Matt Bishop (MB), Tuomas Aura (TA), Brian Cameron (BC), Todd Herberlein (TH), Keith Herold (KH)
Review of Progress on Projects
Tuomas Aura gives a talk on Historical Flaw in SSH (Unix Version 1.2.17)
Matt summarizes the Incidence Response Meeting
Next Meeting – December 4th
Tuomas Aura to finish Presentation
Matt to talk about PA to find faults/analyze in MULTICS
1) Review of Progress on Projects
a) MB: Vulnerabilities database converted from SGML to HTML. It should be up on the web tonight. Same for RTF and Jade
i) MB: Generate signatures for Windows – SMILE (opens/closes) and NETBUS (can control everything)
ii) TH: Is that the same approach at Back Orfice? MB: Yes
iii) TH: Can I get the code for NETBUS and SMILE? MB: It’s currently on the isolated network (Unix). Get copy of code from Riccardo (Gomez)
iv) TH: Is there a machine where I can bring up source code and leave in the lab for others? MB: Yes, on the isolated network.
v) TH: Is it above SPARK 1?
vi) BC: SPARK 5, 5, 20 on Unix isolated network
KH: I need to get the specs from you on the Cisco router. Meet
with Matt and Brian on Monday at 2:00.
i) MB: Will call Cisco to ask about the recommended routers. We want to start using the router, get used to it and eventually use the router to split the two isolated networks.
2) Tuomas Aura gives a talk on Historical Flaws
in SSH (Unix Version 1.2.17)
a) Slide Titles (see handout)
i) SSH Key Exchange Protocol
ii) SSH Packet Protocol
iii) DNS Attack Remapping “Local Host”
iv) RSAR Hosts Flaw
v) RSAR Hosts Flaw – Trust Model
i) TH: Buffer overflow problem in SSH? MB: No, that’s wrong. The overflow was transmitted through SSH, but not caused by it.
ii) TH: Client authentication done at higher level than SSH? TA: Yes
iii) TH: Phil Rogaway did some work with Kuberos – encrypting with messages but couldn’t prove that it was secure. Now he only does provably secure encryption.
iv) DNS Attack Remapping Local Host
(1) TH: Is Javabug similar? TA: Yes
3) Matt summarizes the Incidence Response Meeting
a) SPAM – campus-wide tracking system
b) Function and purpose of the response group
c) Problems of multiple reports of the same thing
d) Connections between SPAM and security are not obvious.
e) Remedy Database and SPAM
f) 4 working groups:
i) Interface Layout
ii) Guidelines and Procedures
iii) Problem Resolution
4) Next Meeting – December 4th
a) Tuomas Aura to finish Presentation
b) Matt to talk about PA to find faults/analyze in MULTICS