Evaluating Network Intrusion Detection Signatures
Karen Kent: Evaluating Network Intrusion Detection Signatures:
[Part 1]
[Part 2]
[Part 3]
(via Bruce Schneier’s crypto-gram)
Archive for the ‘security’ Category.
Designing Application-Managed Authorization
Schoon, Rees, Jezierski (Microsoft):
Designing Application-Managed Authorization
Bob Toxen: Linux Security: Reflections on 2002
Bob Toxen:
Linux Security: Reflections on 2002
“
The current interest of everyone and his brother in forensics and honeypots will die down. For other than those doing serious research in computer security, I find its only value is demonstrating to management that insecure systems will be breached.
”
The snoop-proof laptop
Now Noble and graduate student Mark Corner have come up with a high-security system for the slothful. The system protects data by automatically scrambling it the moment users walk away, then quickly restoring it upon their return.
Called
Zero-Interaction Authentication, or ZIA, the system requires laptop owners to wear a small device or token – in this case a wristwatch equipped with a processor and short-range wireless link to communicate with the laptop. When the token moves out of range, ZIA re-encrypts information on the laptop within five seconds, before someone else can gain access to it. When the laptop detects that the token has come back within range, the system decrypts the information within six seconds.
Schneier on Mitnick’s book
From Bruce Schneier’s Crypto-Gram newsletter:
Kevin Mitnick’s book, "The Art of Deception," is a good read. The missing first chapter, deleted at the last minute by the publisher, is on the Internet. The chapter talks about Mitnick’s life as a hacker and a fugitive, and his arrest and trial. It’s very interesting reading.
<http://www.wired.com/news/culture/0,1284,56187,00.html>
<http://littlegreenguy.fateback.com/chapter1/Chapter%201%20-%20Banned%20Edition.doc>
www.knowngoods.org
www.knowngoods.org: “Basically, the MD5, SHA-1, and file sizes for executables on common systems were thrown into a -very- simple database.”
A Vote for Less Tech at the Polls
A Vote for Less Tech at the Polls. Wired News Nov 19 2002 7:32AM ET [Moreover – Tech latest]
XDCC – An .EDU Admin’s Nightmare
XDCC – An .EDU Admin’s Nightmare
Summary:
In a recent advisory written by Microsoft, and by trends being noticed by many university administrators over the past recent years, people have wanted to know what all these slave computers are on IRC. These machines are serving to newest warez (games, movies, apps, mp3, ect.) to anyone that knows how to use a keyboard. Also, massive amounts of bandwidth is being wasted (easily up to 2MB/s each machine). In this, I will describe from an insiders view, what is happening, how this is being done, how to see if you are a victim, and what you can do to prevent this from happening to your network.
The Peon’s Guide To Secure System Development
Michael Bacarella:
The Peon’s Guide To Secure System Development
“Increasingly incompetent developers are creeping their way into important projects. Considering that most good programmers are pretty bad at security, bad programmers with roles in important projects are guaranteed to doom the world to oblivion.”
Good old-fashioned polemic.
[Slashdot]
