TISC INSIGHT ARCHIVES
Below are links to past issues of the TISC Insight Newsletter. The newsletter is in hiatus currently. If you wish to contribute an article, contact me.
Volume 5Issue 8, September 14, 2003
Web Application and LDAP Injection: Sacha Faust, SPI Dynamics
Issue 7, August 31, 2003
Event Correlation in Security:Anton Chuvakin, Ph.D., GCIA, GCIH
Issue 6, July 21, 2003
Testing Firewalls and IDS with Ftester:Andrea Barisani, University of Trieste
Issue 5, May 23, 2003
The Web: Threat or Menace?:Bill Cheswick, Steve Bellovin, and Avi Rubin
Issue 4, April 30, 2003
Affordable Web Server Vulnerability Scanning:David M. Piscitello, Core Competence
Issue 3, March 24, 2003
Session Fixation Vulnerability:Mitja Kolsek, ACROS Security
Issue 2, February 3, 2003
The Diet Peon's Guide To Secure System Development:Michael Bacarella, Netgraft Corporation
Issue 1, January 15, 2003
Security Parameters for Site-to-Site VPNs:David M. Piscitello, Core Competence
Volume 4
Issue 18, December 13, 2002
Cross Platform Security Analysis:Anton Chuvakin, Ph.D., GCIA
Issue 17, November 25, 2002
The Nefarious "Any":Fred Avolio, Avoilo Consulting, Inc.
Issue 16, October 25, 2002
The Myth Of Hiding SSIDs:Robert Moskowitz, ICSAlabs
Issue 15, October 11, 2002
Securing Storage Area Networks:Bill Van Emburg, Quadrix Solutions
Issue 14, September 24, 2002
Federal Cybersecurity: Get a Backbone:Marcus J. Ranum
Issue 13, August 23, 2002
Beyond TISC 2003, Secure Email Poll:David Piscitello, Core Competence
Issue 12, August 2, 2002
The Challenge of Non-Viral Malware:Pete Cafarchio, PestPatrol
Issue 11, July 19, 2002
The Five Fundamentals of Security:Bill Van Emburg, Quadrix Solutions
Issue 10, July 2, 2002
Stopping WiFi Intruders:Lisa Phifer, Core Competence
Issue 9, June 24, 2002
Real-time Application Protection: The Need for Speed:Abhishek Chauhan, Stratum8
Issue 8, May 10, 2002
The State of Systems Security:Ron DuFresne
Issue 7, April 26, 2002
Server- versus Client-based Protection?:David Piscitello, Core Competence
Issue 6, April 12, 2002
Basic IP Router Security:Fred Avolio, Avolio Consulting
Issue 5, March 15, 2002
Post 911 Questions to ask your MSP:David Piscitello and Lisa Phifer, Core Competence
Issue 4, March 1, 2002
Controlling WLAN Access with 802.1x:Lisa Phifer, Core Competence
Issue 3, February 15, 2002
Legal Liability and DDoS Attacks:Jeffrey H. Matsuura, Alliance Law Group
Issue 2, February 1, 2002
MaraDNS: Working Towards a More Secure DNS:Sam Trenholme
Issue 1, January 21, 2002
Egress Filtering:Mark T. Edmead, MTE Software
Volume 3
Issue 24, December 28, 2001
Quality of Service for Denial of Service Attack Prevention:Steve Kohalmi, Randy Charland, Quarry Technologies
Issue 23, December 17, 2001
Exploiting and Protecting Oracle:Pete Finnigan, PenTest Limited
Issue 22, December 7, 2001
Pushing IPsec Through NAT:Lisa Phifer, Core Competence
Issue 21, November 9, 2001
Managing Electronic Records and Evidence:Jeffrey H. Matsuura, Alliance Law Group
Issue 20, October 26, 2001
How to Spot Source Address Spoofing:Rik Farrow, Internet Security Consultant
Issue 19, October 12, 2001
Are You Prepared In The Event Of A Disaster?:Mark T. Edmead, MTE Software
Issue 18, September 28, 2001
Introduction to LDAP Security:Sacha Faust
Issue 17, September 14, 2001
Air Travel Security:David M. Piscitello, Core Competence
Issue 16, August 24, 2001
External Operating System Commands: Backdoor or feature? Hacking with SAP R/3:Stefan Hoelzner, KPMG Germany
Issue 15, August 10, 2001
The Network Processor: Enabler of Wirespeed Gigabit Security :Dave Buchanan, ServGate Technologies
Issue 14, July 27, 2001
Securing the Apache Web Server:Rik Farrow
Issue 13, July 13, 2001
Primer on Predictive Analysis:J.L. Stutzman, US Navy
Issue 12, June 15, 2001
Your First Penetration Test:David M. Piscitello, Core Competence
Issue 11, June 1, 2001
False Security:Terry L. Davis, P.E.
Issue 10, May 18, 2001
Triangulation in Attack Analysis (Part II):J.L. Stutzman, US Navy, and D. Lemmon, US Air Force Information Warfare Center
Issue 9, May 4, 2001
Explaining the Gap between Specification and Actual Performance for IPsec VPN Systems:Ray Savarda and Matt Karash, NetOctave, Inc.
Issue 8, Apr 20, 2001
Social Engineering: The Threat and The Solution:Chris Tobkin, InterSec Communications, Inc.
Issue 7, Apr 6, 2001
Secure Remote Access with IPsec:Lisa Phifer and David Piscitello, Core Competence, Inc.
Issue 6, Mar 23, 2001
Triangulation in Attack Analysis (Part I):J.L. Stutzman, US Navy
Issue 5, Mar 9, 2001
Cryptographic Protection for the Twenty-First Century:Elaine Barker, NIST
Issue 4, Feb 23, 2001
Host Detection: Generating Arbitrary Responses to Identify Inter-networked Nodes:dethy, Synnergy Networks
Issue 3, Feb 9, 2001
Vulnerability Reporting: Bugs in the bug reporting process:Ivan Arce, Founder, CORE-SDI
Issue 2, Jan 26, 2001
Honeypots: Sweet Idea, Sticky Business:David M. Piscitello, Core Competence
Issue 1, Jan 12, 2001
Intrusion Prevention: The Ultimate Security?:Mandy Andress, ArcSec Technologies
Volume 2
Issue 24, Dec 29, 2000
Dr. Bill's Year 2001 Security Resolutions:Dr. Bill Hancock, CISSP, Exodus Communications, Inc.
Issue 22, Dec 1, 2000
Automated NT Vulnerability Testing:David M. Piscitello, President, Core Competence
Issue 21, Nov 17, 2000
5 Common Windows Trojans: How to Find and Remove Them:Todd H. Eastman, Information Security Consultant
Issue 20, Nov 3, 2000
Biometrics Update: Ready for Primetime?:Pete Lindstrom, Senior Analyst, Hurwitz Group
Issue 19, Oct 20, 2000
PC Disk Encryption: A Lesson Learned and Recommendations:Fred Avolio, Independent Security Consultant
Issue 18, Sep 22, 2000
Personal Firewalls:Mandy Andress, President, ArcSec Technologies
Issue 17, Sep 8, 2000
Windows 2000 Vulnerabilities:Phil Cox, Consultant, System Experts
Issue 16, Aug 25, 2000
Sabotage-Proof Routing:Radia Perlman, Distinguished Engineer, Sun Microsystems
Issue 15, Aug 11, 2000
Covering your Assets:Sharon Polsky, President, Project Scope Solutions Group
Issue 14, Jul 28, 2000
What To Look For In A Managed Security Provider:Lisa Phifer, Vice President, Core Competence, Inc.
Issue 12, Jun 30, 2000
Distributed, Host-Resident Firewalls:Avi Fogel, Network-1 Security Solutions
Issue 11, Jun 16, 2000
Content Inspection Policies: Seek Consistency Across All Media:David M. Piscitello, President, Core Competence
Issue 10, Jun 2, 2000
Securing E-commerce: The Risk Management Solution:Chris Klaus, CTO, ISS
Issue 10, Jun 2, 2000
Feature column: The Year of PKI-Are We There Yet?:Mike Rothman, Executive Vice President, SHYM Technology
Issue 9, May 19, 2000
Ten Things To Ask Your ASP:Diana Kelley, Director of Professional Services, LockStar, Inc.
Ian Poynter, President, Jerboa, Inc.
Issue 8, Apr 21, 2000
Hacking in the Information Age:Saumil Udayan Shah, CISSP, Foundstone
Issue 7, Apr 7, 2000
Internet Forensics: Common Tools:Dr. Bill Hancock, CISSP, Exodus Communications, Inc.
Issue 6, Mar 24, 2000
Securing the Virtual World:Todd Glassey, Certified Time
Issue 6, Mar 24, 2000
Distributed Denial of Service Attacks:Rik Farrow
Issue 5, Mar 10, 2000
Securing the Border Gateway Protocol:Stephen Kent, Chief Scientist- Information Security, BBN Technologies, part of GTE
Issue 4, Feb 25, 2000
Windows 2000: An Early Security Perspective:James Michael Stewart, MCSE, LANWrights, Inc.
Ed Tittel, LANWrights, Inc.
Issue 4, Feb 25, 2000
From the Editor: How Search Engines Can Be Used To Locate Millions Of Vulnerable Web Sites
Issue 3, Feb 11, 2000
Yahoo! - Why denial of service (DOS) attacks work:Kurt Seifried, Security Analyst
Issue 3, Feb 11, 2000
From the Editor: Expert Reactions to the DDOS attacks
Issue 2, Jan 28, 2000
Czarist Policies to Improve Security in the New Millennium:Dave Piscitello, President, Core Competence, Inc.
Issue 2, Jan 28, 2000
Making the Whole More Than the Sum of its Parts:Char Sample, Senior Systems Engineer, L-3 Network Security
Ian Poynter, President, Jerboa, Inc.
Issue 1, Jan 14, 2000
Secure Internet Access For Road Warriors:Lisa Phifer, Vice President, Core Competence, Inc.
Volume 1
Issue 3, Dec 31, 1999
Hacking and the Millennium: A Rhyming Discourse:Dr. Bill Hancock, CISSP, Network-1 Security Solutions, Inc.
Issue 2, Dec 17, 1999
Biometrics: Threat or Menace?:Stephen Kent, Chief Scientist- Information Security, BBN Technologies, part of GTE
Issue 1, Dec 3, 1999
What I Worry About:Marcus J. Ranum, CEO, Network Flight Recorder, Inc.