|
Call for papers SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: editor@securityfocus.com 
Microsoft Office Security, part oneThis article discusses Microsoft Office's OLE Structured Storage and the nature of recent dropper programs and other exploit agents, in an effort to scrutinize the workings of some of the recent MS Office exploits. Part two will then collates some forensic investigation avenues through different MS Office features. Parts of the article sample different MS Office vulnerabilities to discuss their nature and the method of exploitation. 2006-08-22 http://www.securityfocus.com/infocus/1874 
Dynamic Linking in Linux and Windows, part twoThis article discusses the shared libraries concept in both Windows and Linux, and offers a walk through various data structures to explain how dynamic linking is done in these operating systems. The paper will be useful for developers interested in the security implications and the relative speed of dynamic linking, and assumes some prior cursory knowledge with dynamic linking. 2006-08-15 http://www.securityfocus.com/infocus/1873
Dynamic Linking in Linux and Windows, part oneThis article discusses shared libraries in both Windows and Linux, and offers a walk through various data structures to explain how dynamic linking is done in these operating systems. The paper will be useful for developers interested in the security implications and the relative speed of dynamic linking, and assumes some prior knowledge of static and shared libraries. 2006-08-08 http://www.securityfocus.com/infocus/1872 
After an Exploit: mitigation and remediationThis article describes a few hardening and alerting methods for Unix servers that help block vectors for various attacks, including two web-based application attacks, DNS issues, and the brute-forcing of SSH passwords. The article then looks at steps to take and lessons learned post-compromise. 2006-07-24 http://www.securityfocus.com/infocus/1871
Basic Journey of a PacketThe purpose of this introductory article is to look at basic look at the journey of a packet across the Internet, from packet creation to switches, routers, NAT, and so on. This topic is recommended for those who are new to the networking and security field and may not have a basic understanding of the underlying process. 2006-07-06 http://www.securityfocus.com/infocus/1870
Strider URL Tracer with Typo PatrolThis article looks at Microsoft's free Strider URL Tracer with Typo-Patrol to help fight typo-squatters and domain parking abuse. The tool can be used to protect children from seeing inappropriate or explicit sites that they should not see, and for companies or trademark owners to scan and investigate sites that may be typo-squatting their domain(s) so that they can be investigated and/or prosecuted. 2006-06-27 http://www.securityfocus.com/infocus/1869
Ajax Security BasicsThe purpose of this article is to introduce some of the security implications with modern Ajax web technologies. Though Ajax applications can be more difficult to test, security professionals already have most of relevant approaches and tools needed. 2006-06-19 http://www.securityfocus.com/infocus/1868 
Standards in desktop firewall policiesThe purpose of this article is to discuss the need for a desktop firewall policy within an organization, determine how it should be formed, and provide an example of one along with the security benefits it provides an organization. 2006-06-06 http://www.securityfocus.com/infocus/1867 
Malicious cryptography, part twoThis two-part article series looks at how cryptography is a double-edged sword: it is used to make us safer, but it is also being used for malicious purposes within sophisticated viruses. Part two continues the discussion of armored viruses and then looks at a Bradley worm - a worm that uses cryptography in such a way that it cannot be analyzed. Then it is shown how Skype can be used for malicious purposes, with a crypto-virus that is very difficult to detect. 2006-05-16 http://www.securityfocus.com/infocus/1866
Malicious cryptography, part oneThis two-part article series looks at how cryptography is a double-edged sword: it is used to make us safer, but it is also being used for malicious purposes within sophisticated viruses. Part one introduces the concepts behind cryptovirology and offers examples of malicious potential with the SuckIt rootkit and a possible SSH worm. It then introduces armored viruses that use shape shifting (polymorphism and metamorphism) to avoid detection. 2006-05-08 http://www.securityfocus.com/infocus/1865 |
|
|
Privacy Statement |
