The C language’s most famous feature is the buffer overflow. In fact, buffer overflow is responsible for four of the SANS top 25 programming errors leading to security vulnerabilities in the last year. Graham offers some advice on how to try and them.

Graham Lee says “One of the frequently asked questions regarding my impromptu code-signing talk at NSConference was: how can I share my signing certificate between multiple machines? I’ll show you, but I want to start with a bit of theory. I promise it won’t be too tedious (or it won’t be too long, anyway).”

One of the dirty little secrets of the security industry is that a lot of the techniques in use today are not exactly new, in fact many can be traced back to the classical world. The use of ciphers to encrypt messages was employed by the Roman general, Julius Caesar, and of course the Trojan horse was known about during the time of Homer. Daedalus famously performed a risk assessment on the waxen wings he constructed for himself and Icarus to escape from exile on Crete, but due to user error (and in a neat demonstration of the problem with relying on customers reading security documentation) the wings still suffered from a catastrophic integrity failure.

OS X’s API is full of unsung heroes. While everybody knows about Cocoa and Carbon, and is wowed by the new shinies such as Grand Central Dispatch or Core Animation, other components have been silently and solidly plugging away, forming a basic foundation on which the rest of the system can rest. This article is about one such component.

In the first instalment of his new column on security for OS X developers Graham Lee asks the controversial question “Should Mac developers be using anti-virus software”