Forwarded from: Sharif Torpis <faust@private> Cc: bugtraq@private http://www.computer.org/security/cfp.htm Attacking Systems (July/August 2004) Submissions due 4 April 2004 Guest editors: Ivn Arce and Gary McGraw ivan.arce-AT-coresecurity.com, gem-AT-cigital.com Some security practitioners believe that the only way to know how to protect a system against attack is to know how attacks really work. Such people advocate teaching about attacks when building security expertise, carrying out attacks as part of testing, and thinking and writing creatively about attacks. Others feel that discussing, publishing, and teaching attacks is irresponsible. Where do you stand? This special issue is devoted to the idea of attacking systems in order to better understand how to defend them. We're looking for a set of papers exploring the following ideas: * exploiting software * attack categories: bugs and flaws * worms, viruses, and malicious code as an attack vector * attacking modern extensible systems: Java and .NET * rootkits, injection vectors, and networked machines * the politics of breaking systems * teaching students to break systems (pros and cons) * ethical hacking, red teaming, and penetration testing * attack modeling --- "note that i hold the single-author record for total CERT advisories, proving that in my copious youth i knew how to sling code but not how to manage risk." - paul vixie, 26 feb 2002 - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Mar 08 2004 - 04:41:20 PST