Issue 5 - 2004-02-11
February 11, 2004
The Information Security Writers (ISW)
Visit us on the World Wide Web: http://www.infosecwriters.com
FEATURED IN THIS E-MAIL:
* Ed's Crack the Hacker Challenge - Valentine's Theme!
* January Winners for the "Best-Security-Papers" Contest
* Hitchhiker's World Feedback
* SANS Interfacing with Law Enforcement FAQ
* Recommended Reading - Exploiting Software: How to Break Code
* Recently Published Papers
* Site Updates & Misc - RSS feed / ISW newsletter archives
* Why have you received this newsletter?
===================================
ED'S CRACK THE HACKER CHALLENGE - VALENTINE'S THEME!
The February 2004 challenge is called "You've Been Hacked!" and is based on an actual computer attack associated with AOL Instant Messenger. Given that Valentine's Day is only a couple of days away, Ed Skoudis went with a romantic theme for this one, using vibes from those cheesy romance comedies "You've Got Mail!" and "Sleepless In Seattle." Can you solve the mystery and help Tom and Meg resume their love chats? Click here to read the challenge:
http://images.amazon.com/media/i3d/01/013101405600000.pdf
Please submit your answers to febchallenge@counterhack.net by February 29, 2004, and Ed will select three winners from the best entries. The winners will receive the Counter Hack book and have their entry posted on www.counterhack.net.
===================================
JANUARY WINNERS FOR THE "BEST-SECURITY-PAPERS" CONTEST
- "Adjacent Overwrite BUG" by Daniel Hodson
http://www.infosecwriters.com/texts.php?op=display&id=140
- "Improving Passive Packet Capture: Beyond Device Polling" by Luca Deri
http://www.infosecwriters.com/text_resources/pdf/passive_packet_capture.pdf
Congratulations to these guys who got their pick of "Malware: Fighting Malicious Code" and "Securing Wireless LANs". Let's look forward to you February winners...good luck folks!
The contest kicked off in summer 2003, and for every month, two (2) papers released on the site are selected as winners; judged amongst others on originality, creativity, accuracy, presentation and overall importance to the security community and to the industry. For more information, please see our Contest FAQs and Prizes Catalog:
http://www.infosecwriters.com/contest.php
http://www.infosecwriters.com/prizes.php
===================================
HITCHHIKER'S WORLD FEEDBACK
http://www.infosecwriters.com/hhworld
The issue # 8 e-zine made appearances on various sites including:
http://www.linuxsecurity.com/articles/security_sources_article-8602.html
http://www.net-security.org/news.php?id=4335
http://www.nwfusion.com/links/Research/Security/Intrusion_detection/
The call for papers for Zine #9 will be announced at the end of this month and we would like your continuing support.
===================================
SANS INTERFACING WITH LAW ENFORCEMENT FAQ
Our Charles Hornat, author Ed Skoudis along with other security/law enforcement individuals developed an "Interfacing with Law Enforcement FAQ" as part of the SANS Institute's Cyber Defense Initiative (CDI) for 2004.
The FAQ pertains to US laws, with emphasis on integral incident handling and protocol in communicating and interacting with the law enforcement community.
Interesting questions include:
- How do I identify and preserve the crime scene or crime scenes in computer crime incidents?
- Are there standardized guidelines or procedures for reporting an incident to law enforcement? If not, what information will I need to have ready to report?
- Will law enforcement obstruct my business if I call them?
- What guidelines should be provided to employees in case they are personally contacted by law enforcement as part of an incident investigation?
See the SANS Interfacing with Law Enforcement FAQ here:
http://www.sans.org/resources/law_enf_faq/
===================================
RECOMMENDED READING
- Title: "Exploiting Software: How to Break Code" by Greg Hoglund et al
- Synopsis: Loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software.
- Reviewed by: Charles Hornat
- Ratings: 4/5
"This is a 'should buy' book for any software developers or those interested in how and where code is weak. Add rootkits into the mix, and it's a very well written book. These authors display an uncanny perspective and prove they are subject matter experts."
Full review here: http://www.infosecwriters.com/reading.php?op=vb&id=21
===================================
RECENTLY PUBLISHED PAPERS
- Angelo Rosiello: "The Basics of Shellcoding"
The goal here is not to explain all the possibilities of injecting a shellcode developed during last years, but to analyze and understand its essence.
http://www.infosecwriters.com/texts.php?op=display&id=143
- Keith Pasley: "Secure Web Based Mail Services"
One of the more common accesses to email today is via web browser and web based email access. What security issues should be kept in mind when developing or designing web mail systems?
http://www.infosecwriters.com/texts.php?op=display&id=142
- Hagai Bar-El: "Known Attacks Against Smartcards"
This document analyzes, from a technical point of view, currently known attacks against smart card implementations.
http://www.infosecwriters.com/text_resources/pdf/Known_Attacks_Against_Smartcards.pdf
- Daniel Hodson: "Adjacent Overwrite BUG"
Presented as an informative, step by step log of exploiting an adjacent memory overflow. It is aimed at those who have buffer overflow experience, and hopefully have knowledge of the organization of the stack.
http://www.infosecwriters.com/texts.php?op=display&id=140
- Tom Vogt: "Simulating and Optimising Worm Propagation Algorithms" *UPDATED*
This updated version contains some fixes (typographical, grammatical) and extends some of the points made as well as adding a few graphs and a table that were requested in feedback.
http://www.infosecwriters.com/texts.php?op=display&id=130
Visit the InfoSec Writers' Text library: http://www.infosecwriters.com/texts.php
===================================
SITE UPDATES & MISC
- An RSS feed is now available for published papers:
http://www.infosecwriters.com/isw.xml
http://www.infosecwriters.com/isw.rss
To utilize this feed, we recommend you use a client such as AmphetaDesk. This and more available at:
http://blogspace.com/rss/readers
- The ISW Newsletter archives are now publicly accessible:
http://www.infosecwriters.com/newmail/archive.php?id=1
===================================
WHY HAVE YOU RECEIVED THIS NEWSLETTER?
By having received this newsletter, this asserts you are currently subscribed to the InfoSec Writers' mailing list
As stated in our "Opt-in Terms", - http://www.infosecwriters.com/optin.php - you have agreed to accept occasional e-mails from us that are to inform you of significant updates to our site or activities, projects & content.
As stated in section 4 of our privacy statement:
Your e-mail address is used ONLY for purposes described above. We will NOT attempt to sell, rent, trade or in anyway disclose your e-mail address/our e-mail list to ANY third parties. You are also given the option to cancel your subscription at any time.
Follow this link to unsubscribe <--unsub-->