Info Security Writers Papers Update (May) Jun 15 2004 04:18PM
Von Spangler (staticreply yahoo com)
A special note: Check out Ed Skoudis' new Crack the
Hacker Challenge: HACKERS OF THE LOST ARK:


Exploitation / Vulnerability

- **MAY WINNER** Yves Younan: "An Overview of Common
Programming Security Vulnerabilities and Possible
Recommended for those wanting a foundation guide to
exploitation and patching; this extensive document
looks at common application vulnerabilities and in the
process, analyses a cross-section of exploits
including the Apache HTTPd.

- Angelo Rosiello: "UDP Remote Controls"
Illustrates the possibility of controlling servers
with the UDP protocol.

Firewall & Perimeter Protection

- Randy Stauber: "Defense In Depth"
Looks at various technologies that comprise effective
perimeter and data protection.

- Laurent Constantin: "Sending IPv6 Packets to Check
Firewall Rules"
Looks at how firewall rules can be tested by sending
specifically configured (IPv6) packets via the
multifunctional "Netwox" utility.

Network Devices & Network Traffic

- Nicholas A. Plante: "Practical Domain Name System
Security: A Survey of Common Hazards and Preventative
Examines some of the most basic threats to the domain
name system and the best practices to eliminate, or at
worst, lessen the impact.

- Hu Hanping, Zheng Ying, Hou Chengshuai, Guo Wenxuan:
"A Security Transfer Model based on Active Defense
This model not only attempts to improve the security
of data transfer on the web, but also to enhance the
effectiveness of the network management and switching
efficiency of routers.

Organizational Security

- P L Pradhan: "Risk Assessment On IT Infrastructure"
A follow up to "Risk Management on IS", this takes a
detailed look at developing and implementing a risk
management & assessment method to safeguard and
protect Information System assets of an organization.

- **MAY WINNER** Gary Hinson: "Proposing the role of
Governance Director"
Says Gary Hinson: 'In the context of corporate
governance, I propose the role of Governance Director
at executive Board level to act as a senior focal
point for issues relating to management control, risk
management and ethics. Through this paper explaining
the rationale for my position, I intend to stimulate
further discussion and development of the concept.'

Wireless Security

- Randy Stauber: "Wireless Infidelity"
Looks at the growth and future of Wireless Fidelity
(Wi-Fi), its basic flaws and security issues, and the
best ways to secure a Wi-Fi network.

General Security Concepts & Misc.

- Randy Stauber: "Should an Internet Service Provider
be Required by Law To Monitor the Use of Its Services
By Users? - The Pros and the Cons"
Says Randy Stauber: "To implement the tracking of its
user requires significant costs to the provider of
internet services?however, some would argue that the
long term costs of not regulating how service
providers track their users will be far higher to
society and the information industry itself."

Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus