Security: May 2005 Archives

TIPPINST - Elsevier's magasine Computer Networks has a special issue on web traffic which may be of interest to the irishblogs community.

Computer Networks Volume 48 issue 5 (5th Aug 2005)
Articles include

Web security
Pages 697-699
P. McDaniel and Aviel D. Rubin

Remote timing attacks are practical
Pages 701-716
David Brumley and Dan Boneh

A multi-model approach to the detection of web-based attacks
Pages 717-738
Christopher Kruegel, Giovanni Vigna and William Robertson

A testing framework for Web application security assessment
Pages 739-761
Yao-Wen Huang, Chung-Hung Tsai, Tsung-Po Lin, Shih-Kun Huang, D.T. Lee and Sy-Yen Kuo

SSL splitting: Securely serving data from untrusted caches
Pages 763-779
Chris Lesniewski-Laas and M. Frans Kaashoek

WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Pages 781-807
Angelos Stavrou, Debra L. Cook, William G. Morein, Angelos D. Keromytis, Vishal Misra and Dan Rubenstein

XPref: a preference language for P3P
Pages 809-827
Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant and Yirong Xu

TIPPINST - A while back I wrote how I had managed to despam my blog using mt-blacklist. It turns out that my comments were being despammed but trackbacks were not. I discovered this morning that my site was riddled with trackback pings. It seems that I am not the only movable type user who suffers from this problem. One solution is to upgrade to movable type 3.0, if you don't wish to upgrade another solution to consider is the plugin TrackBackAntiSpam which has been developed by James Seng

James describes the solution as simple one "if the incoming trackback does not come from the host as stated in the URL, we reject the trackback."

The install is simple as only 1 file needs to be placed in the plugin folder.

Time will tell how effective it is.