Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Cuốn sách này là dành riêng cho những người mà tin vào lỗ hổng đủ để cung cấp cho một số cuộc sống của họ đối với cuốn sách này là một thực tế: Kevin Reynolds, William Spencer, Andrew Green, Brian Martin, Scott Chasin, và Elias Levy Và tôi cũng muốn để dành điều này cha mẹ của tôi, Tiến sĩ Douglas Knight and Rose Marie Knight, cho tôi sự tự do ngay cả ở một độ tuổi rất trẻ để giữ một tâm trí cởi mở và khuyến khích tôi theo đuổi quyền lợi của tôi, tin tưởng rằng. | Computer Vulnerabilities Written by Eric Knight C.I.S.S.P. Last Revision March 9 2000 Original Publication March 6 2000 DRAFT Security Paradigm This publication is Copyright 2000 by Eric Knight All Rights Reserved Any feedback can be sent to knight@securityparadigm.com Dedication This book is dedicated to the people that believed in vulnerabilities enough to give some of their life toward making this book a reality Kevin Reynolds William Spencer Andrew Green Brian Martin Scott Chasin and Elias Levy And also I wish to dedicate this to my parents Dr. Douglas Knight and Rose Marie Knight for giving me the freedom even at a very young age to keep an open mind and encourage me to pursue my interests believing that I would not let them down. Without each of these people all of whom have inspired me directed me aided me and informed me it is doubtful that this book would have ever been written. Table of Contents INTRODUCTION.6 ANATOMY OF A VULNERABILITY.7 VULNERABILITY Attributes.8 Fault.9 Severity.9 Authentication.10 Tactic.10 Consequence.11 AttribuTes and Vulnerabilities.11 LOGIC ERRORS.12 Operating System Vulnerabilities.12 Application Specific Vulnerabilities.13 network protocol design.13 forced trust Violations.14 SOCIAL ENGINEERING.15 Gaining access.15 I forgot my password .15 What is your password .16 Fishing for Information.17 Trashing.17 Janitorial Right. 17 CRIMINAL Sabotage.17 Corporate Sabotage.17 Internal Sabotage.18 Extortion.18 COMPUTER WEAKNESS.19 Security through Obscurity.19 encryption.19 Cryptographic Short Cuts.20 Speed of Computer.20 Lack of a Sufficiently Random Key.20 PasswoRd Security. 20 Secure hashes.20 Aged Software and hardware.21 People.21 POLICY OVERSIGHTS.22 recovery of data.22 recovery of failed hardware.23 investigation of intruders.23 investigation of when the company is accused of intruding on Others.23 Prosecution of intruders.23 Prosecution of criminal Employees.23 Reporting of intruders and criminal Employees to the Proper agencies.23
