Group Details 25 Most Dangerous Coding Errors Hackers Exploit
Computerworld (01/12/09) Vijayan, Jaikumar
A group of 35 high-profile organizations, including the U.S. Department of Homeland Security and the National Security Agency's Information Assurance Division, has released a list of the 25 most serious programming errors. The goal is to focus attention on dangerous software-development practices and ways to avoid those practices, according to officials at the SANS Institute, which coordinated the list's creation. Releasing the list is intended to give software buyers, developers, and training programs a tool to identify programming errors known to create serious security risks. The list will be adjusted as necessary to accommodate new or particularly dangerous programming errors that might arise. The list is divided into three classes. Nine errors on the list are categorized as insecure interactions between components, another nine are classified as risky resource management errors, and the rest are considered "porous defense" problems. The top two problems are improper input validation and improper output encoding errors, which are regularly made by numerous programmers and are believed to be responsible for the attacks that compromised hundreds of thousands of Web pages and databases in 2008. Other programming errors include a failure to preserve SQL query, Web page structures leading to SQL injection attacks, cross-site scripting vulnerabilities, buffer-overflow mistakes, and chatter error messages.
A Breakthrough in Imaging: Seeing a Virus in Three Dimensions
New York Times (01/13/09) P. D3; Markoff, John
IBM researchers have successfully captured a three-dimensional (3D) image of a virus for the first time. The researchers, based at IBM's Almaden Research Center, used magnetic resonance force microscopy (MRFM) to capture a 3D image of a tobacco mosaic virus with a spatial resolution down to four nanometers. MRFM uses an ultrasmall cantilever arm as a platform for specimens that are moved in and out of proximity of a tiny magnet. At extremely low temperatures, the researchers can measure the effect of the magnetic field on protons in the hydrogen atoms in the virus. By repeatedly switching the magnetic field, the researchers were able to cause a minute vibration in the cantilever arm, which was measured using a laser. Moving the virus through the magnetic field repeatedly allows a 3D image to be constructed from numerous two-dimensional samples. The researchers say the tool will help structural biologists working to unravel the structure and the interactions of proteins. MRFM will enable researchers to examine the proteins that make basic DNA structures and make images of interactions among biomolecules.
View Full Article