Issue 7 - 2004-04-30
April 30, 2004
The Information Security Writers (ISW)
Visit us on the World Wide Web: http://www.infosecwriters.com
FEATURED IN THIS E-MAIL:
* March Winners
* May Contest Prize - Information Trickery
* Spotlight on “Security Warrior”
* Recently Published Papers
* Site updates & Misc - Relocation of ISW forums
* Why have you received this newsletter?
===================================
MARCH WINNERS FOR THE ISW “BEST-SECURITY-PAPERS” CONTEST
- “Predictability of Windows DNS resolver” by Roberto Larcher
http://www.infosecwriters.com/text_resources/pdf/predictability_of_Windows_DNS_resolver.pdf
- “Information Security & Negligence - Targeting the C-Class” by Carter Schoenberg
http://www.infosecwriters.com/text_resources/pdf/InformationSecurityCClass.pdf
Congratulations to the guys; April winners will be announced shortly. For information on how to submit your paper and the prizes you can win, please see our Contest FAQs and Prizes Catalog:
http://www.infosecwriters.com/contest.php
http://www.infosecwriters.com/prizes.php
===================================
MAY CONTEST PRIZE – WIN A LIMITED COPY OF INFORMATION TRICKERY
As the ISW security papers contest rolls into May, there are a few limited copies of “Information Trickery: The Great IT Upgrade Scam” up for grabs complements of the authors Brian Hitchen and Mike Lee. Two winners will be mailed this book which is not yet available in US bookstores.
“Information Trickery” is definitely not your typical read. It is not filled with technical jargon, how-to’s or pretty graphs and charts. It is a simple book that is meant to deliver a moral. It runs similarly to a Michael Crichton novel, written in creative and entertaining fashion with an underlying technical subject; in this case the story skillfully manages to evoke everyday critical information security issues.
The synopsis: Able Smith & Winston found themselves victims of an organized Hack from a Russian based team. Like any company that doesn’t prioritize information security, they were in the position of having an insecure network. But the result for them was a lot more serious than just illegal access...they found lives at risk and their livelihood threatened.
For more information please read our exclusive review:
http://www.infosecwriters.com/reading.php?op=vb&id=22
And visit the official website:
http://www.informationtrickery.com
===================================
SPOTLIGHT ON SECURITY WARRIOR
“Security Warrior” is one of the more recent security publications to hit the bookstores for this spring. It’s written by none other than Anton Chuvakin with Cyrus Peikari.
In a recent press release, Chuvakin is quoted as saying: "Security Warrior is a different security book. It boasts a coherent collection of many in-depth security topics. The book has unique content on reverse engineering, honeynets, social engineering, wireless, Windows CE security, audit trail hiding and analysis. Additionally, it seeks to provide novel coverage of 'standard' topics such as Linux/UNIX and Windows attacks and defenses."
For an in-depth look, visit http://www.securitywarrior.com and look out for the upcoming ISW book review.
===================================
RECENTLY PUBLISHED PAPERS
++++++++++++++++++++++++++++
Exploitation / Vulnerability
++++++++++++++++++++++++++++
- Abhishek Kumar: “Discovering Passwords in the Memory”
Discusses the dangers of using plain text passwords in memory, a common vulnerability that can be exploited by low privileged users to steal critical passwords and escalate their privileges.
http://www.infosecwriters.com/text_resources/pdf/Discovering_Passwords_In_Memory.pdf
- Shaun Colley: “Crafting Symlinks for Fun and Profit”
Attempts to demonstrate and analyze the risks of sym link bugs at large, providing interesting case-studies where necessary. Information on preventing these sorts of attacks is also provided, with general safe-guards against preventing them.
http://www.infosecwriters.com/texts.php?op=display&id=159
- Angelo Rosiello: “Stack Overflow’s Analysis & Exploiting Ways”
A look at how the main processor works during a program’s execution in order to really understand STACK overflows.
http://www.infosecwriters.com/texts.php?op=display&id=157
+++++++++++++++++++++
Information Assurance
+++++++++++++++++++++
- Roberto Larcher: “The easiest way to get around SSL”
Explains how it is often possible, with the simple substitution of a string, to get around a “secure” implementation based on an incorrect use of SSL.
http://www.infosecwriters.com/text_resources/pdf/around_SSL_2.pdf
++++++++++++++++++++++++
Malware / Malicious Code
++++++++++++++++++++++++
- Marc-André Laverdière: “Slammer: Before, During and After”
A study on the Slammer - the situation before the attack of the worm, the damage caused by its spread, as well as the lessons learnt from this outbreak.
http://www.infosecwriters.com/text_resources/pdf/slammer_web.pdf
- Marcus Unknown: “The Art of Rootkits (2nd ed)”
Guide to understanding what rootkits are; their various types; features they pack: backdoor/sniffing/log-deleting and more.
http://www.infosecwriters.com/texts.php?op=display&id=156
- Mike Lee & Brian Hitchen: “The Killer Virus”
From a UK perspective, Mike Lee et al. looks at the probable future of a devastating virus, how it may be released and the excessively large scale havoc it can reek.
http://www.infosecwriters.com/texts.php?op=display&id=155
+++++++++++++++++++++++++++++++++
Network Devices & Network Traffic
+++++++++++++++++++++++++++++++++
- Dazzed: “Networking and PPP with OpenBSD 3.4”
Brief overview of setting up a OpenBSD system as a NAT server with firewall capabilities using Packet Filter.
http://www.infosecwriters.com/texts.php?op=display&id=162
- Roberto Larcher: “Predictability of Windows DNS resolver”
Explains how it is often possible to predict the “Transaction ID” and the “UDP port number” used by Windows’ DNS Resolver. With this information it will be shown how it is possible, under certain conditions, to win the race against the regular DNS server and hijack, for example, a TCP/IP session.
http://www.infosecwriters.com/text_resources/pdf/predictability_of_Windows_DNS_resolver.pdf
+++++++++++++++++++++++
Organizational Security
+++++++++++++++++++++++
- Melissa Guenther: “Security - Privacy Awareness through Culture Change”
Writing the policies, developing the procedures, changing the forms, upgrading the systems, locking up the data, setting up training classes... these will not ensure that employees change their values, attitudes or habits says Melissa Guenther. There’s a necessity for privacy and security-related cultural changes, which industry 'experts' don’t offer alongside their many policy, procedural, and technology solutions.
http://www.infosecwriters.com/texts.php?op=display&id=163
- P L Pradhan: “Risk Management on IS”
Outlines how risk assessment is performed through identifying assets, identifying threats and calculating risks.
http://www.infosecwriters.com/texts.php?op=display&id=161
- Carter Schoenberg (ISS Atlanta): “Information Security & Negligence - Targeting the C-Class”
Numerous recommendations since September 11, 2001 have been published on the evils of negligence relative to protecting one’s assets (cyber & physical)...how do you physically “prove” negligence versus the common business practice of risk management?
http://www.infosecwriters.com/text_resources/pdf/InformationSecurityCClass.pdf
Visit the Infosec Writers’ Text Library: http://www.infosecwriters.com/texts.php
===================================
SITE UPDATES & MISC – FORUM RELOCATION
- We have relocated and re-launched the discussion boards. The change of hosts was necessary; however forum member accounts could not be transferred. It is therefore necessary for you to reregister. We apologize for this inconvenience.
We hope you will continue to join us in discussions relating to published papers and security issues at large.You may access the new forums here: http://forums.infosecwriters.com
- An RSS feed is available for published papers:
http://www.infosecwriters.com/isw.xml
http://www.infosecwriters.com/isw.rss
To utilize this feed, we recommend you use a client such as AmphetaDesk. This and more available at:
http://blogspace.com/rss/readers
- The ISW Newsletter archives are publicly accessible:
http://www.infosecwriters.com/newmail/archive.php?id=1
===================================
WHY HAVE YOU RECEIVED THIS NEWSLETTER?
By having received this newsletter, it asserts you are currently subscribed to the InfoSec Writers’ mailing list.
As stated in our “Opt-in Terms” - http://www.infosecwriters.com/optin.php - you have agreed to accept occasional e-mails from us that are to inform you of significant updates to our site or activities, projects & content.
As stated in section 4 of our privacy statement:
Your e-mail address is used ONLY for purposes described above. We will NOT attempt to sell, rent, trade or in anyway disclose your e-mail address/our e-mail list to ANY third parties. You are also given the option to cancel your subscription at any time.
Follow this link to unsubscribe <--unsub-->