|
|
Articles of Interest...
The Complete Windows Trojans is a Frame4 Security Systems
publication about Windows Trojans, how they work, their variations and
strategies to minimize the risk of infection. Links to detection software
are included as well as many other topics.
Blended Attacks Exploits, vulnerabilities, and Buffer-Overflow Techniques in
Computer Viruses
Exploits, vulnerabilities, and buffer-overflow techniques have been used by
malicious hackers and virus writers for a long time. However, until
recently, these techniques were not common place in computer viruses. The
CodeRed worm was a major shock to the antivirus industry since it was the
first worm that spread not as a file, but solely in memory by utilizing a
buffer overflow in Microsoft IIS. Many antivirus companies were unable to
provide protection against CodeRed, while other companies with a wider focus
on security were able to provide solutions to the relief of end users.
Usually new techniques are picked up and used by copy cat virus writers.
Thus, many other similarly successful worms followed CodeRed, such as Nimda
and Badtrans.
In this paper, the authors will not only cover such techniques as buffer
overflows and
input validation exploits, but also how computer viruses are using them to
their advantage.
Finally, the authors will discuss tools, techniques and methods to prevent
these blended threats.
CIAC-2324
Connecting to the Internet Securely; Protecting Home Networks
This paper discusses problems and solutions related to protection of home
computers from attacks on those computers via the network connection.
(Released 1/08/03)
Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy
Issues
Special Report by Carnegie Mellon Software Engineering Institute
CMU/SEI-2002-SR-009
Howard F. Lipson Ph.D
PDF File
Intelligence Gathering Techniques
Stephen Northcutt is currently the Chief Information Warfare Officer for the
U.S. Ballistic Missile Defense Organization, original developer of the
Shadow intrusion detection system, and former head of the Department of
Defense's Shadow Intrusion Detection team. He is the author of Incident
Handling: Step-by-Step and Intrusion Detection: Shadow Style, both published
by the SANS Institute. Stephen is a featured lecturer and co-chair of the
SANS Conference and is the program chair of the first Intrusion Detection
Conference.
Close Encounters of the Hacker kind: A Story from the Front Line - Part One
Part Two
Hackers, Viruses, and Trojans can cause plenty of headaches, as author Seth
Fogie knows from personal experience. Although this article contains many
mistakes from a forensics perspective, which was not the original objective,
it is a good read about the author’s experience with a server that was
repeatedly hacked.
Network Scanning Techniques
Understanding intrusion reconnaissance can help identify penetration and
strengthen network security. This article examines some scanning types
combined with hard-to-detect or even non-detectable scanning techniques.
Snake Oil Warning Signs: Encryption Software to Avoid
Good cryptography is an excellent and necessary tool for almost anyone. Many
good cryptographic products are available commercially, as shareware, or
free. However, there are also extremely bad cryptographic products which not
only fail to provide security, but also contribute to the many
misconceptions and misunderstandings surrounding cryptography and security.
Privacy and
Security on your PC
By NetworkWorldFusion
Microsoft needs help for security plan to fly
Microsoft’s plan to secure desktop computers, AKA the Palladium project,
will require industry collaboration and consumer willingness to upgrade
hardware and software.
Palladium concerns Microsoft's competitors, not lawyers
“Some Microsoft competitors were, unsurprisingly, less than excited about
the announcement of Palladium.”
Privacy and
Security on your PC.By
Extreme Tech
Part I: Who's after your data, and why? The issue of privacy is a
great concern for everyone. A survey sponsored by Dell Computer, conducted
in August 2000 by Harris Interactive, revealed that even in the more
sanguine days of Internet optimism, loss of personal privacy ranked as an
issue of higher concern for Americans than the issues of crime, health care,
or the environment. Internet-connected PCs, however, are an ongoing threat
to individual privacy.
Part II: How to protect your privacy The most effective thing you
can do to protect the private information on your computer is to establish a
layered approach to security. You need to build first-line, second-line,
third-line (etc.) defenses, and consider the consequences at each level if
those defenses should fail.
IEEE 1394 vs. USB
2.0
Extreme Tech
"Competing standards" may sound like an oxymoron, but it's one that most of
us know all too well. Despite the concerted efforts of standards-making
bodies and consortia, the computer and consumer-electronics industries have
been plagued for decades by battles between competitors like VHS and Betamax,
Windows and the Mac OS, and DVD-Audio and SACD. The enormous royalties and
sheer market power that accrue to those who either control or heavily
influence de facto standards have long made such contests too compelling to
resist.
Distributed vs.
Grid Computing
Extreme Tech
There are actually two similar trends moving in tandem-distributed computing
and grid computing. Depending on how you look at the market, the two either
overlap, or distributed computing is a subset of grid computing. Grid
Computing got its name because it strives for an ideal scenario in which the
CPU cycles and storage of millions of systems across a worldwide network
function as a flexible, readily accessible pool that could be harnessed by
anyone who needs it, similar to the way power companies and their users
share the electrical grid.
The Seven Deadly
Sins of CRM
CRMDaily.com
About half of all CRM projects initiated prove unsuccessful. They do not
make a return on investment. They do not improve customer satisfaction, and
they do not deliver positive business outcomes. The reasons are many,
according to the analysts, but they can be boiled down to seven major
problems.
International
Engineering Consortium
Optical Ethernet
Optical repeaters were part of the first Ethernet standard back in the early
1980s. Today, optical Ethernet advances promise to take Ethernet transport
to levels undreamed of back then and not even feasible using copper
technologies today. Thanks to advances in optical Ethernet, this most common
(and most standard) of LAN technologies will soon be the most common (and
most standard) of WAN technologies. This tutorial explores the history and
potential of optical Ethernet technology, focusing specifically on its
impact on service-provider networks and services.
InformIT -
registration required
Should You Develop Your Own Software?
IT departments can benefit from packaged software rather than developing
custom solutions. In Software: Packaged or Build, Harris Kern discusses the
advantages and possible pitfalls of using packaged software versus "rolling
your own."
The Dirty Dozen: 12 Security Lapses That Make Your .Com, .Org, or .Net
an Unwitting Collaborator with Cyberterrorists. Are you unintentionally
supporting cyberterrorism? If your security isn't ultra-tight, your site
just may be colluding in cyberterrorist activity. Frank Fiore and Jean
Francois provide a checklist of questions to which you need solid,
intelligence-safe answers.
Protocol Overview: SMTP, POP, and IMAP
TCP/IP expert Dr. Karanjit Siyan covers the basics of the SMTP, POP, and
IMAP protocols in The SMTP, POP, and IMAP Protocols.
IPSec Overview
Virtual Private Networks (VPNs) are becoming required expertise for network
and security engineers, and IPSec is the most commonly used protocol when
implementing VPNs. In this five part series, Andrew Mason dives into all
critical aspects of IPSec.
Part One:
General IPSec Standards
Part Two:
Modes and Transforms
Part Three:
Cryptographic Technologies
Part Four:
Internet Key Exchange (IKE)
Part Five:
Security Associations
The
Viral Mind: Understanding the Motives of Malicious Coders by D. D.
Shelby
|
