| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <41D1C914.40602@linuxbox.org> From: ge at linuxbox.org (Gadi Evron) Subject: The Security Forum - meeting #7 -16/1/05 Hello! The next, non-commercial, technological Security Forum will take place on Sunday, the 16th of January, 2005, at Tel Aviv University's Lev Auditorium. We apologize for the cancellation of last month's first lecture on wireless hacking. The "Rogla", however, came with extra chocolate. Schedule -------- 17:45 - Gathering - hot and cold drinks will be served. 18:00 - Doron Shikmoni, ISOC-IL, CEO - ForeScout Technologies, Israel. Lecture: Security of DNS and DNS-SECurity. Level: High. The Domain Name System is an important and critical part of the Internet infrastructure. Consequently, it is also one of the most attacked pieces of that infrastructure. This talk will describe the main vulnerabilities of the DNS and attack vectors against it. It will then go into DNS Security (DNSSEC), an emerging protocol that is aimed at enhancing the DNS with a set of security features. We will look at DNSSEC features, see which of the problems it solves, and try to assess its strengths and weaknesses. 19:30 - We will break for a short recess, as well as for refreshments and networking between members - hot and cold drinks will be served. 19:50 - Zvika Gutterman, CTO - Safend. Lecture: Hold Your Sessions: An Attack on Java Session-id Generation. Level: High. HTTP session-id's take an important role in almost any web site today. This paper presents a cryptanalysis of Java Servlet $128$-bit session-id's and an efficient practical prediction algorithm. Using this attack an adversary may impersonate a legitimate client. Through the analysis we also present a novel, general space-time tradeoff for secure pseudo random number generator attacks. This is a joint work with Dahlia Malkhi. Hot and cold drinks will be freely available. Attendance is free. For a map of the university please visit: http://www2.tau.ac.il/map/unimapl1.asp For future and past lectures, presentations and general information: http://www.cs.tau.ac.il/tausec You can also visit our Orkut community (Tausec): http://www.orkut.com/Community.aspx?cmm=422590 Thank you all, and please pass this information to others. Who we are ---------- The Security Forum, hosted by the Tel Aviv University, started when a few of us talked about there being an (almost) complete lack of professional and social events on security in Israel which are not completely commercial and about "sticking products down out throats". We decided to do instead of complain, and here we are. In previous meetings we had over a hundred arrivals, varying from soldiers and students, through programmers and government CSO's, all the way to CEO's and CTO's of different companies, banks and other institutions. Some have been part of our community since the 70's and some are just people who are interested in the subject. Have a good week, Gadi Evron.
Powered by blists - more mailing lists