Outline for December 8, 2005

  1. Penetration studies
    1. How they are done
    2. Flaw Hypothesis Methodology
    3. Example: Burroughs system and tape drives
    4. Example: social engineering
  2. Intrusion detection
    1. Anomaly, misuse, and specification-based detection
    2. Host, network intrusion detection
    3. Example of a combined system: DIDS
  3. Review

Puzzle of the Day

An attacker has changed the home page of the New York Times. The new version indicates disgust with one of the Times' reporters. Throughout this puzzle, assume that no other damage was done.

  1. If their intent was to show that the New York Times needed better security on their web page, was this an appropriate technique? Why or why not?
  2. The attackers feel that the reporter wronged one of their friends. The Times ignored their letters and protests. So they decided on a more noticeable protest. Was this an appropriate form of protest? Why or why not?

Here is a PDF version of this document.