secure communications
======================================================================
Call for Papers:
16th ACM Conference on Computer and Communications Security (CCS) 2009
Nov 9 - 13, 2009: Hyatt Regency Chicago, IL, USA
http://sigsac.org/ccs/CCS2009
======================================================================
Important Dates:
Apologies for multiple copies of this announcement.
------------------------------------------------------
18th ACM Conference on Computer and Communications Security (ACM CCS 2011)
CALL FOR PAPERS
OCTOBER 17 - 21, 2011
SWISSOTEL Chicago, Chicago, IL, USA
http://sigsac.org/ccs/CCS2011
The annual ACM Computer and Communications Security Conference is
=
========================================================================
Call for Papers: ACM CCS WORKSHOPS
co-located with the
16th ACM Conference on Computer and Communications Security (CCS)
2009
Nov. 9, 2009 - Nov. 13, 2009 -- Chicago, IL, USA
http://www.sigsac.org/ccs/CCS2009/
Information Security:
* Trust, Privacy and Data Security
* Network Security Issues and Protocols
* Security Challenges and Content Authoring
* Cryptography
* Secure Communications
* Authentication Techniques
* Chaos-based Data Security
* MANET Security
* Wireless Sensor Network Security
* Organization Considerations in Security Policy Formulation and
============================================================
Please excuse multiple copies of this message.
============================================================
CALL FOR PARTICIPATION
ACM Conference on Computer and Communications Security (CCS)
Nov 9 - 13, 2009: Hyatt Regency Chicago, IL, USA
http://sigsac.org/ccs/CCS2009
============================================================
Student Travel Grants application for CCS 2009 is due on Sept 25!
http://www.sigsac.org/ccs/CCS2009/stgrant.shtml
======================================================================
Call for Workshop Proposals:
16th ACM Conference on Computer and Communications Security (CCS) 2009
Web page: http://www.sigsac.org/ccs/CCS2009/cfw.shtml
======================================================================
Important Dates:
* Submission deadline: Saturday, February 28, 2009
======================================================================
- Guillaume Prigent (France)
Web Application Firewalls
- Sebastien Gioria (OWASP France)
UC Security (Unified Communications Security)
- Abhijeet Hatekar (Sipera Systems) (India)
SS7
- Philippe Langlois (France)
2. Information Security
Collaborative Learning , Trust, Privacy and Data Security, Network
Security Issues and Protocols,
Security Challenges and Content Authoring, Cryptography, Secure
Communications, Authentication
Techniques, Chaos-based Data Security, MANET Security, Wireless Sensor
Network Security,
Organization Considerations in Security Policy Formulation and
Implementations, Digital Forensics and
Crimes, Biometrics, Cyber Security
Introduction
============
Recent history has proven that web communications security is highly
lacking in redundancy. That is, simple breaks in common protocols,
such as SSL/TLS or the authentication mechanisms which support it,
often lead to catastrophic gaps in security. Recent examples of this
fragile architecture abound, and even when protocols and
implementations themselves are sound, research indicates browser user
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols
provide a secure communications layer over which other protocols can be
utilized. The most widespread use of SSL/TLS is to add security to the
HTTP protocol, thus producing HTTPS.
FreeBSD includes software from the OpenSSL Project which implements SSL
and TLS.
* Legal and Social Aspect of Information Security
* Software Engineering and Security
* Security in Information Retrieval
* Network security
* Forensics and Anti-Forensics
* Mobile communications security and vulnerabilities
Deadlines
=========
- Legal and Social Aspect of Information Security
- Software Engineering and Security
- Security in Information Retrieval
- Network security
- Forensics and Anti-Forensics
- Mobile communications security and vulnerabilities
Deadlines:
----------
11th 2008. The date is final. The advisory will include references to
the vendor's security recommendations and white paper as well as the
proposed workaround. Core also indicates that to date the company has
not published any report about the issue and has no indication of any
such reports circulating "in the wild" but cannot discard that as a
possibility given that the vendor's lack of proper secure communications
procedures forced all the involved parties to communicate without any
form of email encryption and that those communications have occurred
over a public network such as the Internet for a period of over 4 months.
. 2008-06-04:
Core asks for proper CVE and Bugtraq ID numbers, specifying it believes
each vulnerability reported in this advisory should be assigned its own.
. 2009-08-23:
Vincent Danen, from Red Hat's Security Response Team contacts Core in
order to discuss both vulnerabilities by a secure communications
channel, and offers its help in obtaining proper CVE numbers, specifying
they also believe a separate number should be assigned to each
vulnerability.
. 2009-08-23:
instance, if you configure Outlook in "auto" mode, it will be
vulnerable to MitM every time.
I would argue that if server admins and MUAs don't do all of these
things, however, there is no "significant" improvement in
communications security. It's either possible to read some one else's
mail on the wire, or it's not. (We often like to think that security
is a continuum of being more or less secure based on level of effort,
but in many cases that's simply not true. You're either vulnerable to
an issue or you're not.)
* Legal and Social Aspect of Information Security
* Software Engineering and Security
* Security in Information Retrieval
* Network Security
* Forensics and Anti-Forensics
* Mobile Communications Security and Vulnerabilities
* CSIRTs, Incident Analysis and Response
Deadlines =========
v1.1 2009-12-03 Corrected instructions in section V.2)b).
I. Background
The SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols
provide a secure communications layer over which other protocols can be
utilized. The most widespread use of SSL/TLS is to add security to the
HTTP protocol, thus producing HTTPS.
FreeBSD includes software from the OpenSSL Project which implements SSL
and TLS.
* Legal and Social Aspect of Information Security
* Software Engineering and Security
* Security in Information Retrieval
* Network Security
* Forensics and Anti-Forensics
* Mobile Communications Security and Vulnerabilities
Deadlines =========
|
