Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 13:16:50 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1006740229&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Fpapers%2Fevaluation%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1006740229.1338211010.1338211010.1338211010.1%3B%2B__utmz%3D32867617.1338211010.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/107759/AccuvantBrowserSecCompar_FINAL.pdf http://packetstormsecurity.org/files/107759/AccuvantBrowserSecCompar_FINAL.pdf http://packetstormsecurity.org/files/107759/Browser-Security-Comparison-A-Quantitative-Approach.html Sat, 10 Dec 2011 22:44:52 GMT Whitepaper called Browser Security Comparison: A Quantitative Approach. The Accuvant LABS research team completed an extensive security evaluation of the three most widely used browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer – to determine which browser best secures against attackers. The team used a completely different and more extensive methodology than previous, similar studies. They compared browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques. http://packetstormsecurity.org/files/67488/An-approach-to-malware-collection-log-visualization.pdf http://packetstormsecurity.org/files/67488/An-approach-to-malware-collection-log-visualization.pdf http://packetstormsecurity.org/files/67488/An-approach-to-malware-collection-log-visualization.pdf.html Thu, 19 Jun 2008 19:16:18 GMT A whitepaper called An Approach To Malware Collection Log Visualization. http://packetstormsecurity.org/files/58174/Security_Testing_Enterprise_Messaging_Systems.pdf http://packetstormsecurity.org/files/58174/Security_Testing_Enterprise_Messaging_Systems.pdf http://packetstormsecurity.org/files/58174/Security_Testing_Enterprise_Messaging_Systems.pdf.html Tue, 31 Jul 2007 05:41:33 GMT This paper discusses potential security weaknesses that may be present in messaging systems either as a result of software flaws, application design or the misconfigurations of services. It focuses on TIBCO Rendezvous, as an example of a commonly used enterprise messaging system. Recommendations are then presented which mitigate these security issues. http://packetstormsecurity.org/files/48373/team-evil-incident.pdf http://packetstormsecurity.org/files/48373/team-evil-incident.pdf http://packetstormsecurity.org/files/48373/team-evil-incident.pdf.html Thu, 20 Jul 2006 08:08:20 GMT Analysis whitepaper detailing Cyber-terrorism defacement attacks on pro-Israeli servers by Team Evil. http://packetstormsecurity.org/files/45923/re-20060425-00312.pdf http://packetstormsecurity.org/files/45923/re-20060425-00312.pdf http://packetstormsecurity.org/files/45923/re-20060425-00312.pdf.html Sat, 29 Apr 2006 01:39:30 GMT A paper discussing the various vulnerabilities in DNS: "The vulnerabilities described in this advisory affect implementations of the Domain Name System (DNS) protocol. Many vendors include support for this protocol in their products and may be impacted to varying degrees, if at all." http://packetstormsecurity.org/files/43244/wasc-wafec-v1.0.pdf http://packetstormsecurity.org/files/43244/wasc-wafec-v1.0.pdf http://packetstormsecurity.org/files/43244/wasc-wafec-v1.0.pdf.html Sat, 21 Jan 2006 23:28:54 GMT The Web Application Firewall Evaluation Criteria project is proud to announce version 1.0 of The Web Application Firewall Evaluation Criteria (WAFEC), its first official release. WAFEC is a result of a collaboration between web application firewall vendors and independent security professionals to create a comprehensive, vendor-neutral, web application firewall evaluation criteria. The resulting framework can be used to evaluate and and compare web application firewalls. http://packetstormsecurity.org/files/41522/d05956.pdf http://packetstormsecurity.org/files/41522/d05956.pdf http://packetstormsecurity.org/files/41522/d05956.pdf.html Tue, 15 Nov 2005 06:10:17 GMT GAO Report - Federal Efforts to Improve Security and Reliability of Electronic Voting Systems Are Under Way, but Key Activities Need to Be Completed. http://packetstormsecurity.org/files/35358/Barracuda_Evil.txt http://packetstormsecurity.org/files/35358/Barracuda_Evil.txt http://packetstormsecurity.org/files/35358/Barracuda_Evil.txt.html Thu, 30 Dec 2004 08:16:38 GMT Short white paper discussing some questionable circumstances surrounding the Barracuda Spam Firewall appliances. http://packetstormsecurity.org/files/32201/CyberAngel.zip http://packetstormsecurity.org/files/32201/CyberAngel.zip http://packetstormsecurity.org/files/32201/CyberAngel.zip.html Sat, 15 Nov 2003 18:23:41 GMT A paper released by Relevant Technologies discussing the commercial CyberAngel product that provides laptop recovery and file encryption all-in-one. http://packetstormsecurity.org/files/31316/CombatingSPAM.doc http://packetstormsecurity.org/files/31316/CombatingSPAM.doc http://packetstormsecurity.org/files/31316/CombatingSPAM.doc.html Sun, 06 Jul 2003 20:45:38 GMT A paper released by Relevant Technologies discussing ways and means to combat Spam using various filters available. http://packetstormsecurity.org/files/24198/nid_3pe_v101.pdf http://packetstormsecurity.org/files/24198/nid_3pe_v101.pdf http://packetstormsecurity.org/files/24198/nid_3pe_v101.pdf.html Fri, 02 Feb 2001 02:45:23 GMT Network Intrusion Detection of Third Party Effects v1.0.1 - This paper describes "third party effects," generally caused by adversaries spoofing your IP addresses while attacking an unrelated victim. The events are explained from the points of view of the three parties: the first party (the adversary), the second (the victim), and you, the third party (the bystander whose IPs were spoofed.) The paper includes packet captures, diagrams, and material not originally presented in the author's "Interpreting Network Traffic," such as a comparison of SYN vs ACK floods. http://packetstormsecurity.org/files/22910/cable.html http://packetstormsecurity.org/files/22910/cable.html http://packetstormsecurity.org/files/22910/cable.html.html Wed, 30 Aug 2000 23:08:41 GMT This paper is the culmination of research that describes the DOCSIS standard and related information for the purpose of explaining exactly how cable networks (@home, RoadRunner, Mediaone) are implemented from the service provider to the home. This includes details on the cryptography used, the frequencies data is transmitted on, and hardware explanations. A recommended read for anyone interested in cable-modem networks. http://packetstormsecurity.org/files/16103/ctcpec1.ps http://packetstormsecurity.org/files/16103/ctcpec1.ps http://packetstormsecurity.org/files/16103/ctcpec1.ps.html Fri, 01 Oct 1999 21:22:48 GMT Canadian Trusted Computer Product Evaluation Criteria, Part 1: The Canadian "Orange Book." http://packetstormsecurity.org/files/16104/ctcpec2.ps http://packetstormsecurity.org/files/16104/ctcpec2.ps http://packetstormsecurity.org/files/16104/ctcpec2.ps.html Fri, 01 Oct 1999 21:22:48 GMT Canadian Trusted Computer Product Evaluation Criteria, Part 2: The Canadian "Orange Book." http://packetstormsecurity.org/files/16105/exeguide.txt http://packetstormsecurity.org/files/16105/exeguide.txt http://packetstormsecurity.org/files/16105/exeguide.txt.html Fri, 01 Oct 1999 21:22:48 GMT Executive Guide to the Protection of Information Resources: A US National Institute of Standards and Technology publication. http://packetstormsecurity.org/files/16106/fcvol1.ps http://packetstormsecurity.org/files/16106/fcvol1.ps http://packetstormsecurity.org/files/16106/fcvol1.ps.html Fri, 01 Oct 1999 21:22:48 GMT Federal Criteria for Information Technology Security, Volume 1: The new "Orange Book" http://packetstormsecurity.org/files/16107/fcvol2.ps http://packetstormsecurity.org/files/16107/fcvol2.ps http://packetstormsecurity.org/files/16107/fcvol2.ps.html Fri, 01 Oct 1999 21:22:48 GMT Federal Criteria for Information Technology Security, Volume 2: The new "Orange Book" http://packetstormsecurity.org/files/16108/greenbk.txt http://packetstormsecurity.org/files/16108/greenbk.txt http://packetstormsecurity.org/files/16108/greenbk.txt.html Fri, 01 Oct 1999 21:22:48 GMT Green Book on the Security of Information Systems: A document that sets out the development of a consistent approach to Information Security in Europe, taking into account common interests with other countries. http://packetstormsecurity.org/files/16109/horses.ps http://packetstormsecurity.org/files/16109/horses.ps http://packetstormsecurity.org/files/16109/horses.ps.html Fri, 01 Oct 1999 21:22:48 GMT Horses and Barn Doors: Evolution of Corporate Guidelines for Internet Usage: A description of how Intel Corp's Internet usage policies were developed. http://packetstormsecurity.org/files/16110/internet.txt http://packetstormsecurity.org/files/16110/internet.txt http://packetstormsecurity.org/files/16110/internet.txt.html Fri, 01 Oct 1999 21:22:48 GMT Guidelines for the Secure Operation of the Internet - RFC 1281: Provides a set of guidelines to aid in the secure operation of the Internet. http://packetstormsecurity.org/files/16111/itsec.txt http://packetstormsecurity.org/files/16111/itsec.txt http://packetstormsecurity.org/files/16111/itsec.txt.html Fri, 01 Oct 1999 21:22:48 GMT Information Technology Security Evaluation Criteria: The European "Orange Book". http://packetstormsecurity.org/files/16112/mgtguide.txt http://packetstormsecurity.org/files/16112/mgtguide.txt http://packetstormsecurity.org/files/16112/mgtguide.txt.html Fri, 01 Oct 1999 21:22:48 GMT Management Guide to the Protection of Information Resources: A US National Institute of Standards and Technology publication. http://packetstormsecurity.org/files/16113/psfos.ps http://packetstormsecurity.org/files/16113/psfos.ps http://packetstormsecurity.org/files/16113/psfos.ps.html Fri, 01 Oct 1999 21:22:48 GMT Protection and Security Issues for Future Systems: An examination of the problems of protection and security as applied to future computer systems. http://packetstormsecurity.org/files/16114/tcsec.txt http://packetstormsecurity.org/files/16114/tcsec.txt http://packetstormsecurity.org/files/16114/tcsec.txt.html Fri, 01 Oct 1999 21:22:48 GMT Department of Defense Trusted Computer System Evaluation Criteria: The "Orange Book".