Next Page >>
Conference Proceedings
Dear all,
the deadline for the submission of papers has been extended.
Accepted papers will be published in IEEE Computer Society's Conference
Proceedings Series and be available in the IEEE online Digital Library.
Please excuse possible cross-postings.
========================================================================
Papers can be submitted via the page found at:
http://www.imf-conference.org/imf2009/submission.html
Accepted papers will be published in IEEE Computer Society's Conference
Proceedings Series.
CONFERENCE BACKGROUND
=====================
Information and communication technology is more and more becoming an
the IEEE PDFExpress(TM) conversion system.
Length is 3 pages including tables and figures for contributed papers
and 6 pages for invited papers.
Accepted papers will be printed in the Conference Proceedings,
published by IEEE CPS (Conference Publishing Service) and distributed
to all participants, and will also be included in the IEEE Digital
Library. A special issue of an IEEE Journal collecting selected papers
presented at COMPENG is planned after the workshop.
RAID 2009 invites two types of submissions:
1. Full papers presenting mature research results or summarizing
operational experience protecting or monitoring large real-world
networks. Papers can be 10-20 pages long and, if accepted, they will
be presented and included in the RAID 2009 proceedings published by
Springer Verlag in its Lecture Notes in Computer Science
(http://www.springer.de/comp/lncs/index.html) series. Papers must be
formatted according to the instructions provided by Springer Verlag
(http://www.springer.de/comp/lncs/authors.html), and include an
abstract and a list of keywords.
RAID 2009 invites two types of submissions:
1. Full papers presenting mature research results or summarizing
operational experience protecting or monitoring large real-world
networks. Papers can be 10-20 pages long and, if accepted, they will
be presented and included in the RAID 2009 proceedings published by
Springer Verlag in its Lecture Notes in Computer Science
(http://www.springer.de/comp/lncs/index.html) series. Papers must be
formatted according to the instructions provided by Springer Verlag
(http://www.springer.de/comp/lncs/authors.html), and include an
abstract and a list of keywords.
construction, evaluation, application, or operation of secure
systems. Theoretical papers must make a convincing argument for the
practical significance of the results. All topic areas related to
computer and communications security are of interest and in scope.
Accepted papers will be published by ACM Press in the conference
proceedings. Outstanding papers will be invited for possible
publication in a special issue of the ACM Transactions on Information
and System Security.
Paper Submission Process:
been published or that are simultaneously submitted to a journal or a
conference with proceedings.
All submissions will be reviewed by the program committee and papers
accepted to be presented at the conference will be included in the
conference proceedings.
Details on the electronic submission procedure as well as detailed
registration information and formatting instructions are provided on
the conference web site (http://www.imf-conference.org).
submissions
are limited to 12 single-column pages to decrease the workload of volunteer
reviewers. The camera-ready version of accepted papers is limited to 20
single-column pages. The conference language is English.
The conference proceedings will be published by Springer in Lecture Notes
in Computer Science (LNCS). The proceedings will also be made available
online
by Springer in full-text electronic form via Springerlink.
***
submissions
are limited to 12 single-column pages to decrease the workload of volunteer
reviewers. The camera-ready version of accepted papers is limited to 20
single-column pages. The conference language is English.
The conference proceedings will be published by Springer in Lecture Notes
in Computer Science (LNCS). The proceedings will also be made available
online
by Springer in full-text electronic form via Springerlink.
***
submissions
are limited to 12 single-column pages to decrease the workload of volunteer
reviewers. The camera-ready version of accepted papers is limited to 20
single-column pages. The conference language is English.
The conference proceedings will be published by Springer in Lecture Notes
in Computer Science (LNCS). The proceedings will also be made available
online
by Springer in full-text electronic form via Springerlink.
***
• Roelof Temmingh, CEO, Paterva: Evaluating the Credibility of a Cyber Threat
• Scott Borg, Director, U.S. Cyber Consequences Unit: The Cyber-Defence Revolution
This conference specifically addresses the relationship between computer security and national security issues.
The registration fee of 495 EUR (195 for students) covers conference proceedings, all meals during the conference, and numerous social networking events in Old Town Tallinn.
The mission of the Cooperative Cyber Defence Centre of Excellence (CCD CoE) is to enhance the cooperative cyber defence capability of NATO and NATO nations (www.ccdcoe.org).
Complete details are available at www.ccdcoe.org/cyberwarfare/.
======================================================================
Proposals are solicited for workshops to be held in conjunction with
ACM CCS 2010. Each workshop provides a forum to address a specific
topic at the forefront of security research.
A workshop must be one full day in length. Proceedings of all
workshops will be available (on a CD) to the workshop attendees. Each
workshop will also have on-line proceedings through ACM Digital
Library, with a separate ISBN.
======================================================================
Papers
======
Accepted speakers can optionally hand in a paper which will be
published with
an ISBN in the 25C3 Proceedings. Papers will be accepted in Portable
Document
Format (PDF) only and should be around 5 pages. The PDF file must not be
password-protected or contain other restrictions. Paper size should be
DIN A4
in portrait orientation. All margins must be set to at least 2 cm (0.78
Proposals are solicited for workshops to be held in conjunction with
ACM CCS 2009. Each workshop provides a forum to address a specific
topic at the forefront of security research.
A workshop must be a full day in length. Proceedings of all workshops
will be available (on a CD) to the workshop attendees. Each workshop
will also offer on-line proceedings through ACM Digital Library, with
a separate ISBN.
submissions
are limited to 12 single-column pages to decrease the workload of volunteer
reviewers. The camera-ready version of accepted papers is limited to 20
single-column pages. The conference language is English.
The conference proceedings will be published by Springer in Lecture Notes
in Computer Science (LNCS). The proceedings will also be made available
online
by Springer in full-text electronic form via Springerlink.
***
http://www.diiga.univpm.it/~spalazzi/nicosia/submission/ .
Only PDF files will be accepted. Each paper will receive a minimum
of three reviews. Authors of accepted papers must guarantee that
their papers will be presented at the workshop. Accepted papers will
be published by ECMS in the conference proceedings which will be
available at the time of the meeting.
If you have any questions about paper submission or the workshop,
please contact the organizers.
been published or that are simultaneously submitted to a journal or a
conference with proceedings.
All submissions will be reviewed by the program committee and papers
accepted to be presented at the conference will be included in the
conference proceedings.
Papers can be submitted using the web form provided at:
https://www.softconf.com/s08/IMF2008/submit.html
been published or that are simultaneously submitted to a journal or a
conference with proceedings.
All submissions will be reviewed by the program committee and papers
accepted to be presented at the conference will be included in the
conference proceedings.
Papers can be submitted using the web form provided at:
https://www.softconf.com/s08/IMF2008/submit.html
> SSH service does not seem to suffer from the vulnerability.
>
> I am now going to go over the simplicity of the exploit and I will be
> releasing a white paper hopefully sooner than later on the specifics
> of the underlying cause. Once a user has logged on to the user-exec
> (level0) of the device they will then be able to proceed with the
> <enable> command which should give you a login prompt. At this prompt
> if you move your cursor forward with a space or character(it doesn't
> matter if there are more then one), and then proceed to delete any
> spaces or characters, by holding down the backspace a second after
> deleting the last character it should immediately drop you into level
Paper Submission
You are hereby invited to submit papers up to 6-8 pages, 8.5" x 11",
two-column format. All submissions will be reviewed by the Program
Committee. Authors of accepted papers will be given the option of
including their paper in the proceedings of the conference,
published through IEEE-CS.
Submissions must not substantially duplicate work that any of the
authors has published elsewhere or has submitted in parallel to any
other conference or workshop with proceedings. Authors of accepted
field.
We invite contributed paper for CISIS'08. Prospective authors are invited
to submit their manuscripts before March 14, 2008.
Accepted papers will be included in CISIS'08 Proceedings to be published
by Springer in the prestigious Advances in Soft Computing Serie.
*** JOURNAL SPECIAL ISSUE ***
Back in May of last year I started doing research on any possible security flaws that exist in the Pix/ASA Finesse operating System, versions 7.1 and 7.2. I discovered that a design flaw that was previously unknown in Finesse will allow a level 0 user to escalate their privilege to level 15. I believe the vulnerability may originate in the local authentication service, thus not being possible to exploit when Radius and TACACS is implemented. Implementing AAA in any other way that keeps the passwords locally defined seems to have no affect on the vulnerability. I have been able to repeatedly bypass the privilege-exec login both locally, through the console and remotely, through a telnet connection. After many attempts I have found that the SSH service does not seem to suffer from the vulnerability.
I am now going to go over the simplicity of the exploit and I will be releasing a white paper hopefully sooner than later on the specifics of the underlying cause. Once a user has logged on to the user-exec (level0) of the device they will then be able to proceed with the <enable> command which should give you a login prompt. At this prompt if you move your cursor forward with a space or character(it doesn't matter if there are more then one), and then proceed to delete any spaces or characters, by holding down the backspace a second after deleting the last character it should immediately drop you into level 15 privilege-exec mode. This attack was originally performed on a PIX 515E running version 7.2 of Finesse. I will be posting all updates regarding this exploit as they come, and I apologize for it taking so long to release this information.
Terry B Bunn
LunarTEkINT Labs
originality, timeliness, significance, relevance, and clarity of
presentation. Initial selection will be based on full papers.
Submission implies the willingness of at least one of the authors to
register and present the paper, if accepted. All accepted papers in the
Workshop are required to be presented and will be included in the
Symposium proceedings. It is our intent to have the proceedings
formally published in hard and soft copies and be available at the time
of the conference. Instructions for final manuscript format and
requirements will be posted on the CTS 2009 Symposium web site later.
Further instructions will be provided at
remotely, through a telnet connection. After many attempts I have found that
the SSH service does not seem to suffer from the vulnerability.
I am now going to go over the simplicity of the exploit and I will
be releasing a white paper hopefully sooner than later on the specifics of
the underlying cause. Once a user has logged on to the user-exec (level0) of
the device they will then be able to proceed with the <enable> command which
should give you a login prompt. At this prompt if you move your cursor
forward with a space or character(it doesn't matter if there are more then
one), and then proceed to delete any spaces or characters, by holding down
the backspace a second after deleting the last character it should
immediately drop you into level 15 privilege-exec mode. This attack was
been published or that are simultaneously submitted to a journal or a
conference with proceedings.
All submissions will be reviewed by the program committee and papers
accepted to be presented at the conference will be included in the
conference proceedings.
Details on the electronic submission procedure as well as detailed
registration information will be provided on the conference Web site at
http://www.imf-conference.org/
Paper Submission
You are hereby invited to submit papers up to 6-8 pages, 8.5" x 11",
two-column format. All submissions will be reviewed by the Program
Committee. Authors of accepted papers will be given the option of
including their paper in the proceedings of the conference,
published through IEEE-CS (pending approval).
Submissions must not substantially duplicate work that any of the
authors has published elsewhere or has submitted in parallel to any
other conference or workshop with proceedings. Authors of accepted
Back in May of last year I started doing research on any possible security flaws that exist in the Pix/ASA Finesse operating System, versions 7.1 and 7.2. I discovered that a design flaw that was previously unknown in Finesse will allow a level 0 user to escalate their privilege to level 15. I believe the vulnerability may originate in the local authentication service, thus not being possible to exploit when Radius and TACACS is implemented. Implementing AAA in any other way that keeps the passwords locally defined seems to have no affect on the vulnerability. I have been able to repeatedly bypass the privilege-exec login both locally, through the console and remotely, through a telnet connection. After many attempts I have found that the SSH service does not seem to suffer from the vulnerability.
I am now going to go over the simplicity of the exploit and I will be releasing a white paper hopefully sooner than later on the specifics of the underlying cause. Once a user has logged on to the user-exec (level0) of the device they will then be able to proceed with the <enable> command which should give you a login prompt. At this prompt if you move your cursor forward with a space or character(it doesn't matter if there are more then one), and then proceed to delete any spaces or characters, by holding down the backspace a second after deleting the last character it should immediately drop you into level 15 privilege-exec mode. This attack was originally performed on a PIX 515E running version 7.2 of Finesse. I will be posting all updates regarding this exploit as they come, and I apologize for it taking so long to release this information.
Terry B Bunn
LunarTEkINT Labs
On 24 Jan 2008 03:41:38 -0000, <tbbunn@ctc.net> wrote:
> I am now going to go over the simplicity of the exploit and I will be releasing a white paper hopefully sooner than later on the specifics of the underlying cause. Once a user has logged on to the user-exec (level0) of the device they will then be able to proceed with the <enable> command which should give you a login prompt. At this prompt if you move your cursor forward with a space or character(it doesn't matter if there are more then one), and then proceed to delete any spaces or characters, by holding down the backspace a second after deleting the last character it should immediately drop you into level 15 privilege-exec mode. This attack was originally performed on a PIX 515E running version 7.2 of Finesse. I will be posting all updates regarding this exploit as they come, and I apologize for it taking so long to release this information.
That's a ridiculous exploit. Have you notified Cisco PSIRT?
--
Kristian Erik Hermansen
"Know something about everything and everything about something."
Papers
======
Accepted speakers can optionally hand in a paper which will be
published with an ISBN in the 26C3 Proceedings. Papers will be
accepted in Portable Document Format (PDF) only and should be around
5-10 pages. The PDF file must not be password-protected or contain
other restrictions. Paper size should be DIN A4 (297x210mm) in
portrait orientation. All margins must be set to at least 2 cm (0.78
inches). Pictures should be high-contrasted, greyscaled and up to
Paper Submission
You are hereby invited to submit papers up to 6-8 pages, 8.5" x 11",
two-column format. All submissions will be reviewed by the Program
Committee. Authors of accepted papers will be given the option of
including their paper in the proceedings of the conference,
published through IEEE-CS.
Submissions must not substantially duplicate work that any of the
authors has published elsewhere or has submitted in parallel to any
other conference or workshop with proceedings. Authors of accepted
Next Page>>
|
