July 19, 2005By: John Richard Moser
I just had some time to think, and I’ve come across something that
bothers me a lot. I’ve been attempting to write a small reference that
pools together all of the knowledge I’ve accumulated about security
enhancements that can be minimally invasive and cooperate properly in a
desktop environment, to design a system secure enough [...]
Posted in WhitePapers 
No Comments »
July 19, 2005Contracted Employee
Today, many positions within a company are outsourced to contractors or consultants. These people have a different relationship with the company from its employees and therefore need different controls.
Definitions of appropriate behavior and the scope of their duties should be made contractually. Contractors are not bound by employee policies and procedures. The contract with [...]
Posted in WhitePapers 1 Comment »
July 19, 2005Who Hackers Are
The popular image of a hacker is reflective of the movie WarGames: a young boy sitting in front of his TRS-80®, illuminated only by the glow of the screen. His computer has dialed every number in a phone exchange during the day while he was at school, and now he is exploring the [...]
Posted in WhitePapers No Comments »
July 19, 2005Historic Perspective
There have been hackers for as long as there have been computer systems. Early on, hackers were students wanting access to more computer resources than they were allocated. So they would find ways to get those unauthorized resources. They might “find” another account to use to run programs or store file, or they might [...]
Posted in WhitePapers No Comments »
July 19, 2005Part I: Understanding Hackers
It is important to understand your adversary. With understanding comes the ability to anticipate behavior and motivation, which is required to be able effectively detour attacks. People who compromise information systems cover a broad range of people with diverse motives and varied skill levels. To understand the hacker who is likely to [...]
Posted in WhitePapers No Comments »
July 17, 2005If none of the registers points to a location that we can safely overwrite, we just assign a constant pointer value to (say) eax using these instructions:
6A 00:push 0 58 :pop eax
(to assign “0� to eax), then we “add� and “sub� as described below, until eax points to a location in memory that we can [...]
Posted in WhitePapers No Comments »
Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers, Recent readers,