This index covers articles that appeared in LWN on various security-related topics. Articles from 2007 on are indexed here.
Anonymity
Eavesdropping on Tor traffic (September 12, 2007)
AppArmor
Linux security non-modules and AppArmor (June 27, 2007)
The future of AppArmor (October 17, 2007)
TOMOYO Linux and pathname-based security (April 14, 2008)
Application binary interface (ABI)
Cascading security updates (February 27, 2008)
Authentication
Biometric
Fingerprint recognition using fprint (November 20, 2007)
Biometrics for identification (April 2, 2008)
Bypass
Authentication bypass in routers (March 5, 2008)
Backdoors
The backdooring of WordPress (March 7, 2007)
The backdooring of SquirrelMail (December 19, 2007)
Berkeley Internet Name Daemon (BIND)
Cache poisoning vulnerability found in BIND (July 25, 2007)
The dangers of weak random numbers (February 20, 2008)
Botnets
Storm worm gains strength (August 29, 2007)
ITU getting serious about botnets (November 28, 2007)
Browser cookies
Session cookies for web applications (May 21, 2008)
Bug reporting
Counting vulnerabilities (June 22, 2007)
Cascading security updates (February 27, 2008)
Secrecy and the DNS flaw (July 9, 2008)
Injunction lifted against MIT students (August 20, 2008)
Partial disclosure (October 8, 2008)
CAPTCHA
Breaking CAPTCHA (March 19, 2008)
CERT
GCC and pointer overflows (April 16, 2008)
Certifications
Red Hat and IBM get certified (June 20, 2007)
chroot()
What chroot() is really for (October 3, 2007)
Cross-site scripting (XSS)
Extended Validation certificates and cross-site scripting (March 12, 2008)
Detecting vulnerabilities
Capturing web attacks with open proxy honeypots (July 3, 2007)
Distributions
ParanoidLinux: from fiction to reality (October 1, 2008)
Distribution security
LCA: How to improve Debian security (January 17, 2007)
Security hardening for Debian (February 6, 2008)
Eee PC security or lack thereof (February 13, 2008)
Debian, OpenSSL, and a lack of cooperation (May 14, 2008)
Debian vulnerability has widespread effects (May 14, 2008)
SELinux and Fedora (July 9, 2008)
Ubuntu, security response, and community contributions (July 16, 2008)
Fedora distributes new keys (September 10, 2008)
Package managers
Trust and mirrors (July 16, 2008)
Document Object Model (DOM)
Finding bugs lurking in the DOM (January 30, 2008)
Leaking browser history (June 25, 2008)
Domain Name System (DNS)
Cache poisoning
Cache poisoning vulnerability found in BIND (July 25, 2007)
Secrecy and the DNS flaw (July 9, 2008)
Details of the DNS flaw revealed (August 13, 2008)
Email
Spam prevention
Backscatter increase clogs inboxes (April 9, 2008)
Encryption
DMCA
Another attempt at DMCA reform - sort of (February 28, 2007)
Email
Email privacy (November 7, 2007)
Filesystems
The Tahoe secure filesystem (April 30, 2008)
Web
The future of unencrypted web traffic (January 2, 2008)
Deep packet inspection (July 23, 2008)
Firefox
Firefox security status (June 6, 2007)
Firefox 3 SSL certificate warnings (August 27, 2008)
GCC
GCC and pointer overflows (April 16, 2008)
Hardening
Security hardening for Debian (February 6, 2008)
Hardware
Attacking network cards (May 28, 2008)
Hijacking
X programs
OpenSSH bug falls through the cracks (April 9, 2008)
Identity management
Bandit: multi-protocol identity management (September 26, 2007)
OpenID 2.0 closing in on acceptance (October 31, 2007)
Information leak
Our devices are spilling our secrets (August 1, 2007)
Integrity management
Integrity management in the kernel (March 28, 2007)
Internet
SCADA system vulnerabilities (June 11, 2008)
Deep packet inspection (July 23, 2008)
Honeypots
Capturing web attacks with open proxy honeypots (July 3, 2007)
Routers
Home routers and security flaws (October 10, 2007)
The Onion Router (Tor)
Eavesdropping on Tor traffic (September 12, 2007)
Voice over IP (VoIP)
The Skype outage (August 22, 2007)
Jails
What chroot() is really for (October 3, 2007)
Javascript
Web security vulnerabilities and Javascript (January 23, 2008)
Linux kernel
revoke() returns (December 18, 2007)
vmsplice(): the making of a local root exploit (February 11, 2008)
The rest of the vmsplice() exploit story (March 4, 2008)
Handling kernel security problems (July 16, 2008)
Kernel security, year to date (September 9, 2008)
System calls and rootkits (September 10, 2008)
DR rootkit released under the GPL (September 10, 2008)
Credentials
Credential records (September 25, 2007)
Linux/POSIX capabilities
LCA: How to improve Debian security (January 17, 2007)
Fixing CAP_SETPCAP (October 31, 2007)
Restricting root with per-process securebits (April 30, 2008)
Random number generation
On entropy and randomness (December 12, 2007)
Virtual file system (VFS)
A kernel security hole (January 16, 2008)
Linux Security Modules (LSM)
Linux security non-modules and AppArmor (June 27, 2007)
Smack for simplified access control (August 8, 2007)
SMACK meets the One True Security Module (October 2, 2007)
The future of AppArmor (October 17, 2007)
LSM: loadable or static? (October 24, 2007)
Kernel-based malware scanning (December 4, 2007)
TOMOYO Linux and pathname-based security (April 14, 2008)
OLS: Smack for embedded devices (August 6, 2008)
Networking
Filesystems
The Tahoe secure filesystem (April 30, 2008)
Obfuscation
Hiding open ports with shimmer (January 9, 2008)
Wireless
USB device authorization (July 17, 2007)
One Laptop Per Child (OLPC)
Bitfrost: the OLPC security model (February 7, 2007)
OLPC's software update problem (July 3, 2007)
OpenOffice.org
BadBunny? Only if you invite it in (June 12, 2007)
OpenSSH
OpenSSH bug falls through the cracks (April 9, 2008)
OpenSSH and keystroke timings (September 17, 2008)
OpenSSL
Debian, OpenSSL, and a lack of cooperation (May 14, 2008)
Debian vulnerability has widespread effects (May 14, 2008)
Organizations
oCERT and oss-security (June 4, 2008)
PHP
Tools
Scanning for PHP vulnerabilities with Pixy (June 27, 2007)
PostgreSQL
SE-PostgreSQL uses SELinux for database security (July 18, 2007)
Privacy
Our devices are spilling our secrets (August 1, 2007)
Eavesdropping on Tor traffic (September 12, 2007)
Email privacy (November 7, 2007)
Race conditions
Exploiting races in system call wrappers (August 15, 2007)
Exploiting symlinks and tmpfiles (September 19, 2007)
Random number generation
On entropy and randomness (December 12, 2007)
The dangers of weak random numbers (February 20, 2008)
Debian, OpenSSL, and a lack of cooperation (May 14, 2008)
Debian vulnerability has widespread effects (May 14, 2008)
Reference
The Application Security Desk Reference (June 18, 2008)
Research
Auctions
Security research: buy low, sell high? (July 11, 2007)
Rootkits
System calls and rootkits (September 10, 2008)
DR rootkit released under the GPL (September 10, 2008)
Ruby
Ruby security flaws expose release process problems (July 2, 2008)
Samba
Eee PC security or lack thereof (February 13, 2008)
Secure Sockets Layer (SSL)
Certificates
Extended Validation certificates and cross-site scripting (March 12, 2008)
Firefox 3 SSL certificate warnings (August 27, 2008)
Security Enhanced Linux (SELinux)
SE-PostgreSQL uses SELinux for database security (July 18, 2007)
SELinux and Fedora (July 9, 2008)
OLS: SELinux from academia to your desktop (July 30, 2008)
Newer kernels and older SELinux policies (September 24, 2008)
Signing code
Java cryptography and free distributions (March 14, 2007)
Integrity management in the kernel (March 28, 2007)
Spam
Backscatter increase clogs inboxes (April 9, 2008)
Talpa
Kernel-based malware scanning (December 4, 2007)
The TALPA molehill (August 6, 2008)
TALPA strides forward (August 27, 2008)
TOMOYO Linux
TOMOYO Linux and pathname-based security (April 14, 2008)
Tools
Access control
Smack for simplified access control (August 8, 2007)
Browser exploit detection
Finding bugs lurking in the DOM (January 30, 2008)
Firewall
All aboard the SmoothWall Express (August 29, 2007)
Hiding open ports with shimmer (January 9, 2008)
Password guessing prevention
Preventing brute force ssh attacks (October 24, 2007)
Penetration testing
Mobile phone or penetration tool? (September 24, 2008)
PHP code scanning
Scanning for PHP vulnerabilities with Pixy (June 27, 2007)
Policy management
Centralizing policy rules with PolicyKit (November 14, 2007)
SQL injection scanning
Find SQL injection vulnerabilities with sqlmap (September 3, 2008)
Voting machines
Securing our votes (August 8, 2007)
Voting machine integrity through transparency (March 26, 2008)
Vulnerabilities
Authentication bypass
Authentication bypass in routers (March 5, 2008)
Cross-site request forgery (CSRF)
Cross-site request forgery (October 17, 2007)
Cryptographic splicing
Cryptographic splicing makes for a Wordpress vulnerability (May 7, 2008)
Image handling
Image handling vulnerabilities (April 23, 2008)
Macro language (ab)use
BadBunny? Only if you invite it in (June 12, 2007)
Privilege escalation
vmsplice(): the making of a local root exploit (February 11, 2008)
The rest of the vmsplice() exploit story (March 4, 2008)
Standards, the kernel, and Postfix (August 20, 2008)
Race conditions
Exploiting races in system call wrappers (August 15, 2007)
SQL injection
Find SQL injection vulnerabilities with sqlmap (September 3, 2008)
Temporary files
Exploiting symlinks and tmpfiles (September 19, 2007)
Web application flaws
The backdooring of WordPress (March 7, 2007)
Home routers and security flaws (October 10, 2007)
Cross-site request forgery (October 17, 2007)
The backdooring of SquirrelMail (December 19, 2007)
Web security vulnerabilities and Javascript (January 23, 2008)
Cryptographic splicing makes for a Wordpress vulnerability (May 7, 2008)
Web browsers
Leaking browser history (June 25, 2008)
Web sessions
Session cookies for web applications (May 21, 2008)
