| New User, Welcome! Login |
Applied Cryptography
http://msdn.microsoft.com/en-us/library/aa378749(VS.85).aspx
[3] Microsoft Security Bulletin Advance Notification for February 2010
http://www.microsoft.com/technet/security/Bulletin/ms10-feb.mspx
[4] Bruce Schneier, Applied Cryptography (Second Edition), 1996.
Chapter 16, pp 369.
8.Disclaimer
------------
Camera-ready papers are due March 1, 2010. They will be presented at
the conference by the author(s) and published in the conference
proceedings.
2010 KEYNOTE: Bruce Schneier, BT Chief Security Technology Officer,
author of Applied Cryptography, Secrets and Lies, Beyond Fear,
Schneier on Security, and the monthly newsletter Crypto-Gram, with
over 150,000 readers worldwide.
Questions: cwcon ... / at / ... ccdcoe.org
-----
H.E. Toomas Hendrik Ilves, President of the Republic of Estonia
Bruce Schneier, BT Chief Security Technology Officer
Mike Schmitt, Dean, Marshall Center
Mikko Hyppnen, Chief Research Officer, F-Secure
> when that
> agency needs funding for a new uber Cyber(buzzword)Crime fighting
> department. You
> guessed it. Hey "Up-and-coming security buff..." Kiss your terminal
> goodbye, and from
> here on out, your dreams of becoming the next Bruce Schneier will be
> close to non-
> existent. It happens.
>
> Anyhow, re-emphasizing... Shame on Microsoft for forwarding your data
> without telling
>
> Could you please be more specific? Do you mean, Google had crawled an entire MySQL DB and had access to the contents of the password field in encrypted form? Or had the contents of a /etc/shadow file? Or has a huge rainbow table repo. to compare hashes against? Or... ?
I think this is the original report
http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/
which Bruce Schneier highlighted
http://www.schneier.com/blog/archives/2007/11/using_google_to.html
The basic idea: somebody had a hash, 20f1aeb7819d7858684c898d1e98c1bb, and
searched for that hash on Google, and discovered it was a hash for the
string "Anthony".
> picks random pages among the results, then spiders from there (well it
> is spidering except that it only follows one URL at a time within a
> session thus simulating a user).
There's a few things wrong with this approach. Most of them were
outlined by Bruce Schneier when he reviewed "TrackMeNot"[1] last year.
The same issues with TrackMeNot apply to Hayneedle, including
potential false positives, and list of word combinations that can be
filtered out easily, and well, the list goes on.
>> picks random pages among the results, then spiders from there (well it
>> is spidering except that it only follows one URL at a time within a
>> session thus simulating a user).
>
> There's a few things wrong with this approach. Most of them were
> outlined by Bruce Schneier when he reviewed "TrackMeNot"[1] last year.
>
> The same issues with TrackMeNot apply to Hayneedle, including potential
> false positives, and list of word combinations that can be filtered out
> easily, and well, the list goes on.
>
Distinguished Professor, Department of Defense Analysis
Naval Postgraduate School
============================================================
TECHNICAL PROGRAM HIGHLIGHTS
Featuring 58 technical papers, on Applied Cryptography, Attacks, RFID,
Privacy, Anonymization, Formal Techniques, Cloud Security, Security of
Mobile Services, Security for Embedded and Mobile Devices, Systems and
Networks Security, Software Security, Designing Secure Systems,
Malware and Bots topics. The program also includes 5 tutorials, 12
workshops, and poster/demo session.
The CFP for HITBSecConf2008 - Dubai is now open.
Our 2008 event is expected to attract over 300 attendees from around the
EMEA region and will see keynote speakers Bruce Schneier (Founder and
CTO, BT Counterpane) and Jeremiah Grossman (Founder and CTO, White Hat
Security). The event is supported and endorsed by the UAE
Telecommunications and Regulatory Authority.
Being a deep-knowledge technical conference, talks that are more
technical or that discuss new and never before seen attack methods are
> n.runs claim is true, then many customers might be less protected than
> they would if German laws did not have the chilling effect they are
> demonstrating.
>
> It should be noted that in 2000, a veritable Who's Who of computer
> security - including Bruce Schneier, Gene Spafford, Matt Bishop, Elias
> Levy, Alan Paller, and other well-known security professionals -
> published a statement of concern about the Council of Europe draft
> treaty on Crime in Cyberspace, which I believe was the predecessor to
> the legal changes that have been happening in Germany:
>
Final Call for Papers!
Calling all practitioners in the field of IT security!
The 5th edition of the best Polish IT security conference, CONFIDENCE
2009, is taking place on May 15/16, 2009 in Krakow.
The Keynote Speakers will be Bruce Schneier, Joanna Rutkowska.
http://2009.confidence.org.pl
We invited all to send the proposed topic and abstracts of
presentation till the 5th of February. Please, remember that CONFidence
is an open, international conference and all presentations should be
he was moronic to join an irc channel filled with bots, sure he was idiotic in downloading
the code for the sake of learning. Fact is he might have. Guess what will happen to him
when a Law Enforcement Agency raids his house? Guess what will happen when that
agency needs funding for a new uber Cyber(buzzword)Crime fighting department. You
guessed it. Hey "Up-and-coming security buff..." Kiss your terminal goodbye, and from
here on out, your dreams of becoming the next Bruce Schneier will be close to non-
existent. It happens.
Anyhow, re-emphasizing... Shame on Microsoft for forwarding your data without telling
you. Shame on Microsoft for not asking you if you wanted to "PARTICIPATE" in
sending data. Shame on Microsoft for not explicitly stating: The data we are sneaking off
forced to work in isolation without the open collaboration with our peers that
we need, especially in complex cases like this, where creative thinking and
input from experts in multiple disciplines is required to join the dots.
A good place to start researching full disclosure would be this accessible
and insightful essay by Bruce Schneier.
http://www.schneier.com/essay-146.html
His balanced coverage of the debate is also available in this essay.
>> n.runs claim is true, then many customers might be less protected than
>> they would if German laws did not have the chilling effect they are
>> demonstrating.
>>
>> It should be noted that in 2000, a veritable Who's Who of computer
>> security - including Bruce Schneier, Gene Spafford, Matt Bishop, Elias
>> Levy, Alan Paller, and other well-known security professionals -
>> published a statement of concern about the Council of Europe draft
>> treaty on Crime in Cyberspace, which I believe was the predecessor to
>> the legal changes that have been happening in Germany:
>>
n.runs claim is true, then many customers might be less protected than
they would if German laws did not have the chilling effect they are
demonstrating.
It should be noted that in 2000, a veritable Who's Who of computer
security - including Bruce Schneier, Gene Spafford, Matt Bishop, Elias
Levy, Alan Paller, and other well-known security professionals -
published a statement of concern about the Council of Europe draft
treaty on Crime in Cyberspace, which I believe was the predecessor to
the legal changes that have been happening in Germany:
This workshop covers (but is not limited to) the following topics:
Access Control
Accounting and Audit
Anonymity
Applied Cryptography
Authentication
Commercial and Industry Security
Cryptographic Protocols
Data and Application Security
Data/System Integrity
> forced to work in isolation without the open collaboration with our peers that
> we need, especially in complex cases like this, where creative thinking and
> input from experts in multiple disciplines is required to join the dots.
>
> A good place to start researching full disclosure would be this accessible
> and insightful essay by Bruce Schneier.
>
> http://www.schneier.com/essay-146.html
>
> His balanced coverage of the debate is also available in this essay.
>
forced to work in isolation without the open collaboration with our peers that
we need, especially in complex cases like this, where creative thinking and
input from experts in multiple disciplines is required to join the dots.
A good place to start researching full disclosure would be this accessible
and insightful essay by Bruce Schneier.
http://www.schneier.com/essay-146.html
His balanced coverage of the debate is also available in this essay.
The CFP for HITBSecConf2008 - Dubai is now open.
Our 2008 event is expected to attract over 300 attendees from around the
EMEA region and will see keynote speakers Bruce Schneier (Founder and
CTO, BT Counterpane) and Jeremiah Grossman (Founder and CTO, White Hat
Security). The event is supported and endorsed by the UAE
Telecommunications and Regulatory Authority.
Being a deep-knowledge technical conference, talks that are more
technical or that discuss new and never before seen attack methods are
> n.runs claim is true, then many customers might be less protected than
> they would if German laws did not have the chilling effect they are
> demonstrating.
>
> It should be noted that in 2000, a veritable Who's Who of computer
> security - including Bruce Schneier, Gene Spafford, Matt Bishop, Elias
> Levy, Alan Paller, and other well-known security professionals -
> published a statement of concern about the Council of Europe draft
> treaty on Crime in Cyberspace, which I believe was the predecessor to
> the legal changes that have been happening in Germany:
>
I want to remind everyone that CONFidence is happening in less than two weeks.
http://2009.confidence.org.pl/warsztaty
CONFidence is an international conference that has been taking place in May in Poland for the last 5 years. CONFidence is focused on research and best practices of database, application, systems and network security. CONFidence is a two-day event, (15-16 May, 2009) divided in three tracks. The speakers list includes: Bruce Schneier, Tavis Ormandy, Jacob Appelbaum, Joanna Rutkowska, Rich Smith, Mario Heiderich, Mark Schoenefeld and many many more top security experts.
Moreover, just before CONFidence amazing trainings will be organized:
# w3af ninja - Andres Riancho - 12th May 2009
# Discovery and exploitation of web application vulnerabilities - Andres Riancho - 13th May 2009
# Analyzing and Securing Enterprise Application Code by Blueinfy - Shreeraj Shah & Vimal Patel - 14th May 2009
# Secure Java Programming - Marc Schoenefeld - 14th May 2009
workshops, case studies, posters, works in progress, and exhibitor information
can be found at http://www.acsac.org/2009/cfp/
Topics of interest include, but are not limited to:
* access control
* applied cryptography
* audit and audit reduction
* biometrics
* certification and accreditation
* cybersecurity
* database security
|
|
|
