CASE STUDY: LEGIT_00004

ForAllSecure

Our defenses are usually pretty good against type 1 vulnerabilities (except in the rare cases when we have to fallback to less secure patches due to performance overhead or functionality failures). LEGIT_00004 was a challenge from Defcon CTF that implemented a file system in memory.

IT 52

Case Study: LEGIT_00004

ForAllSecure

LEGIT_00004 was a challenge from Defcon CTF that implemented a file system in memory. The intended bug was a tricky memory leak that the challenge author didn't expect Mayhem to get. However, Mayhem found an unintended null-byte overwrite bug that it leveraged to gain arbitrary code execution. We heard that other teams noticed this bug, but thought it would too hard to deal with. Mayhem 1 - Humans 0.

IT 40

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

A Case Study - Db2 for z/OS High-Performance DBATs

Robert's Db2

Over the years, I have posted several entries to this blog that have covered various aspects of Db2 for z/OS high-performance DBATs (examples are entries posted in 2016 and 2013 ). That implementation effort has involved a good bit of back-and-forth communication between myself and the Db2 administrator, and I saw that it makes for a good case study that touches on many of the issues associated with high-performance DBAT set-up, monitoring and usage.

Today We are Launching a new Series of Information Governance Case Studies

IGI

We are pleased to bring the IGI community another series of case studies about how professionals like you are tackling IG. In 2016, we worked with IG Charter Supporter, OpenText, to create the first series of Snapshots, which is now among our most widely-read publications. IG Snapshots are compact case studies drawn from IGI’s interviews and discussions with our community of IG practitioners.

FTC Releases Summary of Workshop on Privacy Disclosures

Hunton Privacy

On November 30, 2016, the FTC released a staff summary (the “Summary”) of a public workshop called Putting Disclosures to the Test. The workshop, which was held on September 15, 2016, examined ways of testing and evaluating company disclosures regarding advertising claims and privacy practices. The workshop covered disclosure effectiveness, case studies and future approaches, and applications to disclosure design.

Preservica, IRMS and ARA digital preservation training a great success!

Preservica

The Preservica team will be hosting a Case Study Café session on Tuesday 17 th May @ 2pm , ‘ Will Your Vital Long-Term Electronic Records Still Be Readable In 10 Years?’ , and will be on hand at booth #2 to answer your digital preservation questions. Over the course of 2015/16 the Preservica team has been pairing up with the Information and Records Management Society (IRMS) and ARA (UK) to deliver a series of practical workshops and webinars on digital preservation.

The dangers of short-term thinking on digital information

Preservica

It’s for this reason that the webinar (and the IGI benchmark research) included case studies of organizations (such as HSBC, the Associated Press and the Texas State Archives) that have already taken action to protect valuable long-term digital records. We recently hosted a webinar with the Information Governance Initiative (IGI), to explore the risks to digital content and the dangers of short-term thinking when it comes to governing this type of information.

THE MOTIVATION AND DESIGN BEHIND AUTOGENERATED CHALLENGES

ForAllSecure

CASE STUDY: VARIABLE LENGTH BUFFERS AND CANARIES. In this case, we are leveraging the implicit fields of our deployment to include the location of the local binary on our challenge server. The picoCTF framework goes above and beyond to provide some generic challenge templates , in our case CompiledBinary , to promote code reuse. In the case of Pwn1 , we include a random 4 digit canary string and a random buffer length between 32 and 64.

Archiving the Web @EBRPL: Creating and following a web collecting policy in a public library

Archive-It

During the summer of 2016, Baton Rouge witnessed the shooting of Alton Sterling , the mass shooting of Baton Rouge law enforcement , and the Great Flood of 2016. Amateur drone footage collected for the South Louisiana Flood of 2016 Collection.

From local to global, NYARC’s networks bring art history to the web archive

Archive-It

In this case, why are three heads better than one? NYARC’s Archive-It collections are devoted to our institutional websites, NYARC’s own website and project sites, art-rich websites of significance to the study of art and art history, artists’ websites, auction house sites and their embedded catalogs, catalogue raisonnés, sites of NYC galleries and art dealers, and sites dedicated to restitution efforts and provenance of artworks that may be lost, stolen, or looted.

Google's Data on Login Thefts

Schneier on Security

This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. From March 2016 to March 2017, we analyzed several black markets to see how hijackers steal passwords and other sensitive data. [.].

Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials

Elie

In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. Over the course of March, 2016–March, 2017, we identify 788,000 potential victims of off-theshelf keyloggers; 12.4 Drawing upon Google as a case study, we find 7–25% of exposed passwords match a victim’s Google account.

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

“In a case study on its website, Trend Micro lists Mitsubishi Electric as one of the companies that run the OfficeScan suite.” Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric.

A straightforward and pragmatic guide to leadership, management and teamwork

CILIP

This book translates theories in teamwork, management and leadership into practical guidance backed up with examples and case studies from current library and information workers globally. The book covers management and leadership ideas, tools and techniques, and examples and case studies are provided from a wide range of libraries and information services in the UK and across the world.? A straightforward and pragmatic guide to leadership, management and teamwork.

Poster boy for Information Governance

InfoGovNuggets

Years ago, while teaching a course to MBA students at Rice University, I used the Target credit card breach as a case study. Certainly an argument for an Information Governance case study of just the Clinton email investigation and its aftermath. It touched a lot of bases. Now we have a better one.

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

According to a recent Ponemon Institute study , some 59% of companies experienced a third-party data breach in 2018, yet only 16% believe they are effectively mitigating third-party risk. Members gain access to third-party IT security risk management best practices via case studies, surveys, whitepapers, webinars, meetings and conferences. Last year’s study, which looked at 2017 data, showed steady, incremental year-over-year gains, painting an overall encouraging picture.

Risk 120

4 ways ISO 27001 can enhance your business

IT Governance

In the UK, the number of organisations certified to the Standard increased by 20% in 2016 , bringing the total to more than 33,000. You’ll learn how to implement ISO 27001 in nine steps and have the opportunity to get involved in group discussions, practical exercises and case studies. If your organisation is concerned about information security, it should have an ISO 27001 -compliant information security management system (ISMS) in place.

Sales 41

Resourceful Records Managers! Courtney Bailey, Chair, SAA Records Management Section 2019-2020

The Schedule

Whenever I had the opportunity to focus my own research, I tried to focus on a topic that would fill in a gap for me, and in this case, I looked into records management in the business arena. When I attended the SAA annual meeting in 2016, I learned about the work Mike Strom had done in Wyoming, so I later followed up with him to discover more information about their development and implementation processes.

Holocaust Memorial Day: learning from the past for a better future

CILIP

In 2016, a study into the impact of HMD carried out by Sheffield Hallam University found that 70 per cent of respondents who had taken part in an HMD activity became more aware of the causes and conditions that can lead to genocide. Here are a few ideas for how your library can get involved: Explore ideas, case studies and resources using our dedicated resource ?Get Holocaust Memorial Day: learning from the past for a better future.

Archive-It Partner News, November 2017

Archive-It

Results and observations from the three previous surveys ( 2011 , 2013 , 2016 ) are available. To explore a rich case study in collecting and parsing out this information, see the new blog post by partners at the U.S. by the Archive-It team. Community News. The Community Webs cohort of public librarians kicking off their program at the Internet Archive on November 3. Community Webs kicks off in San Francisco.