interesting materisl
5 views
Skip to first unread message
Alex Railean
Jun 24, 2012, 4:25:17 AM6/24/12
to fafo...@googlegroups.com
Hi everyone,
I'd like to share some things I bumped into in the past few days.
- http://en.wikipedia.org/wiki/List_of_shibboleths
It seems that challenge-response schemes were used successfully even
in the middle ages :-) They relied on some physical characteristics
of specific groups of people to figure out who they are. It is sad
that these methods were used to decide whether to kill a person or
not, but with some deviations - some of the examples are very
funny, look for "bulls".
- http://www.grc.com/securitynow.htm SecurityNow is an uber-podcast
filled with juicy bits of info about the field of IT security.
Beware, this one has ads in it, but it is totally worth it. The
hosts have a great sense of humour and the way they talk about
things is filled with enthusiasm and passion about what they are
doing.
You can give a try to this one, where they discuss some things that
are known about the "Flame" worm, that has recently attacked a large
number of computers in the Middle East (especially Iran):
http://media.grc.com/sn/sn-355-lq.mp3
Another episode updates that info with new details about the attacks
that were necessary to perform in order to generate a fake
certificate that is used by Flame:
http://media.grc.com/sn/sn-357-lq.mp3
You can also watch them live http://twit.tv/#playstream
- I don't remember if I told you about this in class, but.. I briefly
mentioned sites like Secunia, that keep track of vulnerabilities.
But there are many other ones that publish lists of freshly
discovered issues. You must keep an eye on them if you're a sysadmin
or a security person.
- US-CERT //computer emergency readiness team
http://www.us-cert.gov/cas/bulletins/
- http://catless.ncl.ac.uk/Risks
- ENISA //European network and information security agency
http://www.enisa.europa.eu/publications/studies
they publish various reports that highlight their findings in
different matters, such as the privacy of personal data stored on
electronic cards in different European states
- http://www.net-security.org/vulnerabilities.php
- http://xorl.wordpress.com/ - this is particularly interesting, the
author takes a fresh vulnerability report, finds the code
responsible for it and explains how the attack works.
- Last, but not least.... the last lecture was about typical mistakes
made by programmers. Here's a neat list, sorted by "popularity",
with explanations, examples, schmexamples, etc.
http://cwe.mitre.org/top25/
Have fun :-)
I'd like to share some things I bumped into in the past few days.
- http://en.wikipedia.org/wiki/List_of_shibboleths
It seems that challenge-response schemes were used successfully even
in the middle ages :-) They relied on some physical characteristics
of specific groups of people to figure out who they are. It is sad
that these methods were used to decide whether to kill a person or
not, but with some deviations - some of the examples are very
funny, look for "bulls".
- http://www.grc.com/securitynow.htm SecurityNow is an uber-podcast
filled with juicy bits of info about the field of IT security.
Beware, this one has ads in it, but it is totally worth it. The
hosts have a great sense of humour and the way they talk about
things is filled with enthusiasm and passion about what they are
doing.
You can give a try to this one, where they discuss some things that
are known about the "Flame" worm, that has recently attacked a large
number of computers in the Middle East (especially Iran):
http://media.grc.com/sn/sn-355-lq.mp3
Another episode updates that info with new details about the attacks
that were necessary to perform in order to generate a fake
certificate that is used by Flame:
http://media.grc.com/sn/sn-357-lq.mp3
You can also watch them live http://twit.tv/#playstream
- I don't remember if I told you about this in class, but.. I briefly
mentioned sites like Secunia, that keep track of vulnerabilities.
But there are many other ones that publish lists of freshly
discovered issues. You must keep an eye on them if you're a sysadmin
or a security person.
- US-CERT //computer emergency readiness team
http://www.us-cert.gov/cas/bulletins/
- http://catless.ncl.ac.uk/Risks
- ENISA //European network and information security agency
http://www.enisa.europa.eu/publications/studies
they publish various reports that highlight their findings in
different matters, such as the privacy of personal data stored on
electronic cards in different European states
- http://www.net-security.org/vulnerabilities.php
- http://xorl.wordpress.com/ - this is particularly interesting, the
author takes a fresh vulnerability report, finds the code
responsible for it and explains how the attack works.
- Last, but not least.... the last lecture was about typical mistakes
made by programmers. Here's a neat list, sorted by "popularity",
with explanations, examples, schmexamples, etc.
http://cwe.mitre.org/top25/
Have fun :-)
Reply all
Reply to author
Forward
0 new messages