RISKS Forum mailing list archives
Risks Digest 28.28
From: RISKS List Owner <risko () csl sri com>
Date: Tue, 30 Sep 2014 15:51:12 PDT
RISKS-LIST: Risks-Forum Digest Tuesday 30 September 2014 Volume 28 : Issue 28 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/28.28.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: There's not a creativity deficit in science (Chris Lee via Dewayne Hendricks) "6 challenges 3D printing has yet to overcome" (Anna Gale via Gene Wirchenko) Bug in Bash shell creates big security hole on anything with *nix in it (Lauren Weinstein) New wiretap resistance in iOS 8? (John Gilmore) Re: Wanted: Astronomer with Top Secret Clearance (Whitfield Diffie) Android L will have device encryption on by default (Monty Solomon) Hack runs Android apps on Windows, Mac, and Linux computers (Ars via Monty Solomon) iOS 8: 'Wave' Wireless Microwave Charging Feature for iPad and iPhone is Not Real (Monty Solomon) iOS 8's iCloud Drive reveals the dark side of empowered users (Gene Wirchenko) Reports suggest the iPhone 6 and 6 Plus may bend in your pocket (Andrew Cunningham via Monty Solomon) Russia to be disconnected from the Internet? (Lauren Weinstein) Court blasts US Navy for scanning civilians' computers for child porn (Monty Solomon) Giant MQ-4C Triton surveillance drone flies across the United States (Monty Solomon) "Feds seek expanded PC hacking powers for criminal investigations" (Serdar Yegulalp via Gene Wirchenko) Texas man must pay $40.4M for running Bitcoin-based scam (Ars) US courts agree to restore 10 years of deleted online public records (Ars) FAA bars drone from delivering game ball to college football matchup (Ars) iFixit tears new iPhones apart, finds they're pretty easy to fix (Ars) A not-so-friendly reminder from the gov't: Yelp is not for kids (Ars) Comcast calls rumor that it disconnects Tor users `wildly_inaccurate' (Ars) Apple puts up support page to get U2 album out of your iTunes (Ars) Bill would limit reach of US search warrants for data stored abroad (Ars) Why big data evangelists should be sent to re-education camps (Farooq Butt) The Internet of Thugs (Henry Baker, Jonathan Zittrain) Allow Full Access for "SwiftKey" Keyboards? (Gabe Goldberg) Re: Software ... sends ... Colorado driver's licenses to immigrants (Amos Shapir) Re: zero-day bounties (Patrick O'Beirne) MiniReview: The Design and Implementation of the FreeBSD Operating System by McKusick, Neville-Neil, and Watson (PGN) REVIEW: Georgia Weidman: Penetration Testing (Richard Austin) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sat, Sep 20, 2014 at 5:11 PM From: Dewayne Hendricks <dewayne () warpspeed com> Subject: There's not a creativity deficit in science Don't use funding application statistics as a proxy for creativity. Chris Lee, Ars Technica, 20 Sep 2014 (via Dave Farber) <http://arstechnica.com/science/2014/09/a-creativity-deficit-in-science-no/> Not so long ago, on a website not so far away, an opinion was expressed: creativity was being suppressed in science. On the surface, the statistics support this: younger researchers are getting progressively less of the funding. Older researchers, it is asserted, tend to propose less risky and less innovative research. As with any good opinion in science, Nobel prize winners are wheeled as supporting cast. But, is it really true? Are we truly suppressing the creative side of science? The answer is, overwhelmingly, no. Scientific papers are a crude measure for scientific progress, but never have more papers being produced per year than now. Clearly, something creative is going on here. If you don't like scientific papers, simply look at technological progress: your smartphone would not have nearly as much punch without the creativity of scientists; antiviral drugs were not found lying about on the ground; experimental stem-cell therapies were not accidentally attempted. Behind all of these new things lies a decade or more of scientific research. But, you know, thats not creative at all. [... PGN truncated for RISKS.] ------------------------------ Date: Mon, 22 Sep 2014 10:00:18 -0700 From: Gene Wirchenko <genew () telus net> Subject: "6 challenges 3D printing has yet to overcome" (Anna Gale) This is the first article that I have seen that mentions some interesting downsides/risks about 3-D printing: Anna Gale, Fueled, via *IT Business*, 19 Sep 2014 http://www.itbusiness.ca/blog/6-challenges-3d-printing-has-yet-to-overcome/51152 ------------------------------ Date: Wed, 24 Sep 2014 15:02:36 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Bug in Bash shell creates big security hole on anything with *nix in it Bug in Bash shell creates big security hole on anything with *nix in it Could allow attackers to execute code on Linux, Unix, and Mac OS X Ars Technica via NNSquad http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/ "The bug, discovered by Stephane Schazelas, is related to how Bash processes environmental variables passed by the operating system or by a program calling a Bash-based script. If Bash has been configured as the default system shell, it can be used by network-based attackers against servers and other Unix and Linux devices via Web requests, secure shell, telnet sessions, or other programs that use Bash to execute scripts." ------------------------------ Date: Saturday, September 20, 2014 From: John Gilmore <gnu () toad com> Subject: New wiretap resistance in iOS 8? (from Cryptography) [ORIGINAL SOURCES: Jonathan Zdziarski, 17 Sep 2014 http://www.zdziarski.com/blog/?p=3875 Cyrus Farivar, Ars Technica, 18 Sep 2014 Apple expands data encryption under iOS 8, making handover to cops moot "Apple cannot bypass your passcode and therefore cannot access this data." http://arstechnica.com/apple/2014/09/apple-expands-data-encryption-under-ios-8-making-handover-to-cops-moot/ PGN]
Quoting from the new iOS 8 privacy policy announced tonight 17 Sep 2014.Apple has no way to decrypt iMessage and FaceTime data when it's in transit between devices. So unlike other companies' messaging services, Apple doesn't scan your communications, and we wouldn't be able to comply with a wiretap order even if we wanted to. https://www.apple.com/privacy/privacy-built-in/
And why do we believe them? * Because we can read the source code and the protocol descriptions ourselves, and determine just how secure they are? * Because they're a big company and big companies never lie? * Because they've implemented it in proprietary binary software, and proprietary crypto is always stronger than the company claims it to be? * Because they can't covertly send your device updated software that would change all these promises, for a targeted individual, or on a mass basis? * Because you will never agree to upgrade the software on your device, ever, no matter how often they send you updates? * Because this first release of their encryption software has no security bugs, so you will never need to upgrade it to retain your privacy? * Because if a future update INSERTS privacy or security bugs, we will surely be able to distinguish these updates from future updates that FIX privacy or security bugs? * Because if they change their mind and decide to lessen our privacy for their convenience, or by secret government edict, they will be sure to let us know? * Because they have worked hard for years to prevent you from upgrading the software that runs on their devices so that YOU can choose it and control it instead of them? * Because the US export control bureaucracy would never try to stop Apple from selling secure mass market proprietary encryption products across the border? * Because the countries that wouldn't let Blackberry sell phones that communicate securely with your own corporate servers, will of course let Apple sell whatever high security non-tappable devices it wants to? * Because we're apple fanboys and the company can do no wrong? * Because they want to help the terrorists win? * Because NSA made them mad once, therefore they are on the side of the public against NSA? * Because it's always better to wiretap people after you convince them that they are perfectly secure, so they'll spill all their best secrets? There must be some other reason, I'm just having trouble thinking of it. ------------------------------ Date: Tue, Sep 16, 2014 at 7:37 AM From: Whitfield Diffie <whitfield.diffie () gmail com> Subject: Re: Wanted: Astronomer with Top Secret Clearance (via Dave Farber) John Gilmore: The main answer is that the inmates have taken over the asylum, ... Although I am in general agreement with John's outrage over the government's discovery that secrecy in many forms can protect it from oversight --- national security classification is only one of these; privacy is also a great excuse for keeping things secret from the electorate --- I don't find the need for a clearance for the director of the James Webb telescope surprising. The first thing that comes to mind is my recollection that the problem with the Hubble telescope's mirrors was attributed to NASA's being unable to use existing machinery for testing them because it was classified. The range of areas in which a major project like the James Webb telescope brushes against secret technologies is broad. I believe an astronomical telescope cannot be pointed at the Earth because the Earth is too bright. As John point's out, however, there are other, much dimmer, objects like other people's spacecraft that it perhaps can look at. It also works the other way around. The first space shuttle was looked at by spy satellites to assess the status of its tiles; somehow they had forgotten they could do this by the time tile damage was suspected but not investigated on Columbia or perhaps the spy satellites did see damage to Columbia's wing tiles and either didn't tell NASA or just didn't tell us. The technology of the James Webb telescope must be closely related to that of the spy satellites. Giving the director an SI clearance doesn't guarantee NASA access to all relevant technology or the assistance of the agencies and companies that have it but I don't see any chance of that without it. ------------------------------ Date: Sun, 21 Sep 2014 00:58:21 -0400 From: Monty Solomon <monty () roscom com> Subject: Android L will have device encryption on by default http://arstechnica.com/gadgets/2014/09/android-l-will-have-device-encryption-on-by-default/ ------------------------------ Date: Sun, 21 Sep 2014 01:27:43 -0400 From: Monty Solomon <monty () roscom com> Subject: Hack runs Android apps on Windows, Mac, and Linux computers http://arstechnica.com/gadgets/2014/09/hack-runs-android-apps-on-windows-mac-and-linux-computers/ ------------------------------ Date: Tue, 23 Sep 2014 09:26:11 -0400 From: Monty Solomon <monty () roscom com> Subject: iOS 8: 'Wave' Wireless Microwave Charging Feature for iPad and iPhone is Not Real A new hoax is quickly spreading across social media platforms that claims that the new iOS 8 update will help users wirelessly charge their iPhones and iPads with the help of a household microwave. Users should understand that this claim is false and that they will most definitely blow up their iOS device if they try this. http://www.ibtimes.co.uk/ios-8-wave-wireless-microwave-charging-feature-ipad-iphone-not-real-1466446 ------------------------------ Date: Tue, 23 Sep 2014 17:33:03 -0700 From: Gene Wirchenko <genew () telus net> Subject: iOS 8's iCloud Drive reveals the dark side of empowered users http://www.infoworld.com/article/2686976/consumerization-of-it/ios-8-reveals-the-dark-side-of-empowered-users.html iOS 8's iCloud Drive reveals the dark side of empowered users Apple's iCloud Drive deployment was sure to mess up people's access to documents -- and it did InfoWorld | Sep 23, 2014 ------------------------------ Date: Wed, 24 Sep 2014 03:25:33 -0400 From: Monty Solomon <monty () roscom com> Subject: Reports suggest the iPhone 6 and 6 Plus may bend in your pocket The new phones are thin, but it might make them more flexible than intended. Andrew Cunningham, Ars Technica, 23 Sep 2014 http://arstechnica.com/apple/2014/09/reports-suggest-the-iphone-6-and-6-plus-may-bend-under-pressure/ ------------------------------ Date: Fri, 19 Sep 2014 11:56:34 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Russia to be disconnected from the Internet? Pravda via NNSquad http://english.pravda.ru/society/stories/19-09-2014/128572-russia_internet-0/ "According to various reports, the officials will make a number of decisions regulating the use of the Internet in Russia, providing for the ability to cut the Russian Internet, known as Runet, from the outside world, in case of emergency." You know -- emergencies -- like Czar Putin trying to do a Stalin on his own people. ------------------------------ Date: Mon, 15 Sep 2014 21:57:25 -0400 From: Monty Solomon <monty () roscom com> Subject: Court blasts US Navy for scanning civilians' computers for child porn Every Gnutella user in the state of Washington was checked by the NCIS. http://arstechnica.com/tech-policy/2014/09/court-blasts-us-navy-for-scanning-civilians-computers-for-child-porn/ ------------------------------ Date: Sun, 21 Sep 2014 01:05:05 -0400 From: Monty Solomon <monty () roscom com> Subject: Giant MQ-4C Triton surveillance drone flies across the United States http://arstechnica.com/tech-policy/2014/09/giant-mq-4c-triton-surveillance-drone-flies-across-the-united-states/ ------------------------------ Date: Thu, 18 Sep 2014 14:41:52 -0700 From: Gene Wirchenko <genew () telus net> Subject: "Feds seek expanded PC hacking powers for criminal investigations" (Serdar Yegulalp) Serdar Yegulalp, InfoWorld | 17 Sep 2014 The FBI and Department of Justice are mulling rules that would allow broader opportunities for domestic law enforcement to hack PCs as part of a criminal investigation http://www.infoworld.com/article/2684796/government/feds-seek-expanded-pc-hacking-powers-for-criminal-investigations.html ------------------------------ Date: Sun, 21 Sep 2014 01:32:04 -0400 From: Monty Solomon <monty () roscom com> Subject: Texas man must pay $40.4M for running Bitcoin-based scam http://arstechnica.com/tech-policy/2014/09/texas-man-must-pay-40-4m-for-running-bitcoin-based-scam-court-rules/ ------------------------------ Date: Sun, 21 Sep 2014 01:30:18 -0400 From: Monty Solomon <monty () roscom com> Subject: US courts agree to restore 10 years of deleted online public records http://arstechnica.com/tech-policy/2014/09/us-courts-agree-to-restore-10-years-of-deleted-online-public-records/ ------------------------------ Date: Sun, 21 Sep 2014 01:30:57 -0400 From: Monty Solomon <monty () roscom com> Subject: FAA bars drone from delivering game ball to college football matchup http://arstechnica.com/tech-policy/2014/09/faa-bars-drone-from-delivering-game-ball-to-college-football-matchup/ ------------------------------ Date: Sun, 21 Sep 2014 01:25:26 -0400 From: Monty Solomon <monty () roscom com> Subject: iFixit tears new iPhones apart, finds they're pretty easy to fix http://arstechnica.com/apple/2014/09/ifixit-tears-new-iphones-apart-finds-theyre-pretty-easy-to-fix/ ------------------------------ Date: Sun, 21 Sep 2014 01:29:10 -0400 From: Monty Solomon <monty () roscom com> Subject: A not-so-friendly reminder from the gov't: Yelp is not for kids http://arstechnica.com/tech-policy/2014/09/a-not-so-friendly-reminder-from-the-govt-yelp-is-not-for-kids/ ------------------------------ Date: Mon, 15 Sep 2014 21:54:35 -0400 From: Monty Solomon <monty () roscom com> Subject: Comcast calls rumor that it disconnects Tor users `wildly_inaccurate' http://arstechnica.com/business/2014/09/comcast-calls-rumor-that-it-disconnects-tor-users-wildly-inaccurate/ ------------------------------ Date: Mon, 15 Sep 2014 22:00:28 -0400 From: Monty Solomon <monty () roscom com> Subject: Apple puts up support page to get U2 album out of your iTunes (Ars) Apple puts up support page to get U2 album out of your iTunes Too many people don't want U2 anywhere near their libraries. http://arstechnica.com/apple/2014/09/apple-puts-up-support-page-to-get-u2-album-out-of-your-itunes/ ------------------------------ Date: Sun, 21 Sep 2014 01:26:34 -0400 From: Monty Solomon <monty () roscom com> Subject: Bill would limit reach of US search warrants for data stored abroad http://arstechnica.com/tech-policy/2014/09/bill-would-limit-reach-of-us-search-warrants-for-data-stored-abroad/ ------------------------------ Date: Sep 20, 2014 7:12 PM From: "Farooq Butt" <farooq () farooqbutt com> Subject: Why big data evangelists should be sent to re-education camps (via Dave Farber) http://www.zdnet.com/why-big-data-evangelists-should-be-sent-to-re-education-camps-7000033862/ ------------------------------ Date: Wed, 24 Sep 2014 20:45:36 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: The Internet of Thugs Cory Doctorow's worst fears w.r.t. repossessed Internet-enabled devices are now being realized. Perhaps this is what Jonathan Zittrain had in mind with his "kill switches for weaponry": "if you just make that next payment to the U.S. military-industrial complex secret account in Switzerland, we'll restore power to your tank/fighter-jet/etc. so that you can continue killing your own citizens. Thank you for your business!" What next? Internet-enabled Ebola medicines ? "Please remit $10 million to the Big Pharma secret lobbying slush fund, so that we can send you the Ebola medicine enable code. We're sorry for the temporary inconvenience." Michael Corkery and Jessica Silver-Greenberg Miss a Payment? Good Luck Moving That Car *The New York Times*, 24 Sep 2014 [pruned starkly for RISKS] http://dealbook.nytimes.com/2014/09/24/miss-a-payment-good-luck-moving-that-car/ ------------------------------ Date: Thu, 25 Sep 2014 09:39:48 -0400 From: Jonathan Zittrain <zittrain () law harvard edu> Subject: Re: The Internet of Thugs (Baker, RISKS-28.28) FWIW, Cory's fears are my fears on this. And in the consumer space, self-stopping (rather than self-driving) cars are only the beginning. But I find many differences between the Internet-enabled shift from product to service among consumers -- something I wrote about at length at <http://yupnet.org/zittrain/archives/14> -- and an army ready to do awful things with weapons, perhaps stopped by the heavy weapons' refusing to work for anyone able to simply get hands on them. The power dynamics are inverted in the second example. ------------------------------ Date: Wed, 24 Sep 2014 20:39:40 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Allow Full Access for "SwiftKey" Keyboards? Why not? "Full access allows the developer of this keyboard to transmit anything you type, including things you have previously typed with this keyboard. This could include sensitive information such as your credit card number or street address." ... Head to your Settings app, then go to General > Keyboard > Keyboards. Choose to add a new keyboard, and pick it from the list of third-party keyboards. Finally, tap the new keyboard's name and choose to Allow Full Access (not required for Swype). You'll get a warning message about this, but it's required by the operating system. Obviously, a keyboard can theoretically collect everything you type into it; rest assured that well-known developers are keeping your info safe. http://www.makeuseof.com/tag/ios-8-lets-replace-iphone-ipads-keyboard-heres/ Well-known developers ALWAYS keep us safe. What could possibly go wrong with this? ------------------------------ Date: Wed, 17 Sep 2014 17:00:02 +0300 From: Amos Shapir <amos083 () gmail com> Subject: Re: Software ... sends ... Colorado driver's licenses to immigrants IMHO the trouble is caused by using driver licenses where a "voter license" would be required -- namely, a national citizen's ID card. The insistence on not to institute any form of an official ID card had resulted in using a driver license in most cases, which leads to such contraptions as a "non-driving license" which is used as an ID and issued by the DMV in some states, although it has nothing to do with driving. Since states and the federal government manage every other aspect of voting, why wouldn't they also manage voters identification? ------------------------------ Date: Tue, 16 Sep 2014 08:57:18 +0100 From: "Patrick O'Beirne" <pob () sysmod com> Subject: Re: zero-day bounties (Edwards, RISKS-28.27) That article considers rework and test costs versus loss of income. There are two other risks to bugs: Cost of damage from failure (e.g., misleading information leading to damage to reputation or even worse to customers), and/or loss of revenue, e.g., mispricing. ------------------------------ Date: Thu, 25 Sep 2014 9:51:15 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: The Design and Implementation of the FreeBSD Operating System Marshall Kirk McKusick, George V. Neville-Neil, and Robert N.M. Watson The Design and Implementation of the FreeBSD Operating System Second edition, Addison-Wesley 2015 xxx + 886 + some useful unnumbered pages on videos and course materials Excerpted from the preface: This book is about the internal structure of the FreeBSD 11 kernel and the concepts, data structures, and algorithms used in implementing FreeBD's system facilities. The book covers FreeBSD from the system-call level down -- from the interface to the kernel to the hardware itself. The kernel includes system facilities, such as process management, security, virtual memory, the I/O system, filesystems, the *socket* IPC mechanism, and network protocol implementations. This is a truly extraordinary book -- extremely well written, comprehensive, incisive, and timely. It seems to have something for everyone -- software developers, administrators, students, and others hungry for a single source for a wide range of considerable knowledge and experience that is highly relevant. The second edition has roughly 1/3 completely new text and 1/3 of the earlier text extensively rewritten, It can serve as a reference book, as well as a valuable source for operating systems courses. One of the major new additions in the 2nd edition is a chapter by Robert Watson on security, which includes more conventional topics such as discretionary/mandatory access control, audit, etc, but also more contemporary topics such as Capsicum, disk encryption, and so on. This new chapter may be of particular interest to RISKS readers. Whereas FreeBSD is used in its own right as a server OS, it is also an open-source operating-system foundation for systems as varied as Mac OS X and Apple iOS, NetApp's OnTap GX, EMC/Isilon appliances, Juniper Junos, and the Sony Playstation. Therefore, its security should be highly relevant to RISKS readers. Note: The preface says `FreeBSD 11'. The book does describe things that will ship with FreeBSD 11, but is also relevant for the existing FreeBSD 10. ------------------------------ Date: Thu, 25 Sep 2014 09:49:25 -0600 From: "Cipher Editor" <cipher-editor () ieee-security org> Subject: REVIEW: Georgia Weidman: Penetration Testing (Richard Austin) Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 122 September 25, 2014 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Richard Austin Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Book Review by Richard Austin, 16 Sep 2014 Georgia Weidman: Penetration Testing: A Hands-On Introduction to Hacking No Starch Press 2014 ISBN 978-1-59327-564-8 Amazon.com USD 28.11 Table of Contents: http://www.nostarch.com/pentesting#toc When the publication announcement for this book arrived in my EMAIL, my first response was "Not another pen-testing book!" and I gazed at the table of contents with rather of a jaundiced eye. As you have probably noticed, I have a fondness for books that require you to "do" as you read and Weidman's chapters on setting up a virtual lab and introducing Kali Linux piqued my interest enough to start reading. Weidman wasted no time in starting to rack up credibility points as she noted that in a penetration test, you simulate attacks by actually EXPLOITING vulnerabilities rather than just identifying them (Chapter 0). Then on page 3, she earned her "veteran" status by noting that even a simple port scan of a device's management port can knock them off the air (in my experience by crashing the on-board web server). To avoid this becoming just another catalog of tools and dialogs, the reader will definitely want to follow the procedures in Chapter 1 to set up the virtual lab for the book. Weidman makes use of Kali Linux which has an arsenal of tools already installed and avoids much time wandering the "dependency maze" in getting the tools to run. She wisely recommends that you use the Kali version available on the book website so that her walkthroughs will match the tool versions. Chapters 2 through 4 provide a brief introduction to Kali, scripting and the Metasploit framework that prepare you for the detailed walkthroughs in later chapters. With preliminaries out of the way, Weidman devotes the next three chapters to the assessment phase of the penetration test. It's a pretty standard presentation of the usual tools (whois, nmap, Nessus, Metasploit, etc.) with accompanying introductory walkthroughs in the virtual lab environment. The next eight chapters are devoted to attacks, and this is where Weidman starts to shine. She makes the solid point that in a penetration test, you have to go beyond identifying a vulnerability and actually exploit it where possible. And, most importantly, after a successful exploit, you have to do something interesting (interesting to you as the pen-tester but damaging to the customer if actually done by an adversary). The catalog of attack methods is quite comprehensive and goes beyond the usual exploitation of technical vulnerabilities and cracking passwords to client-side attacks, social engineering (using SET. the Social Engineer Toolkit) and evading anti-virus. Chapter 13, "Post Exploitation", is highly recommended for its coverage (and walkthrough) of how to capitalize on an initial foothold to achieve further access within the infrastructure. She rounds out her survey of attacks with coverage of web applications (notable for illustrating use of the Burp proxy) and wireless. Weidman's next the important topic of "Exploit Development", and she spends four chapters covering stack-based buffer overflows, SEH (Structured Exception Handler) overwrites, fuzzing and development of Metasploit modules for new vulnerabilities. This section provides a concise, all-in-one-place overview of these essential topics. The final chapter covers Weidman's personal specialty: attacking mobile devices. As these wandering gateways into our infrastructures and repositories of proprietary data have become increasingly common, their value to our adversaries has correspondingly increased. Weidman's coverage of how these devices are attacked and use of her "Smartphone Pentest Framework" are a valuable addition to the knowledge base of the practicing security professional. The walkthroughs are done using emulators, so there's no need to risk "bricking" a real device when following along with the text. Through I started out with reservations about the need for yet-another-pen-testing-book, Weidman's presentation has much to recommend it to the technical security professional. No book is ever going to make one into a successful penetration tester but careful study and time invested in following her walkthroughs will provide increased understanding of the pen-tester's craft and appreciation of our adversaries' use of similar techniques in the field. Definitely a recommended read. Information for Subscribers and Contributors Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin () ieee-security org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request () mailman xmission com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin () ieee-security org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request () mailman xmission com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) ------------------------------ Date: Sun, 7 Oct 2012 20:20:16 -0900 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request () csl sri com containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe () csl sri com or risks-unsubscribe () csl sri com depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall () newcastle ac uk>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line. *** NOTE: Including the string `notsp' at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 28.28 ************************
Current thread:
- Risks Digest 28.28 RISKS List Owner (Sep 30)