lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: ge at linuxbox.org (Gadi Evron)
Subject: The Security Forum - meeting #7 -16/1/05

Hello!

The next, non-commercial, technological Security Forum will take place
on Sunday, the 16th of January, 2005, at Tel Aviv University's Lev
Auditorium.

We apologize for the cancellation of last month's first lecture on
wireless hacking. The "Rogla", however, came with extra chocolate.

Schedule
--------
17:45 - Gathering - hot and cold drinks will be served.

18:00 - Doron Shikmoni, ISOC-IL, CEO - ForeScout Technologies, Israel.
   Lecture: Security of DNS and DNS-SECurity.
   Level: High.

   The Domain Name System is an important and critical part
   of the Internet infrastructure. Consequently, it is also
   one of the most attacked pieces of that infrastructure.

   This talk will describe the main vulnerabilities of the
   DNS and attack vectors against it. It will then go into
   DNS Security (DNSSEC), an emerging protocol that is aimed
   at enhancing the DNS with a set of security features.
   We will look at DNSSEC features, see which of the problems
   it solves, and try to assess its strengths and weaknesses.

19:30 - We will break for a short recess, as well as for
   refreshments and networking between members - hot and cold
   drinks will be served.

19:50 - Zvika Gutterman, CTO - Safend.
   Lecture: Hold Your Sessions: An Attack on Java Session-id Generation.
   Level: High.

   HTTP session-id's take an important role in almost any web site
   today. This paper presents a cryptanalysis of Java Servlet
   $128$-bit session-id's and an efficient practical prediction
   algorithm. Using this attack an adversary may impersonate a
   legitimate client.
   Through the analysis we also present a novel, general space-time
   tradeoff for secure pseudo random number generator attacks.

   This is a joint work with Dahlia Malkhi.

Hot and cold drinks will be freely available.

Attendance is free.

For a map of the university please visit:
http://www2.tau.ac.il/map/unimapl1.asp

For future and past lectures, presentations and general information:
http://www.cs.tau.ac.il/tausec

You can also visit our Orkut community (Tausec):
http://www.orkut.com/Community.aspx?cmm=422590

Thank you all, and please pass this information to others.

Who we are
----------
The Security Forum, hosted by the Tel Aviv University, started when a
few of us talked about there being an (almost) complete lack of
professional and social events on security in Israel which are not
completely commercial and about "sticking products down out throats".

We decided to do instead of complain, and here we are.

In previous meetings we had over a hundred arrivals, varying from
soldiers and students, through programmers and government CSO's, all the
way to CEO's and CTO's of different companies, banks and other
institutions. Some have been part of our community since the 70's and
some are just people who are interested in the subject.

Have a good week,

	Gadi Evron.

Powered by blists - more mailing lists