Next Page >>
Republic of Estonia
Hi Gadi and all the rest of a community,
I work and live in Estonia, and I was a witness to all happening here,
especially on the cyber-sphere starting the first day.
Let's skip the details on the political context of your story, which from my
point of view is far from being neutral, and pass-on to technical part of
it.
First of all, neither I, nor (well as far as I know) anybody here have seen
-----
Conference on Cyber Conflict
Tallinn, Estonia, June 15-18, 2010
Cooperative Cyber Defence Centre of Excellence
www.ccdcoe.org/conference2010/agenda.html
On Tue, 20 May 2008, Viktor Larionov wrote:
> Hi Gadi and all the rest of a community,
>
> I work and live in Estonia, and I was a witness to all happening here,
> especially on the cyber-sphere starting the first day.
>
> Let's skip the details on the political context of your story, which from my
> point of view is far from being neutral, and pass-on to technical part of
> it.
>
About a year ago after coming back from Estonia I promised I'd send in an
account of the Estonian "war". The postmortem analysis and recommendations
I later wrote for the Estonian CERT are not yet public.
A few months ago I wrote an article for the Georgetown Journal of
International Affairs, covering the story of what happened there, in
depth. The journal owns the copyright so I had no way of sending that
along either. I wasn't about to email saying "go buy a copy".
Mostly silly articles kept popping up with misguided to wrong information
Crispin Cowan wrote:
>
> This is a perfectly viable way to produce what amounts to Internet
> munitions. The recent incident of Estonia Under *Russian Cyber Attack*?
> <http://www.internetnews.com/security/article.php/3678606> is an example
> of such a network brush war in which possession of such an arsenal would
> be very useful.
>
> Crispin
The internet Security Operations and Intelligence (ISOI) 5th workshop will
take place on the 11th and 12th of September, 2008.
Venue: Tallinn, Estonia.
Host: Estonian CERT (www.cert.ee).
Attendance:
While payment is not required, to attend you must be a member of one of
the vetted operational communities, or contact us directly for special
consideration.
CFP due March 15, 2009
Conference on Cyber Warfare in Tallinn, Estonia: June 17-19, 2009
Host: Cooperative Cyber Defence Centre of Excellence (www.ccdcoe.org)
CCD CoE is soliciting research papers within the emerging field of
cyber warfare, including but not limited to:
Concepts and Doctrine
[waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01
===============================================================================
Author: Janek Vind "waraxe"
Date: 21. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-63.html
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11
> ====================================================================
>
> Author: Janek Vind "waraxe"
> Date: 27. September 2007
> Location: Estonia, Tartu
> Web: http://www.waraxe.us/advisory-56.html
>
>
> Target software description:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11
====================================================================
Author: Janek Vind "waraxe"
Date: 27. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-56.html
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09
===============================================================================
Author: Janek Vind "waraxe"
Date: 15. June 2009
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-74.html
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#####
Greetings from the Cooperative Cyber Defence Centre of Excellence (CCD CoE) in Tallinn, Estonia!
Registration is now open for the CCD CoE Conference on Cyber Warfare, which will take place at the Estonian National Theater on June 17-19, 2009.
Following a worldwide Call for Papers, there will be 29 presentations given by researchers from 13 countries. Highlights include:
• Jaak Aaviksoo, Estonian Defence Minister
• Information Warfare Monitor: Tracking GhostNet: Investigating a Cyber Espionage Network
-----
Call for Papers!
Cooperative Cyber Defence Centre of Excellence (www.ccdcoe.org),
Tallinn, Estonia
Conference on Cyber Conflict, June 15-18, 2010
CCD CoE seeks research papers from academia and the professional world
that offer an original and substantial contribution toward
[waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11
===============================================================================
Author: Janek Vind "waraxe"
Date: 21. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-64.html
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===============================================================================
Author: Janek Vind "waraxe"
Independent discovery: koziolek
Date: 16. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-61.html
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[waraxe-2007-SA#052] - dBlog CMS Open Source database retrieval
====================================================================
Author: Janek Vind "waraxe"
Date: 19. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-52.html
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[waraxe-2009-SA#075] - Remote File Disclosure in Vivvo CMS 4.1.5.1
===============================================================================
Author: Janek Vind "waraxe"
Date: 21. October 2009
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-75.html
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[waraxe-2007-SA#055] - Sql Injection in SiteX CMS 0.7.3 Beta
====================================================================
Author: Janek Vind "waraxe"
Date: 27. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-55.html
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[waraxe-2007-SA#060] - Sensitive info disclosure in CuteNews <= 1.4.5
=====================================================================
Author: Janek Vind "waraxe"
Date: 24. December 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-60.html
Vulnerable software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[waraxe-2007-SA#057] - Unauthorized File Upload in SiteX CMS
====================================================================
Author: Janek Vind "waraxe"
Date: 27. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-57.html
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[waraxe-2007-SA#059] - XSS in WordPress 2.3
====================================================================
Author: Janek Vind "waraxe"
Date: 27. October 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-59.html
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cooperative Cyber Defence Centre of Excellence
Conference on Cyber Warfare
June 17-19, 2009
Tallinn, Estonia
www.ccdcoe.org
Jaak Aaviksoo, Estonian Defence Minister
Opening Remarks
KEYNOTE
[waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14
===============================================================================
Author: Janek Vind "waraxe"
Date: 30. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-65.html
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[waraxe-2007-SA#054] - Local File Inclusion in Dance Music module for phpNuke
============================================================================
Author: Janek Vind "waraxe"
Date: 25. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-54.html
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Such a nation might farm these private 0day exploits by employing a pool
of vulnerability researchers and exploit developers, and just not
published the results.
This is a perfectly viable way to produce what amounts to Internet
munitions. The recent incident of Estonia Under *Russian Cyber Attack*?
<http://www.internetnews.com/security/article.php/3678606> is an example
of such a network brush war in which possession of such an arsenal would
be very useful.
Crispin
[waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14
===============================================================================
Author: Janek Vind "waraxe"
Date: 31. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-66.html
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[waraxe-2009-SA#070] - Multiple Vulnerabilities in MKPortal <= 1.2.1
==============================================================================
Author: Janek Vind "waraxe"
Date: 15. January 2009
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-70.html
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[waraxe-2008-SA#068] - Sql Injection in vBulletin 3.7.3.pl1
===============================================================================
Author: Janek Vind "waraxe"
Date: 17. November 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-68.html
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Such a nation might farm these private 0day exploits by employing a pool
of vulnerability researchers and exploit developers, and just not
published the results.
This is a perfectly viable way to produce what amounts to Internet
munitions. The recent incident of Estonia Under *Russian Cyber Attack*?
<http://www.internetnews.com/security/article.php/3678606> is an example
of such a network brush war in which possession of such an arsenal would
be very useful.
Crispin
Conference on Cyber Warfare
June 17-19, 2009
Tallinn, Estonia
The Cooperative Cyber Defence Centre of Excellence is hosting a Conference on Cyber Warfare in 2009.
CCD CoE is soliciting research papers within the emerging field of cyber warfare, including but not limited to the following topics:
Next Page>>
|
