Friday, September 13, 2002

[Enhyper Financial Crypto Library] News for 13-Sep-200


Web Services Links & Resources(added: 6-Sep-2002)


http://wsindex.org/


Researched directory of internet resources for .NET and XML Web Services


The Information Hiding Homepage(added: 9-Sep-2002)


http://www.cl.cam.ac.uk/~fapp2/steganography/index.html


fabien a. p. petitcolas's Digital Watermarking & Steganography Homepage.


Thirty Years Later: Lessons from the Multics Security Evaluation (added: 10-Sep-2002)


http://domino.watson.ibm.com/library/cyberdig.nsf/papers/FDEFBEBC9DD3E35485256C2C004B0F0D/$File/RC22534.pdf


The bottom-line conclusion was that “restructuring is
essential” around a verifiable “security kernel” before
using Multics (or any other system) in an open environment
(as in today’s Internet) with the existence of well-
motivated professional attackers employing subversion. The
lessons learned from the vulnerability assessment are highly
applicable today as governments and industry strive
(unsuccessfully) to “secure” today’s weaker operating
systems through add-ons, “hardening”, and intrusion
detection schemes.


Strange Attractors and TCP/IP Sequence Number Analysis (added: 12-Sep-2002)


http://razor.bindview.com/publish/papers/tcpseq.html


We consider the problem of inserting a malicious packet into
a TCP connection, as well as establishing a TCP connection
using an address that is legitimately used by another
machine. We introduce the notion of a Spoofing Set as a way
of describing a generalized attack methodology. We also
discuss a method of constructing Spoofing Sets that is based
on Phase Space Analysis and the presence of function
attractors.