Information Security Management
Syllabus and Schedule

Exam/Project Information


Fall 2009

(c) Copyright 2000-2009
The Heinz School, CMU
Link to TALK and RESEARCH PAPER How to use a "non-identifying" biometrics template to build images that can defeat facial recognition algorithms.
Security Attribute Security Attribute Evaluation Method, a means of identifying useful overlapping layers of security controls.

IBM's Description on how it works
Series of patches for the linux kernel
Honeynet Project Collection of observations from the Honeynet Project, talking about the hacker community. This site has a lot of information about encryption from one of its leading (unclassified) practitioners. Their electronic newsletter "Cryptogram" is well worth reading.
Hackers tricks to avoid detection Article on reviewing web logs for hacker tricks.
Dumpster Diving Here is an interesting article on dumpster diving, stressing the need toinclude trash as part of physical security.
Security Focus Security Focus's on-line archive of security papers Suffered a script-kiddie DDOS attack. Here's their pretty detailed statement over what went on.
Hacker Crackdown This is a reasonably thorough discussion of some of the roots of the Internet and of crackers/defenders/civil libertarians on the Net.
European Union Has been struggling with how to balance privacy protection and criminal investigation. Here's one resolution on the subject.
SQL Slammer Read about the MS-SQL Server Worm (being referred to as the SQLSlammer, W32.Slammer, and Sapphire worm) which caused varied levels of network degradation across the Internet during Jan 25-26, 2003 weekend.
Secure Cyberspace Strategy Read about the National Strategy to secure cyberspace.
Warhol Worms Warhol worms - fast attack strategies on the Internet.
Overview of Cryptography Fairly broad-spectrum overview of a lot of crypto topics.
Handbook of Applied Cryptography Downloadable version of good handbook on cryptography (in chapters, Postscript or PDF). $90 in stores, free here. (Note usage restrictions)
Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations Extensive manual on Computer Forensics (more than 250 pages in PDF, obtained by replacing final htm in URL with pdf). Covers US Law, produced by US Dept. of Justice
Day in life of a security bulletin Article by Microsoft on how a vulnerability report becomes a security bulletin.
Accoustical Spying Shoulder surfing by sound.
Security issue of multiple passwords RSA reveals the security weaknesses of having multiple passwords.
MS dropping DES, MD4, MD5, SHA1 Microsoft decides to ban use of digital signature algorithms found to be weak.
Hackers going criminal News story about the shift in hacker culture.
Crazy Email Hoaxes News story about internet hoaxes that many have believed.
Top Nine Cyber Crimes Magazine story about high-profile cybercrimes.