Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

The Security Forum - meeting #7 -16/1/05

From: Gadi Evron <ge () linuxbox org>
Date: Tue, 28 Dec 2004 22:59:00 +0200
Hello!

The next, non-commercial, technological Security Forum will take place
on Sunday, the 16th of January, 2005, at Tel Aviv University's Lev
Auditorium.

We apologize for the cancellation of last month's first lecture on
wireless hacking. The "Rogla", however, came with extra chocolate.

Schedule
--------
17:45 - Gathering - hot and cold drinks will be served.

18:00 - Doron Shikmoni, ISOC-IL, CEO - ForeScout Technologies, Israel.
  Lecture: Security of DNS and DNS-SECurity.
  Level: High.

  The Domain Name System is an important and critical part
  of the Internet infrastructure. Consequently, it is also
  one of the most attacked pieces of that infrastructure.

  This talk will describe the main vulnerabilities of the
  DNS and attack vectors against it. It will then go into
  DNS Security (DNSSEC), an emerging protocol that is aimed
  at enhancing the DNS with a set of security features.
  We will look at DNSSEC features, see which of the problems
  it solves, and try to assess its strengths and weaknesses.

19:30 - We will break for a short recess, as well as for
  refreshments and networking between members - hot and cold
  drinks will be served.

19:50 - Zvika Gutterman, CTO - Safend.
  Lecture: Hold Your Sessions: An Attack on Java Session-id Generation.
  Level: High.

  HTTP session-id's take an important role in almost any web site
  today. This paper presents a cryptanalysis of Java Servlet
  $128$-bit session-id's and an efficient practical prediction
  algorithm. Using this attack an adversary may impersonate a
  legitimate client.
  Through the analysis we also present a novel, general space-time
  tradeoff for secure pseudo random number generator attacks.

  This is a joint work with Dahlia Malkhi.

Hot and cold drinks will be freely available.

Attendance is free.

For a map of the university please visit:
http://www2.tau.ac.il/map/unimapl1.asp

For future and past lectures, presentations and general information:
http://www.cs.tau.ac.il/tausec

You can also visit our Orkut community (Tausec):
http://www.orkut.com/Community.aspx?cmm=422590

Thank you all, and please pass this information to others.

Who we are
----------
The Security Forum, hosted by the Tel Aviv University, started when a
few of us talked about there being an (almost) complete lack of
professional and social events on security in Israel which are not
completely commercial and about "sticking products down out throats".

We decided to do instead of complain, and here we are.

In previous meetings we had over a hundred arrivals, varying from
soldiers and students, through programmers and government CSO's, all the
way to CEO's and CTO's of different companies, banks and other
institutions. Some have been part of our community since the 70's and
some are just people who are interested in the subject.

Have a good week,

        Gadi Evron.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: