Can someone recommend people who would do a great job on
monitoring any one or more of the following areas as a (paid) security
Cryptography and cryptography standardization
Denial of Service attacks
Web Server security
We are looking for people who notice the important developments and
don't get caught up in trivia.
The successful candidates will provide initial submissions for the
editors (Matt Bishop, Michele Crabb, Gene Schultz, Marcus Ranum,
and Rob Kolstad) of the new network security digest that is distributed
to people who have attended SANS and Network Security Conferences. The
hard part of the job is writing briefly. Each monthly issue takes less
than 3 minutes to read.
Here is the table of contents of the January 97 issue. Each item includes
the problem and the solution (if one has been found).
1. SGI's Factory Installed OutofBox software and systour demos
pose security risk.
2. The hoax that won't go away. Tell your users where to find the
latest information about hoaxes.
3. Yet another security hole in BSD based lpr (including Linux,
AIX, FreeBSD). Local users can exploit this to get root access.
4. 65 FAQS on World-Wide-Web Security Issues. Example: What CGI
scripts are known to contain security holes?
5. Graphical Tools to evaluate security log files
6. HP security risk: Remote Watch.
7. System crashing? Large ping data packets can crash or freeze
8. The Microsoft Word Virus: The macro virus spreads and can infect
Thanks in advance for your suggestions.
BTW: If you are attending SANS this year, try to catch the Security
War Games course that Matt Bishop and Alex Yuriev are creating.
They will be simulating a series of intrusions and how to defend against