Issue 6 - 2004-03-12
March 12, 2004
The Information Security Writers (ISW)
Visit us on the World Wide Web: http://www.infosecwriters.com
FEATURED IN THIS E-MAIL:
* February Winners
* Ed's 'Crack the Hacker Challenge - Lord of the Ring-Zero'
* Anton's 'Scan of the Month'
* Recommended Reading - Malware: Fighting Malicious Code
* Recently Published Papers
* Site updates & Misc
* Why have you received this newsletter?
===================================
FEBRUARY WINNERS FOR THE ISW "BEST-SECURITY-PAPERS" CONTEST
- "Guarded Memory Move (GMM) Buffer Overflow Detection And Analysis" by Davide Libenzi
http://www.infosecwriters.com/text_resources/pdf/gmm.pdf
- "Identity Theft - The Real Cause" by Mike Lee & Brian Hitchen
http://www.infosecwriters.com/texts.php?op=display&id=146
Congratulations to these guys. For those writers who haven't won, there's no reason to despair…
The contest kicked off in summer 2003, and for EVERY month, two (2) papers released on the site are judged best amongst others on originality, creativity, accuracy, presentation and overall importance to the security community and to the industry. For more information, please see our Contest FAQs and Prizes Catalog:
http://www.infosecwriters.com/contest.php
http://www.infosecwriters.com/prizes.php
===================================
ED'S CRACK THE HACKER CHALLENGE - LORD OF THE RING - ZERO
Ed writes:
I'm very excited to announce that it's that time again! I've got a brand-new challenge to test your Incident Handling skills, this time based on the Lord of the Rings trilogy. As we all know, the _real_ ring of power is Ring-Zero, inside the kernel of our operating systems. In this challenge, you get to help the intrepid Skodo Baggins match wits with Gollum to see if you can figure out if and how Gollum seized Ring-Zero.
The challenge, graciously hosted by the fine folks at Linux.com, is located here:
http://www.linux.com/article.pl?sid=04/03/03/0247207
The best three sets of answers submitted to skodo@counterhack.net on or before March 19, 2004 will win a copy of my new book, Malware: Fighting Malicious Code.
===================================
ANTON'S SCAN OF THE MONTH
Anton writes:
This month's challenge is different. Traditional SotM challenges have been about analyzing specific attacks against specific honeypots. This time we are going to take a step back and look at the bigger picture. Your job is to analyze a months worth of connection activity to and from a honeynet by analyzing the firewall logs. This is where analysis of any honeynet most often begins. All entries are due Friday, 26 March. Results will be released Friday, 2 April. Find the rules and suggestions for submissions at the SotM Home Page.
http://www.honeynet.org/scans/scan30/
http://www.honeynet.org/scans/index.html
===================================
RECOMMENDED READING
- Title: "Malware: Fighting Malicious Code" by Ed Skoudis, Lenny Zeltser
- Synopsis: Reveals how attackers install malicious code and how they evade detection. Shows how you can defeat their schemes and keep your computers and network safe! Details viruses, worms, backdoors, Trojan horses, RootKits, and other threats.
- Reviewed by: Charles Hornat
- Ratings: 5/5
"This book is a must for anyone in the Technology Industry. Managers will find use in it as it explains what each of these Malware has the capability of doing to their environment. Technologist and System Administrators will learn how to differentiate from the different types of Malware and proper defenses for each. Information Security Administrators will learn the history and quite possibly the future of Malware."
Full review here: http://www.infosecwriters.com/reading.php?op=vb&id=15
===================================
RECENTLY PUBLISHED PAPERS
- Bob Radvanovsky: "Hiding an Intrusion Detection System, A Theoretical Discussion on How to Play Hide 'N Go Peek"
Discusses the caveats of emplacement of an IDS environment, and what companies are doing about it. Discussion over what may be one (of many) possible method of "hiding" an intrusion detection system environment.
http://www.infosecwriters.com/text_resources/pdf/wp-003.pdf
http://www.infosecwriters.com/text_resources/pdf/wp-003a_diagram.pdf
- Shaun Colley: "Exploitation - Returning into libc"
The intention here is not to teach you the ins and outs of buffer overflows, but to explain in a little detail another technique used to execute arbitrary code as opposed to the classic 'NOP sled + shellcode + repeated retaddr' method. http://www.infosecwriters.com/texts.php?op=display&id=150
- Adam Richard: "Securing the Internal Network"
Define new guidelines in order to improve the security in Microsoft Windows-based internal networks. http://www.infosecwriters.com/texts.php?op=display&id=148
- Vikram Phatak: "Vulnerability Protection - A Buffer for Patching"
Attempts to explain why current security technologies such as firewalls, intrusion detection and prevention systems, and automated patch management solutions have failed in preventing vulnerabilities from being exploited.
http://www.infosecwriters.com/text_resources/pdf/Vulnerability-Protection.pdf
- Mike Lee & Brian Hitchen: "Identity Theft - The Real Cause"
Looks at identity theft and the seriously devastating effects it can have today. Identity theft can be achieved by utilizing tactics such as the good old dumpster diving. "...6 out of every 7 bins contain information that is useful to a criminal who wants to steal your identity!"
http://www.infosecwriters.com/texts.php?op=display&id=146
- Trey Azariah Dismukes: "Wireless Security 'Black Paper'"
Attempts to shed light about wireless networking security in an enterprise environment.
http://www.infosecwriters.com/texts.php?op=display&id=145
- Davide Libenzi: "Guarded Memory Move (GMM) Buffer Overflow Detection And Analysis"
Attempts to shed light about wireless networking security in an enterprise environment.
http://www.infosecwriters.com/text_resources/pdf/gmm.pdf
- Luca Deri: "Improving Passive Packet Capture: Beyond Device Polling" ***UPDATED***
Proposes a new approach to passive packet capture that combined with device polling allows packets to be captured and analyzed using the NetFlow protocol at (almost) wire speed on Gbit networks using a commodity PC.
http://www.infosecwriters.com/text_resources/pdf/passive_packet_capture.pdf
Visit the Infosec Writers' Text library: http://www.infosecwriters.com/texts.php
===================================
SITE UPDATES & MISC
Just a reminder:
- An RSS feed is now available for published papers:
http://www.infosecwriters.com/isw.xml
http://www.infosecwriters.com/isw.rss
To utilize this feed, we recommend you use a client such as AmphetaDesk. This and more available at:
http://blogspace.com/rss/readers
- The ISW Newsletter archives are now publicly accessible:
http://www.infosecwriters.com/newmail/archive.php?id=1
===================================
WHY HAVE YOU RECEIVED THIS NEWSLETTER?
By having received this newsletter, it asserts you are currently subscribed to the InfoSec Writers' mailing list.
As stated in our "Opt-in Terms" - http://www.infosecwriters.com/optin.php - you have agreed to accept occasional e-mails from us that are to inform you of significant updates to our site or activities, projects & content.
As stated in section 4 of our privacy statement:
Your e-mail address is used ONLY for purposes described above. We will NOT attempt to sell, rent, trade or in anyway disclose your e-mail address/our e-mail list to ANY third parties. You are also given the option to cancel your subscription at any time.
Follow this link to unsubscribe <--unsub-->