Hi all,
This is an announcement for the publication of one of my article called
"Anti-Virus Evasion Techniques and Countermeasures" at
InfoSecWriters(http://www.infosecwriters.com/).

This article was already released at hackingspirits.com and at the FD list
on 3rd Dec, 2004 but I had to uphold the

[ more ]  [ reply ]

http://www.cyberguard.com/news_room/news_newsletter_112304emergency.cfm

Computer Room Emergency ? Only a Matter of Time
Gideon T. Rasmussen - CISSP, CISM, CFSO, SCSA

It's an infrastructure manager's worst nightmare: The computer room is
down. There are several events that can make this scenario a

[ more ]  [ reply ]

Hi all!

Here is the Call for Paper for the security session of CTS 2005:

SPECIAL SESSION

Security and Collaboration

The 2005 International Symposium on Collaborative Technologies and Systems
(CTS'2005)

May 15 - 19, 2005
Adam's Mark Hotels & Resorts, Saint Louis, Missouri, USA

In Cooperation

[ more ]  [ reply ]

Hi,

Just a quick message to make people aware of a new
book in the area of information security management -
"A Practical Guide to Managing Information Security",
Steve Purser, Artech House, 2004.

This is a practical book, aimed at helping managers
and technical staff implement security mechanism

[ more ]  [ reply ]

iDEFENSE Labs recently produced a technical whitepaper entitled, "A
Comparison of Buffer Overflow Prevention Implementations and
Weaknesses". This paper is the result of several months of diligent
research and was presented at the Black Hat USA 2004 and Defcon 12
computer security conferences.

Abst

[ more ]  [ reply ]

Dear List,

Imperva(tm)'s Application Defense Center (ADC) has released a new white
paper titled "How Safe is it Out There (Zeroing in on the
vulnerabilities of application security)".

The paper, written by Moran Surf and Amichai Shulman, presents a
statistical analysis of results obtained from num

[ more ]  [ reply ]

Hello all,

I've had several people recently (well about 20 or so today actually)
complain about getting spam from Igxglobal.com, particularly security
related spam. The concern presented to me is that these people have
harvested names from public security mailing lists such as those on
Security

[ more ]  [ reply ]

Some months ago this text was released in spanish and was greatly
useful for a lot of people, so we decided to translate it to english
=)
_____________________________________________________________
Gcc Inline Assembly - How to
By Martin Candurra (astor) available at hackemate.com.ar
< martincad@ya

[ more ]  [ reply ]

Greetings to all,

I have written a paper on Securing Windows Laptops - it's available for download at: http://www.paladion.net/papers/securing_your_laptop.pdf

The paper enables laptop users to secure their system easily. It discusses the common insecurities that we generally ignore and giv

[ more ]  [ reply ]

A special note: Check out Ed Skoudis' new Crack the
Hacker Challenge: HACKERS OF THE LOST ARK:
http://www.infosecwriters.com/lost_ark.php

ISW's PAPERS UPDATE

++++++++++++++++++++++++++++
Exploitation / Vulnerability
++++++++++++++++++++++++++++

- **MAY WINNER** Yves Younan: "An Overview of Comm

[ more ]  [ reply ]

----- Forwarded message from Patrick O'Reilly <patrick.oreilly (at) nist (dot) gov [email concealed]> -----

From: "Patrick O'Reilly" <patrick.oreilly (at) nist (dot) gov [email concealed]>
Reply-To: patrick.oreilly (at) nist (dot) gov [email concealed]
To: Multiple recipients of list <compsecpubs (at) nist (dot) gov [email concealed]>
Subject: Announcing Release of NIST Special Publication 800-60
Date: Mon, 14 J

[ more ]  [ reply ]

"Exploit Instruction Code Construction: assisting the manipulation of
services on obscure operating systems"

I wrote this informal paper nearly two years ago, but it was never
publically released for various reasons. It should still be quite
useful today.

The paper discusses the creation of explo

[ more ]  [ reply ]

Greetings All,

The Charles W. Fullerton Institute of Analysis would like to introduce our
first published Whitepaper, "The Need for Security Testing: An Introduction
to the OSSTMM 3.0".

http://www.infosecwriters.com/texts.php?op=display&id=178

Chuck Fullerton
OPST,CISSP,CSS1,CCNP,CCDA,CNA,A+
Foun

[ more ]  [ reply ]

----------------------------------------------------------------------
C A L L F O R P A R T I C I P A T I O N
----------------------------------------------------------------------
########## Early Bird Rates available before June 1, 2004 ########
--------------------------

[ more ]  [ reply ]

----- Forwarded message from Patrick O'Reilly <patrick.oreilly (at) nist (dot) gov [email concealed]> -----

From: "Patrick O'Reilly" <patrick.oreilly (at) nist (dot) gov [email concealed]>
Reply-To: patrick.oreilly (at) nist (dot) gov [email concealed]
To: Multiple recipients of list <compsecpubs (at) nist (dot) gov [email concealed]>
Subject: NIST Computer Security Division Released 4 Publications today
Date: W

[ more ]  [ reply ]

Dear List,

The Hackademy Journal is a new quarterly magazine dedicated to IT
security and "hacking". With a high technical level, this
international publication is intended for a professional audience of
programmers, system and network administrators, security specialists,
etc. who wish to understa

[ more ]  [ reply ]

----- Forwarded message from Patrick O'Reilly <patrick.oreilly (at) nist (dot) gov [email concealed]> -----

From: "Patrick O'Reilly" <patrick.oreilly (at) nist (dot) gov [email concealed]>
Reply-To: patrick.oreilly (at) nist (dot) gov [email concealed]
To: Multiple recipients of list <compsecpubs (at) nist (dot) gov [email concealed]>
Subject: Release of NIST DRAFT Special Publication 800-58
Date: Thu, 6 May 200

[ more ]  [ reply ]

Dear Mr. Mookhey,

The 'SQL Injection Signatures Evasion' paper is the result of a several
months-long research conducted by Imperva's ADC. This research began
long before the pulibcation of the 'Detection of SQL Injection and
Cross-Site scripting attacks', and was obviously never intended as a
mea

[ more ]  [ reply ]

This is in response to Imperva's email that it is trivial to evade
signature-based detection of SQL injection. There are a few points I'd like
to respond to in relation to their tone and content of the paper. Well first
lets take the tone:

The abstract of Imperva's paper says, among other things:
"

[ more ]  [ reply ]

I have just written a new book on the computer security available to the address http://cksecurity.free.fr/Hacking_Securite_HANDBOOK.pdf.

It treats safety of the networks, software, operating systems, algorithms cryptographic and the programming network: each technique is analyzed, explained,

[ more ]  [ reply ]

Hi,

I have written a research paper on a relatively ignored DNS issue known
as DNS Cache Snooping. This issue allows one, for instance, to query a
DNS cache to verify if a certain site has been accessed or if an email
was recently sent to a given domain.

Abstract and link below. Reader feedback an

[ more ]  [ reply ]

Dear List,

Imperva(tm)'s Application Defense Center has released a new white paper.

The paper, titled 'SQL Injection Signatues Evasion', is based on
research done at Imperva's ADC, and shows that providing protection
against SQL injection using signatures alone is not enough. The paper
demonstrate

[ more ]  [ reply ]

Our Computer Security Lab has released a new Sombria report, which
includes a special investigation of a Brazilian hacker group.

"Operation Sombria:" An Undercover Investigation of Computer Trespassers"
http://www.lac.co.jp/security/csl/intelligence/sombria_e/smbr_3.pdf

[ more ]  [ reply ]

Dear SecPapers List,

Imperva(tm)'s Application Defense Center (ADC) has released a new white
paper.

The new paper demonstrates the feasibility of launching worms that
attack custom Web application software automatically. These
methodologies leverage common Web search engine technologies to achieve

[ more ]  [ reply ]

Dear SecPapers List,

Imperva(tm)'s Application Defense Center (formerly WebCohort Research)
has released a new paper.

This paper demonstrates a real Application Penetration Testing Report,
as should be provided at the end of an application penetration testing.
The penetration testing was performed

[ more ]  [ reply ]

Hi,

After three RC's (release candidates), a lot of bug hunting and a lot of
'Big thanks'
I'm proud to present you a new release of Rootkit Hunter. This release
incorporates extra support for a operating systems like AIX, improved
support for rootkits, new 3rd party support, extra program paramete

[ more ]  [ reply ]

Hi All,

We have released a paper on "Discovering passwords in memory" that
discusses the dangers of using plain text passwords in memory. The
vulnerability is not new, but we are seeing this in several major
applications today and would like to bring the community's attention to
it. We hope this p

[ more ]  [ reply ]

To the discussion group: I am terribly sorry about
the typographical error; the matter has been corrected.

The specific whitepapers may be found at:

WP-002: Profiling Wargamers
http://www.unixworks.com/papers/wp-002.pdf

WP-003: Hiding an IDS
http://www.unixworks.com/papers/wp-003.pdf

Non-specif

[ more ]  [ reply ]