|
 |
diumenge, 10 / desembre / 2006 |
|
|
 Disponible, en format PDF, a versió íntegra del llibre «Handbook of Applied Cryptography» d'Alfred J. Menezes, Paul C. van Oorschot i Scott A. Vanstone (ISNB 0-8493-8523-7; cinquena impressió, agost 2001). El cotingut és:
- Chapter 1 - Overview of Cryptography ps pdf
- Chapter 2 - Mathematics Background ps pdf
- Chapter 3 - Number-Theoretic Reference Problems ps pdf
- Chapter 4 - Public-Key Parameters ps pdf
- Chapter 5 - Pseudorandom Bits and Sequences ps pdf
- Chapter 6 - Stream Ciphers ps pdf
- Chapter 7 - Block Ciphers ps pdf
- Chapter 8 - Public-Key Encryption ps pdf
- Chapter 9 - Hash Functions and Data Integrity ps pdf
- Chapter 10 - Identification and Entity Authentication ps pdf
- Chapter 11 - Digital Signatures ps pdf
- Chapter 12 - Key Establishment Protocols ps pdf
- Chapter 13 - Key Management Techniques ps pdf
- Chapter 14 - Efficient Implementation ps pdf
- Chapter 15 - Patents and Standards ps pdf
- Appendix - Bibliography of Papers from Selected Cryptographic Forums ps pdf
- References ps pdf
- Index ps pdf
De fet, no és cap novetat (ja ho estava des de finals del 2002), però aquest cap de setmana m'ha estat útil... i per això ho torno a publicar :)
|
18:08 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
A spread model of flash worms. Estudi realitzat per un investigador del centre d'avaluació de la seguretat d'Intel on s'analitza el model de distribució que permet a un cuc que s'aprofita d'una vulnerabilitat infectar de forma ràpida a tota la població potencial. Exemples d'aquests cucs són el Sasser, l'Slammer o el Code Red.
In this work we we introduce a mathematical model for epidemics of worms using hit-list spreading technique. Flash worms to infect the whole vulnerable population. The estimated infection time shows that even heavy network worm can potentially infect large-scale vulnerable population within few seconds. Primarily the work is based on results of the work Top Speed of Flash Worms by S. Staniford et al.. We also genralize infection doubling technique used to increase a resilience of flash worms epidemics.
It took the whole day for Code Red I v2 to spread among over 350,000 Internet hosts. Slammer worm infected more than 90 percent of up to 100,000 vulnerable hosts within 10 minutes (Inside the Slammer Worm by D. Moore et al.), Witty worm infected almost all of its 12,000 victims in 45 minutes (The Spread of the Witty Worm by C. Shannon and D. Moore).
|
10:41 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
 ICMPshell v0.2 permet realitzar una connexió tipus telnet amb un servidor remot, obrint un shell... La particularitat és que tot el tràfic s'envia amb el protocol ICMP, tant per a l'emissió com per a la recepció.
How does it work? The ISHELL server is run in daemon mode on the remote server. When the server recieves a request from the client it will strip the header and look at the ID field, if it matches the server then it will pipe the data to "/bin/sh". It will then read the results from the pipe and send them back to the client and the client prints the results to stdout.
By default the client and server send packets with an ICMP type of 0 (ICMP_ECHO_REPLY), however this can be changed on both the client and server side. ISHELL does not care what type you send out from the client or server end, the types do not have to match.
|
01:02 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[Vnunet] Update: viruses coming to a screen near you. McAfee preveu que durant l'any vinent sorgirà una nova font d'entrada pels virus: els fitxers de vídeos.
Online criminals will develop malware for any application that attracts large numbers of consumers and, as a result, are likely to start creating movie Trojans. When a user opens such a file in their media player, the software will automatically start downloading and installing malware or adware. A first example of such an online threat was detected earlier this month in the Realor worm that targets the Real Player.
Mobile phones too are expected to receive increased scrutiny from criminals.
(...)
McAfee's complete list of predictions for next year:
- The number of password-stealing websites will increase using fake sign-in pages for popular online services such as eBay.
- The volume of spam, particularly bandwidth-eating image spam, will continue to increase.
- The popularity of video sharing on the web makes it inevitable that hackers will target MPEG files as a means to distribute malicious code.
- Mobile phone attacks will become more prevalent as mobile devices become 'smarter' and more connected.
- Adware will go mainstream following the increase in commercial Potentially Unwanted Programs.
- Identity theft and data loss will continue to be a public issue – at the root of these crimes is often computer theft, loss of back-ups and compromised information systems.
- The use of bots, computer programs that perform automated tasks, will increase as a tool favoured by hackers.
- Parasitic malware, or viruses that modify existing files on a disk, will make a comeback.
- The number of rootkits on 32-bit platforms will increase, but protection and remediation capabilities will increase as well.
- Vulnerabilities will continue to cause concern fuelled by the underground market for vulnerabilities.
|
00:53 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[ComputerWeekly] Laptop security - it's not that difficult. Una sèrie de consells, simples i bàsics, per tal d'evitar que el fet de perdre un portàtil tingui conseqüències importants a nivell de seguretat.
Firstly, introduce encryption facilities for all users handling sensitive personal data.
(...)
Secondly, introduce a risk assessment process into the reporting process for laptop losses and thefts. In the absence of any security advice, most IT helpdesks will simply replace the lost laptop with a new one. You need to establish if there was any sensitive data on the laptop or any suspicious circumstances surrounding the loss, and, if so, to conduct a damage assessment as quickly as possible.
Thirdly, monitor and analyse where and how laptops are being lost or stolen
(...)
Finally, take special action to remind staff to look after their laptops during the run up to Christmas period, when many staff are distracted and may well leave their laptops unattended in pubs, trains or offices.
El segon consell és molt important: sovint els responsables de seguretat no saben que s'ha perdut un portàtil que contenia dades importants fins que han passat alguns dies (i sovint se n'assabenten per les converses a la màquina del cafè).
|
00:12 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 2000-2006 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
|
