http://www.securitypub.com Reviews of SecurityPapers en-us This paper starts with the premise that passwords are bad. The author explains why they are bad, including a description on password cracking. Next, he mentions ways to mitigate this through password complexity and policy. The paper is arranged into the sections below, each contains a short description. 1) Introduction 2) Cracking passwords 3) Active attacks 4) Passive attacks 5) Protect your password 6) IDS/IPS 7) Encryption 8) Authentication systems 9) Biometrics 10) One Time Passwords (OTP) 11) USB Tokens 12) The future 13) Notes from the field 14) Summary While the paper covers many topics, biometrics (as a password replacement) is certainly central. The section on biometrics contain the following examples: 1) fingerprints 2) voice, retina/cornea patterns 3) hand vein patterns 4) hand prints 5) face telemetry 6) body heat signature 7) written signature 8) signature dynamics The author concludes by saying, "most of my security conscious clients have made a concerted effort to move away from the use of passwords. Any organization that is serious about securing their IT asset has in the past two years started looking into two factor authentication solutions and has either started implementing two factor authentication and encryption or, has budgeted for these technical controls to be implemented in the next 18 months." http://www.windowsecurity.com/articles/End-Passwords.html This paper from the SANS organization summarizes the top 25 most dangerous programming errors as decided by a consensus of more than 30 information security organizations. The security issues are broken down into 3 categories: Insecure Interaction between Components Risky Resource Management Porous Defenses The purpose of this paper is to highlight the most common and egregious programming issues in an easy to understand format in the hopes that management and high level project managers will incorporate checks against these issues into the software development life cycle. http://www.infosecwriters.com/text_resources/pdf/FWilliams_25ErrorList.pdf This paper reviews the most common tools that are used by hackers to include techniques and how to prevent these types of attacks. A grief history of hacking starting in the 1960s is also covered. The following tools are covered in a high level overview: Port Scanners Vulnerability Scanners Packet Sniffers Rootkits Password Crackers Other concepts that are reviewed include: SQL Injection and Web Security Buffer Overflows The author goes on to outline how to best protect networks from these issues. Social engineering is also covered as a technique for gaining access to data sets. There is a section on works cited that gives a good amount of links to the topics that are covered. This is a pretty good overview for someone that is just starting out in the security field. The links to works cited are valuable as well. http://www.infosecwriters.com/text_resources/pdf/ASigmon_Hacker_Tools.pdf In this paper the author outlines all the steps necessary to exploit a vulnerability in an Activex control DLL from detecting the point of buffer overflow in the application to writing an exploit. The tools to write this vulnerability are: COMRaider (A fuzzer) A Debugging Tool (to find the actual location of the overflow) VC++ IDE (to create the exploit code) The steps that are used can be automated with many tools, to include MetaSploit but this paper will give a better understanding of the mechanics behind the automation. http://www.infosecwriters.com/text_resources/pdf/RJohndas_Buffer_Overflow_SEH_Handler.pdf This paper reviews the need for computer forensics. The paper covers a wide range of security breeches where data forensics is needed such as: Data Loss Data Theft Unauthorized Access The paper gives an overview of the forensic process as well as the goals of a forensic investigation. This paper gives a pretty good high level overview of the process without being too technical. The legality of these investigations are touched on as well. http://www.infosecwriters.com/text_resources/pdf/JCoward_Forensics.pdf