Stop Fixing All The Things – Our BSidesLV Talk | The Risk I/O Blog
http://blog.risk.io/2013/08/stop-fixing-all-the-things-bsideslv/ Recent parer shows that it make sense to focus only on vulns that have ready exploits in metasploit and exploitdb
Infosec
Stop Fixing All The Things – Our BSidesLV Talk | The Risk I/O Blog
http://blog.risk.io/2013/08/stop-fixing-all-the-things-bsideslv/ Recent parer shows that it make sense to focus only on vulns that have ready exploits in metasploit and exploitdb
The Legitimate Vulnerability Market - Inside the Secretive World of 0-day Exploit Sales [.pdf]
http://weis2007.econinfosec.org/papers/29.pdf Old (2007 ) paper by Charlie Miller about trading of 0-day exploits
The Legitimate Vulnerability Market - Inside the Secretive World of 0-day Exploit Sales [.pdf]
http://weis2007.econinfosec.org/papers/29.pdf Old (2007 ) paper by Charlie Miller about trading of 0-day exploits
[wikileaks ]PRISM - DHS PRISM 2004 - Requirements for Installation (original doc)
http://www.wikileaks-forum.com/index.php/topic,19310.0.html original PRISM docs from wikileaks
[wikileaks ]PRISM - DHS PRISM 2004 - Requirements for Installation (original doc)
http://www.wikileaks-forum.com/index.php/topic,19310.0.html original PRISM docs from wikileaks
Language-theoretic Security
http://www.cs.dartmouth.edu/~sergey/langsec/ The Language-theoretic approach (LANGSEC) regards the Internet insecurity epidemic as a consequence of ad hoc programming of input handling at all layers of network stacks, and in other kinds of software stacks. LANGSEC posits that the only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language, and the respective input-handling routines as a recognizer for that language. The recognition must be feasible, and the recognizer must match the language in required computation power. ...
Language-theoretic Security
http://www.cs.dartmouth.edu/~sergey/langsec/ The Language-theoretic approach (LANGSEC) regards the Internet insecurity epidemic as a consequence of ad hoc programming of input handling at all layers of network stacks, and in other kinds of software stacks. LANGSEC posits that the only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language, and the respective input-handling routines as a recognizer for that language. The recognition must be feasible, and the recognizer must match the language in required computation power. ...
Folk Models of Home Computer Security [.pdf]
http://prisms.cs.umass.edu/cs660sp11/papers/rwash-homesec-soups10-final.pdf paper that describes folk mental models on computer security: about “viruses” and “hackers”. interesting read
Folk Models of Home Computer Security [.pdf]
http://prisms.cs.umass.edu/cs660sp11/papers/rwash-homesec-soups10-final.pdf paper that describes folk mental models on computer security: about “viruses” and “hackers”. interesting read