Back to list
Call for Participation Workshop DIMVA 2004
May 14 2004 07:29AM
thomas suse de (Thomas Biege)
Info Security Writers (ISW) Papers Update (April)
May 22 2004 10:49PM
Von Spangler (staticreply yahoo com)
ISW's PAPERS UPDATE
Exploitation / Vulnerability
- Abhishek Kumar: ?Discovering Passwords in the
Discusses the dangers of using plain text passwords in
memory, a common vulnerability that can be exploited
by low privileged users to steal critical passwords
and escalate their privileges.
- **APRIL WINNER** Shaun Colley: ?Crafting Symlinks
for Fun and Profit?
Attempts to demonstrate and analyze the risks of sym
link bugs at large, providing interesting case-studies
where necessary. Information on preventing these sorts
of attacks is also provided, with general safe-guards
against preventing them.
- Angelo Rosiello: ?Stack Overflow?s Analysis &
A look at how the main processor works during a
program?s execution in order to really understand
- Roberto Larcher: ?The easiest way to get around SSL?
Explains how it is often possible, with the simple
substitution of a string, to get around a ?secure?
implementation based on an incorrect use of SSL.
Malware / Malicious Code
- Marc-André Laverdière: ?Slammer: Before, During and
A study on the Slammer - the situation before the
attack of the worm, the damage caused by its spread,
as well as the lessons learnt from this outbreak.
- Marcus Unknown: ?The Art of Rootkits (2nd ed)?
Guide to understanding what rootkits are; their
various types; features they pack:
backdoor/sniffing/log-deleting and more.
- Mike Lee & Brian Hitchen: ?The Killer Virus?
From a UK perspective, Mike Lee et al. looks at the
probable future of a devastating virus, how it may be
released and the excessively large scale havoc it can
Network Devices & Network Traffic
- Dazzed: ?Networking and PPP with OpenBSD 3.4?
Brief overview of setting up a OpenBSD system as a NAT
server with firewall capabilities using Packet Filter.
- Roberto Larcher: ?Predictability of Windows DNS
Explains how it is often possible to predict the
?Transaction ID? and the ?UDP port number? used by
Windows? DNS Resolver. With this information it will
be shown how it is possible, under certain conditions,
to win the race against the regular DNS server and
hijack, for example, a TCP/IP session.
- **APRIL WINNER** Melissa Guenther: ?Security -
Privacy Awareness through Culture Change?
Writing the policies, developing the procedures,
changing the forms, upgrading the systems, locking up
the data, setting up training classes... these will
not ensure that employees change their values,
attitudes or habits says Melissa Guenther. There?s a
necessity for privacy and security-related cultural
changes, which industry 'experts' don?t offer
alongside their many policy, procedural, and
- P L Pradhan: ?Risk Management on IS?
Outlines how risk assessment is performed through
identifying assets, identifying threats and
- Carter Schoenberg (ISS Atlanta): ?Information
Security & Negligence - Targeting the C-Class?
Numerous recommendations since September 11, 2001 have
been published on the evils of negligence relative to
protecting one?s assets (cyber & physical)...how do
you physically ?prove? negligence versus the common
business practice of risk management?
Do you Yahoo!?
Yahoo! Domains ? Claim yours for only $14.70/year
[ reply ]
Copyright 2010, SecurityFocus