (November 10, 2010)
Desktop Summit: Crypto consolidation (August 10, 2011)
On keys, trust, and webs (October 5, 2011)
Desktop
Desktop malware risk gets raised and patched (February 25, 2009)
A desktop "secrets" API (July 29, 2009)
Linux malware: an incident and some solutions (December 23, 2009)
Where are the non-root X servers? (September 8, 2010)
Linux autorun vulnerabilities? (February 9, 2011)
Detecting vulnerabilities
Capturing web attacks with open proxy honeypots (July 3, 2007)
Bluepot: A honeypot for Bluetooth attacks (February 16, 2011)
Distrbution security
UDS security discussions (May 18, 2011)
Phones and permissions (June 2, 2011)
Security testing tools for Fedora (August 10, 2011)
Six years of RHEL 4 security (August 17, 2011)
Security response: how are we doing? (November 16, 2011)
Distributions
ParanoidLinux: from fiction to reality (October 1, 2008)
Tin Hat: secured by running from RAM (March 18, 2009)
BackTrack 4: the security professional's toolbox (January 20, 2010)
Fedora 13 to debut a security "spin" (March 3, 2010)
IPFire 2.5: Firewalls and more (April 28, 2010)
Qubes: security by virtualization (May 5, 2010)
Lightweight Portable Security (December 15, 2010)
Deliberately insecure Linux distributions as practice targets (April 6, 2011)
The Amnesic Incognito Live System: A live CD for anonymity (April 27, 2011)
Security testing with BackBox 2 (September 8, 2011)
Distribution security
LCA: How to improve Debian security (January 17, 2007)
Security hardening for Debian (February 6, 2008)
Eee PC security or lack thereof (February 13, 2008)
Debian, OpenSSL, and a lack of cooperation (May 14, 2008)
Debian vulnerability has widespread effects (May 14, 2008)
SELinux and Fedora (July 9, 2008)
Ubuntu, security response, and community contributions (July 16, 2008)
Fedora distributes new keys (September 10, 2008)
Distribution advisories (November 26, 2008)
Fedora and CAPP (December 10, 2008)
OpenVAS replacing Nessus in Debian (August 12, 2009)
Fedora 12 and unprivileged package installation (November 20, 2009)
Fedora's privilege escalation policy proposal (February 3, 2010)
FOSDEM'10: Maemo 6 platform security (February 10, 2010)
Distribution security response times (September 22, 2010)
A high-level view of the MeeGo security landscape (November 17, 2010)
The MeeGo security framework (November 24, 2010)
CentOS 5, RHEL 5.6, and security updates (February 23, 2011)
Arch Linux and (the lack of) package signing (March 23, 2011)
MeeGo rethinks privacy protection (April 13, 2011)
Package managers
Trust and mirrors (July 16, 2008)
Attacks on package managers (April 8, 2009)
Document Object Model (DOM)
Finding bugs lurking in the DOM (January 30, 2008)
Leaking browser history (June 25, 2008)
Domain Name System (DNS)
DNSCurve: an alternative to DNSSEC (July 8, 2009)
TCP cookie transactions (December 16, 2009)
An interesting DNSSEC amplification (July 14, 2010)
Cache poisoning
Cache poisoning vulnerability found in BIND (July 25, 2007)
Secrecy and the DNS flaw (July 9, 2008)
Details of the DNS flaw revealed (August 13, 2008)
Email
Trustedbird: Additional email security for Thunderbird (February 24, 2010)
Spam prevention
Backscatter increase clogs inboxes (April 9, 2008)
On comment spam (July 28, 2010)
Embedded systems
Threat models for embedded devices (April 14, 2010)
BruCON: How to take over the world by breaking into embedded systems (September 29, 2010)
Default "secrets" (January 5, 2011)
Encryption
GUADEC: Danny O'Brien on privacy, encryption, and the desktop (August 4, 2010)
Thwarting internet censors with Collage (September 1, 2010)
Tarsnap advisory provides a few lessons (January 19, 2011)
A hole in crypt_blowfish (June 22, 2011)
Martus: Software for human rights groups (October 18, 2011)
Disk
"Evil Maid" attack against disk encryption (October 28, 2009)
DMCA
Another attempt at DMCA reform - sort of (February 28, 2007)
Email
Email privacy (November 7, 2007)
Trustedbird: Additional email security for Thunderbird (February 24, 2010)
STEED: End-to-end email encryption (October 26, 2011)
Filesystems
The Tahoe secure filesystem (April 30, 2008)
Key management
Trusted and encrypted keys (October 6, 2010)
Default "secrets" (January 5, 2011)
On keys and users (June 22, 2011)
Mobile phone
GSM encryption crack made public (January 6, 2010)
Network
Transport-level encryption with Tcpcrypt (August 25, 2010)
Web
The future of unencrypted web traffic (January 2, 2008)
Deep packet inspection (July 23, 2008)
HTTPS Everywhere brings HTTPS almost everywhere (June 30, 2010)
LFNW: Seth Schoen stumps for SSL (May 4, 2011)
Web application data
Encrypting users' web data with Grendel (January 27, 2010)
Firefox
Firefox security status (June 7, 2007)
Firefox 3 SSL certificate warnings (August 27, 2008)
Firefox security add-ons (January 21, 2009)
Firefox locks down the components directory (November 24, 2009)
Mozilla's Plugin Check (June 9, 2010)
HTTPS Everywhere brings HTTPS almost everywhere (June 30, 2010)
Free software infrastructure
On the security of our processes and infrastructure (September 8, 2011)
Kernel.org's road to recovery (October 4, 2011)
On keys, trust, and webs (October 5, 2011)
KS2011: Kernel.org report (October 24, 2011)
Safeguarding GNOME.org with an upload lockdown (November 16, 2011)
GCC
GCC and pointer overflows (April 16, 2008)
Glibc
Two glibc vulnerabilities (October 27, 2010)
Hardening
Security hardening for Debian (February 6, 2008)
LSS: The kernel hardening roundtable (September 15, 2011)
Hardware
Attacking network cards (May 28, 2008)
WebGL vulnerabilities (May 25, 2011)
Hijacking
X programs
OpenSSH bug falls through the cracks (April 9, 2008)
Home network
The Freedom Box gets off the ground (February 23, 2011)
LinuxCon: FreedomBox update and plans (August 24, 2011)
Identity management
Bandit: multi-protocol identity management (September 26, 2007)
OpenID 2.0 closing in on acceptance (October 31, 2007)
OpenID Connect (June 2, 2010)
The end of OpenID? (February 2, 2011)
BrowserID: A new web authentication scheme (July 27, 2011)
SSSD: System Security Services Daemon (September 27, 2011)
Information leak
Our devices are spilling our secrets (August 1, 2007)
Sanitizing kernel memory (May 27, 2009)
Page sanitization, part 2 (June 3, 2009)
Integrity management
Integrity management in the kernel (March 28, 2007)
System integrity in Linux (December 3, 2008)
Integrity management using Intel TXT (April 1, 2009)
Enabling DRM in the kernel? (May 20, 2009)
Enabling Intel TXT in Fedora (April 7, 2010)
The return of EVM (June 30, 2010)
UEFI and "secure boot" (June 15, 2011)
Fedora reexamines "trusted boot" (June 29, 2011)
An update on UEFI secure boot (October 26, 2011)
Internet
SCADA system vulnerabilities (June 11, 2008)
Deep packet inspection (July 23, 2008)
Pogoplug makes internet data sharing easy (December 9, 2009)
TCP cookie transactions (December 16, 2009)
Security in the 20-teens (February 1, 2010)
The Freedom Box gets off the ground (February 23, 2011)
Phantom: Decentralized anonymous networking (June 8, 2011)
Unpredictable sequence numbers (August 17, 2011)
LinuxCon: FreedomBox update and plans (August 24, 2011)
Honeypots
Capturing web attacks with open proxy honeypots (July 3, 2007)
Routers
Home routers and security flaws (October 10, 2007)
Linux adds router denial-of-service prevention (March 17, 2010)
The Onion Router (Tor)
Eavesdropping on Tor traffic (September 12, 2007)
TorProxy and Shadow (October 14, 2009)
Voice over IP (VoIP)
The Skype outage (August 22, 2007)
"Vishing" advisory targets Asterisk (December 17, 2008)
Book Review: Hacking VoIP (January 28, 2009)
A trojan for Skype (September 2, 2009)
Jails
What chroot() is really for (October 3, 2007)
Javascript
Web security vulnerabilities and Javascript (January 23, 2008)
All the malware that's fit to print (September 16, 2009)
Kernel.org
On the security of our processes and infrastructure (September 8, 2011)
Kernel.org's road to recovery (October 4, 2011)
KS2011: Kernel.org report (October 24, 2011)
Linux kernel
revoke() returns (December 18, 2007)
vmsplice(): the making of a local root exploit (February 12, 2008)
The rest of the vmsplice() exploit story (March 4, 2008)
Handling kernel security problems (July 16, 2008)
Kernel security, year to date (September 9, 2008)
System calls and rootkits (September 10, 2008)
DR rootkit released under the GPL (September 10, 2008)
The future for grsecurity (January 7, 2009)
Seccomp and sandboxing (May 13, 2009)
Sanitizing kernel memory (May 27, 2009)
Page sanitization, part 2 (June 3, 2009)
Fun with NULL pointers, part 1 (July 20, 2009)
Fun with NULL pointers, part 2 (July 21, 2009)
Null pointers, one month later (August 18, 2009)
/proc and directory permissions (October 28, 2009)
Another null pointer exploit (November 4, 2009)
The x86_64 DOS hole (February 2, 2010)
2.6.32.9 Release notes (February 21, 2010)
Linux adds router denial-of-service prevention (March 17, 2010)
Symbolic links in "sticky" directories (June 2, 2010)
An ancient kernel hole is closed (August 18, 2010)
The hazards of 32/64-bit compatibility (September 22, 2010)
Trusted and encrypted keys (October 6, 2010)
Kernel vulnerabilities: old or new? (October 19, 2010)
Pathname-based hooks for SELinux? (December 8, 2010)
Extending the use of RO and NX (January 12, 2011)
Protecting /proc/slabinfo (March 9, 2011)
Seccomp: replacing security modules? (May 16, 2011)
Kernel address randomization (May 24, 2011)
Seccomp filters: No clear path (July 7, 2011)
Reactive vs. pro-active kernel security (July 13, 2011)
LSS: The kernel hardening roundtable (September 15, 2011)
Credentials
Credential records (September 25, 2007)
Linux/POSIX capabilities
LCA: How to improve Debian security (January 17, 2007)
Fixing CAP_SETPCAP (October 31, 2007)
Restricting root with per-process securebits (April 30, 2008)
Filesystem capabilities in Fedora 10 (January 7, 2009)
Another Linux capabilities hole found (April 15, 2009)
Linux capabilities support for user namespaces (December 22, 2010)
Capabilities for loading network modules (March 2, 2011)
Netfilter
Passive OS fingerprinting added to netfilter (June 10, 2009)
Random number generation
On entropy and randomness (December 12, 2007)
Linux ASLR vulnerabilities (April 29, 2009)
Random numbers for ASLR (May 13, 2009)
Virtual file system (VFS)
A kernel security hole (January 16, 2008)
Linux malware
Linux malware: an incident and some solutions (December 23, 2009)
Linux Security Modules (LSM)
Linux security non-modules and AppArmor (June 27, 2007)
Smack for simplified access control (August 8, 2007)
SMACK meets the One True Security Module (October 2, 2007)
The future of AppArmor (October 17, 2007)
LSM: loadable or static? (October 24, 2007)
Kernel-based malware scanning (December 4, 2007)
TOMOYO Linux and pathname-based security (April 14, 2008)
OLS: Smack for embedded devices (August 6, 2008)
Snet and the LSM API (January 28, 2009)
Restricting the network (January 6, 2010)
FBAC-LSM (January 13, 2010)
LSM stacking (again) (June 23, 2010)
Pathname-based hooks for SELinux? (December 8, 2010)
Supporting multiple LSMs (February 9, 2011)
MeeGo rethinks privacy protection (April 13, 2011)
Seccomp: replacing security modules? (May 16, 2011)
LSS: LSM roundtable (September 14, 2011)
Mobile phones
Android's first vulnerability (November 5, 2008)
Android application security (February 4, 2009)
What lessons can be learned from the iPhone worms? (November 11, 2009)
GSM encryption crack made public (January 6, 2010)
FOSDEM'10: Maemo 6 platform security (February 10, 2010)
Remotely wiping mobile phones (September 15, 2010)
Questions about Android's security model (October 6, 2010)
Bluepot: A honeypot for Bluetooth attacks (February 16, 2011)
Guardian: Better privacy and security for Android (May 11, 2011)
Phones and permissions (June 2, 2011)
Password storage on Android devices (August 3, 2011)
Networking
Unpredictable sequence numbers (August 17, 2011)
Filesystems
The Tahoe secure filesystem (April 30, 2008)
Obfuscation
Hiding open ports with shimmer (January 9, 2008)
Wireless
USB device authorization (July 17, 2007)
One Laptop Per Child (OLPC)
Bitfrost: the OLPC security model (February 7, 2007)
OLPC's software update problem (July 3, 2007)
OpenOffice.org/LibreOffice
BadBunny? Only if you invite it in (June 12, 2007)
An odd vulnerability report for LibreOffice (October 5, 2011)
OpenSSH
OpenSSH bug falls through the cracks (April 9, 2008)
OpenSSH and keystroke timings (September 17, 2008)
SSH plaintext recovery vulnerability (November 19, 2008)
Crying wolf over OpenSSH (July 15, 2009)
Distributed brute force ssh attacks (October 21, 2009)
SSH: passwords or keys? (January 13, 2010)
Trust, but verify (February 17, 2010)
OpenSSL
Debian, OpenSSL, and a lack of cooperation (May 14, 2008)
Debian vulnerability has widespread effects (May 14, 2008)
Organizations
oCERT and oss-security (June 4, 2008)
Password hashing
A hole in crypt_blowfish (June 22, 2011)
Passwords
Enforcing password strength (October 12, 2011)
A Periodic Table of password managers (November 9, 2011)
Phishing
Redirecting browser tabs via "tabnabbing" (May 26, 2010)
PHP
Tools
Scanning for PHP vulnerabilities with Pixy (June 27, 2007)
Physical security
"Evil Maid" attack against disk encryption (October 28, 2009)
PostgreSQL
SE-PostgreSQL uses SELinux for database security (July 18, 2007)
Privacy
Our devices are spilling our secrets (August 1, 2007)
Eavesdropping on Tor traffic (September 12, 2007)
Email privacy (November 7, 2007)
Another kind of cookie (October 29, 2008)
GUADEC: Danny O'Brien on privacy, encryption, and the desktop (August 4, 2010)
Thwarting internet censors with Collage (September 1, 2010)
Private browsing: not so private? (September 22, 2010)
Web tracking and "Do Not Track" (January 26, 2011)
Developments in web tracking protection (April 20, 2011)
The Amnesic Incognito Live System: A live CD for anonymity (April 27, 2011)
Phantom: Decentralized anonymous networking (June 8, 2011)
Python
Reviving Python restricted mode (March 4, 2009)
Race conditions
Exploiting races in system call wrappers (August 15, 2007)
Exploiting symlinks and tmpfiles (September 19, 2007)
Symbolic links in "sticky" directories (June 2, 2010)
Seunshare, /tmp directories, and the "sticky" bit (March 2, 2011)
Random number generation
On entropy and randomness (December 12, 2007)
The dangers of weak random numbers (February 20, 2008)
Debian, OpenSSL, and a lack of cooperation (May 14, 2008)
Debian vulnerability has widespread effects (May 14, 2008)
Linux ASLR vulnerabilities (April 29, 2009)
Random numbers for ASLR (May 13, 2009)
Reference
The Application Security Desk Reference (June 18, 2008)
Research
Auctions
Security research: buy low, sell high? (July 11, 2007)
Rootkits
System calls and rootkits (September 10, 2008)
DR rootkit released under the GPL (September 10, 2008)
Ruby
Ruby security flaws expose release process problems (July 2, 2008)
Samba
Eee PC security or lack thereof (February 13, 2008)
Secure boot
UEFI and "secure boot" (June 15, 2011)
Fedora reexamines "trusted boot" (June 29, 2011)
An update on UEFI secure boot (October 26, 2011)
Secure Sockets Layer (SSL)
TLS renegotiation vulnerability (November 18, 2009)
Postfix TLS plaintext injection (March 16, 2011)
Certificates
Extended Validation certificates and cross-site scripting (March 12, 2008)
Firefox 3 SSL certificate warnings (August 27, 2008)
SSL man-in-the-middle attacks (December 24, 2008)
SSL certificates and MD5 collisions (January 14, 2009)
SSL flaws revealed at Black Hat (August 5, 2009)
GUADEC: Danny O'Brien on privacy, encryption, and the desktop (August 4, 2010)
EFF analyzes SSL certificates and certificate authorities (August 11, 2010)
The case of the fraudulent SSL certificates (March 23, 2011)
Fallout from the fraudulent SSL certificates (March 30, 2011)
Certificates and "authorities" (September 7, 2011)
Convergence: User-controlled SSL certificate checking (October 19, 2011)
Security Enhanced Linux (SELinux)
SE-PostgreSQL uses SELinux for database security (July 18, 2007)
SELinux and Fedora (July 9, 2008)
OLS: SELinux from academia to your desktop (July 30, 2008)
Newer kernels and older SELinux policies (September 24, 2008)
SELinux permissive domains (October 15, 2008)
MeeGo rethinks privacy protection (April 13, 2011)
SHA-1
Dealing with weakness in SHA-1 (June 17, 2009)
Signing code
Java cryptography and free distributions (March 14, 2007)
Integrity management in the kernel (March 28, 2007)
Enabling DRM in the kernel? (May 20, 2009)
Enabling Intel TXT in Fedora (April 7, 2010)
UEFI and "secure boot" (June 15, 2011)
An update on UEFI secure boot (October 26, 2011)
Software updates
Forcing updates (February 11, 2009)
The Firefox extension war (May 6, 2009)
Spam
Backscatter increase clogs inboxes (April 9, 2008)
Storm botnet used to study spam (November 12, 2008)
On comment spam (July 28, 2010)
A decline in email spam? (July 7, 2011)
Talpa
Kernel-based malware scanning (December 4, 2007)
The TALPA molehill (August 6, 2008)
TALPA strides forward (August 27, 2008)
TOMOYO Linux
TOMOYO Linux and pathname-based security (April 14, 2008)
Tools
Finding buffer overflows with Parfait (July 29, 2009)
Deliberately insecure Linux distributions as practice targets (April 6, 2011)
Access control
Smack for simplified access control (August 8, 2007)
Browser exploit detection
Finding bugs lurking in the DOM (January 30, 2008)
Firewall
All aboard the SmoothWall Express (August 29, 2007)
Hiding open ports with shimmer (January 9, 2008)
IPFire 2.5: Firewalls and more (April 28, 2010)
Fuzzing
Fusil: a Python fuzzing library (March 11, 2009)
Intrusion detection
OSSEC for host-based intrusion detection (April 21, 2010)
Network vulnerability scanner
OpenVAS replacing Nessus in Debian (August 12, 2009)
OS detection
Passive OS fingerprinting added to netfilter (June 10, 2009)
Password guessing prevention
Preventing brute force ssh attacks (October 24, 2007)
Distributed brute force ssh attacks (October 21, 2009)
Penetration testing
Mobile phone or penetration tool? (September 24, 2008)
Security testing with BackBox 2 (September 8, 2011)
PHP code scanning
Scanning for PHP vulnerabilities with Pixy (June 27, 2007)
Policy management
Centralizing policy rules with PolicyKit (November 14, 2007)
SQL injection scanning
Find SQL injection vulnerabilities with sqlmap (September 3, 2008)
Web application scanning
Web application scanning with skipfish (March 31, 2010)
Tradeoffs
Reactive vs. pro-active kernel security (July 13, 2011)
Blender security vs. usability (July 20, 2011)
Transport Layer Security (TLS)
TLS renegotiation vulnerability (November 18, 2009)
Postfix TLS plaintext injection (March 16, 2011)
Virtualization
LinuxCon: Secure virtualization with sVirt (September 23, 2009)
Qubes: security by virtualization (May 5, 2010)
Virus scanning
DazukoFS: a stackable filesystem for virus scanning (February 11, 2009)
ClamAV 0.96 adds executable virus signatures and more (May 12, 2010)
Voting machines
Securing our votes (August 8, 2007)
Voting machine integrity through transparency (March 26, 2008)
Vulnerabilities
Striking back against web attackers (June 23, 2010)
Authentication bypass
Authentication bypass in routers (March 5, 2008)
Cross-site request forgery (CSRF)
Cross-site request forgery (October 17, 2007)
Cryptographic splicing
Cryptographic splicing makes for a Wordpress vulnerability (May 7, 2008)
Denial of service
Apache attacked by a "slow loris" (June 24, 2009)
Using HTTP POST for denial of service (December 1, 2010)
HTTP range headers
Apache range request denial of service (August 31, 2011)
HTTP response splitting
HTTP response splitting (October 17, 2008)
Image handling
Image handling vulnerabilities (April 23, 2008)
Information leak
Linux ASLR vulnerabilities (April 29, 2009)
Macro language (ab)use
BadBunny? Only if you invite it in (June 12, 2007)
Blender security vs. usability (July 20, 2011)
Privilege escalation
vmsplice(): the making of a local root exploit (February 12, 2008)
The rest of the vmsplice() exploit story (March 4, 2008)
Standards, the kernel, and Postfix (August 20, 2008)
Another Linux capabilities hole found (April 15, 2009)
A privilege escalation flaw in udev (April 22, 2009)
Fun with NULL pointers, part 1 (July 20, 2009)
Fun with NULL pointers, part 2 (July 21, 2009)
Null pointers, one month later (August 18, 2009)
Attacks against WordPress installations (September 9, 2009)
On the importance of return codes (December 2, 2009)
Two glibc vulnerabilities (October 27, 2010)
Calibre and setuid (November 2, 2011)
Race conditions
Exploiting races in system call wrappers (August 15, 2007)
SQL injection
Find SQL injection vulnerabilities with sqlmap (September 3, 2008)
Temporary files
Exploiting symlinks and tmpfiles (September 19, 2007)
Symbolic links in "sticky" directories (June 2, 2010)
Web application flaws
The backdooring of WordPress (March 7, 2007)
Home routers and security flaws (October 10, 2007)
Cross-site request forgery (October 17, 2007)
The backdooring of SquirrelMail (December 19, 2007)
Web security vulnerabilities and Javascript (January 23, 2008)
Cryptographic splicing makes for a Wordpress vulnerability (May 7, 2008)
Attacks against WordPress installations (September 9, 2009)
Striking back against web attackers (June 23, 2010)
Web browsers
Leaking browser history (June 25, 2008)
The Firefox extension war (May 6, 2009)
Google's Native Client (June 3, 2009)
Mozilla's Content Security Policy (July 1, 2009)
Google's Chromium sandbox (August 19, 2009)
Firefox extension vulnerabilities (August 26, 2009)
Firefox locks down the components directory (November 24, 2009)
Google Chrome and master passwords (May 19, 2010)
Redirecting browser tabs via "tabnabbing" (May 26, 2010)
Mozilla's Plugin Check (June 9, 2010)
HTTPS Everywhere brings HTTPS almost everywhere (June 30, 2010)
A trojan in a Firefox security add-on (July 21, 2010)
Private browsing: not so private? (September 22, 2010)
Gathering session cookies with Firesheep (November 3, 2010)
Web tracking and "Do Not Track" (January 26, 2011)
Developments in web tracking protection (April 20, 2011)
LFNW: Seth Schoen stumps for SSL (May 4, 2011)
WebGL vulnerabilities (May 25, 2011)
Web sessions
Session cookies for web applications (May 21, 2008)
Should web developers say no to cookie-based authentication? (March 24, 2010)