SecPapers
Call for Participation Workshop DIMVA 2004 May 14 2004 07:29AM
thomas suse de (Thomas Biege) (1 replies)
Info Security Writers (ISW) Papers Update (April) May 22 2004 10:49PM
Von Spangler (staticreply yahoo com)
ISW's PAPERS UPDATE

++++++++++++++++++++++++++++
Exploitation / Vulnerability
++++++++++++++++++++++++++++

- Abhishek Kumar: ?Discovering Passwords in the
Memory?
Discusses the dangers of using plain text passwords in
memory, a common vulnerability that can be exploited
by low privileged users to steal critical passwords
and escalate their privileges.
http://www.infosecwriters.com/text_resources/pdf/Discovering_Passwords_I
n_Memory.pdf

- **APRIL WINNER** Shaun Colley: ?Crafting Symlinks
for Fun and Profit?
Attempts to demonstrate and analyze the risks of sym
link bugs at large, providing interesting case-studies
where necessary. Information on preventing these sorts
of attacks is also provided, with general safe-guards
against preventing them.
http://www.infosecwriters.com/texts.php?op=display&id=159

- Angelo Rosiello: ?Stack Overflow?s Analysis &
Exploiting Ways?
A look at how the main processor works during a
program?s execution in order to really understand
STACK overflows.
http://www.infosecwriters.com/texts.php?op=display&id=157

+++++++++++++++++++++
Information Assurance
+++++++++++++++++++++

- Roberto Larcher: ?The easiest way to get around SSL?
Explains how it is often possible, with the simple
substitution of a string, to get around a ?secure?
implementation based on an incorrect use of SSL.
http://www.infosecwriters.com/text_resources/pdf/around_SSL_2.pdf

++++++++++++++++++++++++
Malware / Malicious Code
++++++++++++++++++++++++

- Marc-André Laverdière: ?Slammer: Before, During and
After?
A study on the Slammer - the situation before the
attack of the worm, the damage caused by its spread,
as well as the lessons learnt from this outbreak.
http://www.infosecwriters.com/text_resources/pdf/slammer_web.pdf

- Marcus Unknown: ?The Art of Rootkits (2nd ed)?
Guide to understanding what rootkits are; their
various types; features they pack:
backdoor/sniffing/log-deleting and more.
http://www.infosecwriters.com/texts.php?op=display&id=156

- Mike Lee & Brian Hitchen: ?The Killer Virus?
From a UK perspective, Mike Lee et al. looks at the
probable future of a devastating virus, how it may be
released and the excessively large scale havoc it can
reek.
http://www.infosecwriters.com/texts.php?op=display&id=155

+++++++++++++++++++++++++++++++++
Network Devices & Network Traffic
+++++++++++++++++++++++++++++++++

- Dazzed: ?Networking and PPP with OpenBSD 3.4?
Brief overview of setting up a OpenBSD system as a NAT
server with firewall capabilities using Packet Filter.
http://www.infosecwriters.com/texts.php?op=display&id=162

- Roberto Larcher: ?Predictability of Windows DNS
resolver?
Explains how it is often possible to predict the
?Transaction ID? and the ?UDP port number? used by
Windows? DNS Resolver. With this information it will
be shown how it is possible, under certain conditions,
to win the race against the regular DNS server and
hijack, for example, a TCP/IP session.
http://www.infosecwriters.com/text_resources/pdf/predictability_of_Windo
ws_DNS_resolver.pdf

+++++++++++++++++++++++
Organizational Security
+++++++++++++++++++++++

- **APRIL WINNER** Melissa Guenther: ?Security -
Privacy Awareness through Culture Change?
Writing the policies, developing the procedures,
changing the forms, upgrading the systems, locking up
the data, setting up training classes... these will
not ensure that employees change their values,
attitudes or habits says Melissa Guenther. There?s a
necessity for privacy and security-related cultural
changes, which industry 'experts' don?t offer
alongside their many policy, procedural, and
technology solutions.
http://www.infosecwriters.com/texts.php?op=display&id=163

- P L Pradhan: ?Risk Management on IS?
Outlines how risk assessment is performed through
identifying assets, identifying threats and
calculating risks.
http://www.infosecwriters.com/texts.php?op=display&id=161

- Carter Schoenberg (ISS Atlanta): ?Information
Security & Negligence - Targeting the C-Class?
Numerous recommendations since September 11, 2001 have
been published on the evils of negligence relative to
protecting one?s assets (cyber & physical)...how do
you physically ?prove? negligence versus the common
business practice of risk management?
http://www.infosecwriters.com/text_resources/pdf/InformationSecurityCCla
ss.pdf

__________________________________
Do you Yahoo!?
Yahoo! Domains ? Claim yours for only $14.70/year
http://smallbusiness.promotions.yahoo.com/offer

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus