Share this

Thursday, July 22, 2010

Hot per suite - Racing

Your appointment information is very important, so please save the information by either printing this page or writing it down. Additionally, you will receive an e-mail within 15-minutes containing your appointment confirmation details.
The Prometric web site, www.prometric.com, is available 24 hours a day, seven days a week for you to reschedule, cancel or confirm your appointment. Additionally, if you have questions, comments or suggestions for Prometric, please visit www.prometric.com, choose your testing program, and then choose the appropriate link from the "Questions?" section.
Thank you,

Sunday, July 27, 2008

A Buffer Overflow Study Attacks and Defenses


Synopsis

Will the Code You Write Today Headline Tomorrow’s BugTraq Mail List?
·Includes Numbered-by-Line Exploit Code Examples That Illustrate the Differences Between Stack Overflows, Heap Corruption, and Format String Bugs
·Provides Case Studies for Most Major Platforms and Environments, Including Windows, FreeBSD, FrontPage, and Linux,
·Avoid Worm or Custom Exploits by Analyzing Your Source Code to Detect Buffer Overflow Vulnerabilities
Forensic investigations of notorious Internet attacks, such as the SQL Slammer and Blaster Worms, reveal buffer overflows to be the sophisticated hacker’s "vulnerability of choice". These worms crippled the Internet and cost billions of dollars to clean up. Now, even more powerful and insidious threats have appeared in the form of "custom exploits". These one-time only exploits are custom crafted to attack your enterprise, making them even more difficult to detect and defend. No catchy names, no media coverage; just your own personal disaster.

James C. Foster’s Buffer Overflow Attacks clearly demonstrates that the only way to defend against the endless variety of buffer overflow attacks is to implement a comprehensive design, coding and test plan for all of your applications. From Dave Aitel’s Foreword through the last appendix, this is the only book dedicated exclusively to detecting, exploiting, and preventing buffer overflow attacks.

Annotation

The SANS Institute maintains a list of the "Top 10 Software Vulnerabilities." At the current time, over half of these vulnerabilities are exploitable by Buffer Overflow attacks, making this class of attack one of the most common and most dangerous weapon used by malicious attackers. This is the first book specifically aimed at detecting, exploiting, and preventing the most common and dangerous attacks.
Buffer overflows make up one of the largest collections of vulnerabilities in existence; And a large percentage of possible remote exploits are of the overflow variety. Almost all of the most devastating computer attacks to hit the Internet in recent years including SQL Slammer, Blaster, and I Love You attacks. If executed properly, an overflow vulnerability will allow an attacker to run arbitrary code on the victim's machine with the equivalent rights of whichever process was overflowed. This is often used to provide a remote shell onto the victim machine, which can be used for further exploitation.
A buffer overflow is an unexpected behavior that exists in certain programming languages. This book provides specific, real code examples on exploiting buffer overflow attacks from a hacker's perspective and defending against these attacks for the software developer.Over half of the "SANS TOP 10 Software Vulnerabilities" are related to buffer overflows. None of the current-best selling software security books focus exclusively on buffer overflows. This book provides specific, real code examples on exploiting buffer overflow attacks from a hacker's perspective and defending against these attacks for the software developer

More Reviews and Recommendations Biography
James C. Foster, Fellow is the Deputy Director of Global Security Solution Development for Computer Sciences Corporation where he is responsible for the vision and development of physical, personnel, and data security solutions. Prior to CSC, Foster was the Director of Research and Development for Foundstone Inc. (acquired by McAfee) and was responsible for all aspects of product, consulting, and corporate R&D initiatives. Prior to joining Foundstone, Foster was an Executive Advisor and Research Scientist with Guardent Inc. (acquired by Verisign) and an adjunct author at Information Security Magazine(acquired by TechTarget), subsequent to working as Security Research Specialist for the Department of Defense. With his core competencies residing in high-tech remote management, international expansion, application security, protocol analysis, and search algorithm technology, Foster has conducted numerous code reviews for commercial OS components, Win32 application assessments, and reviews on commercial-grade cryptography implementations.
Foster is a seasoned speaker and has presented throughout North America at conferences, technology forums, security summits, and research symposiums with highlights at the Microsoft Security Summit, Black Hat USA, Black Hat Windows, MIT Wireless Research Forum, SANS, MilCon, TechGov, InfoSec World 2001, and the Thomson Security Conference. He also is commonly asked to comment on pertinent security issues and has been sited in USAToday, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist. Foster holds an A.S., B.S., MBA and numerous technology and management certifications and has attended or conducted research at the Yale School of Business, Harvard University, the University of Maryland, and is currently a Fellow at University of Pennsylvania’s Wharton School of Business.
Foster is also a well published author with multiple commercial and educational papers; and has authored, contributed, or edited for major publications to include Snort 2.1 Intrusion Detection (Syngress Publishing, ISBN: 1-931836-04-3), Hacking Exposed, Fourth Edition, Anti-Hacker Toolkit, Second Edition, Advanced Intrusion Detection, Hacking the Code: ASP.NET Web Application Security (Syngress, ISBN: 1-932266-65-8), Anti-Spam Toolkit, and the forthcoming Google Hacking for Penetration Techniques (Syngress, ISBN: 1-931836-36-1) .
Vitaly Osipov (CISSP, CISA) is currently managing intrusion detection systems for a Big 5 global investment bank from Sydney, Australia. He previously worked as a security specialist for several European companies in Dublin, Prague and Moscow. Vitaly has co-authored books on firewalls, IDS and security, including Special Ops: Host and Network Security for Microsoft, UNIX and Oracle (ISBN 1-931836-69-8) and Snort 2.0: Intrusion Detection (ISBN 1-931836-74-4). Vitaly’s background includes a long history of designing and implementing information security systems for financial, ISPs, telecoms and consultancies. He is currently studying for his second postgraduate degree in mathematics. He would like to thank his colleagues at work for the wonderful bunch of geeks they are.


Download

APress - The Definitive Guide to MySQL

AIX Reference for Sun Solaris Administrators


AIX Reference for Sun Solaris Administrators:

In today's heterogeneous computer environments, especially in UNIX servers and workstations, it is essential that the system administrator have basic knowledge of different operating systems. This redbook is written for Sun Solaris administrators who wants to transfer their knowledge of Solaris UNIX skills to the AIX 5L operating system. This redbook will basically compare system administration tasks in Solaris 8 to AIX 5L Version 5.1. But it is not the intention of this redbook to decide which operating system is the better of the two. This redbook shows the reader similarities and differences between each operating system. This redbook will also introduce Solaris administrators to IBM pSeries hardware. It is assumed that the reader of this redbook already has Solaris 8 system administration skills, and are familiar with Sun hardware. In the first section on each chapter, we will briefly mention how the Solaris tasks are carried out. It is not the intention of this redbook to describe in detail how systems administrator tasks are performed in Sun Solaris. In the last section of each chapter, we will provide a quick reference that will be handy to use. This redbook will demonstrate some ways to complete each administrative task, but not all ways to do it, because there are many different ways to do the same task in Solaris and AIX 5L operating systems. For example, in the AIX 5L operating system, system administrators can do many of the same tasks using three different ways: Web-based System Manager, SMIT, or commands on the command line. This redbook is a valuable tool for system administrators and other technical support personnel who deal with AIX 5L and Solaris operating systems.

Download

Oracle OCP Admin Exam

This course advances your success as an Oracle professional in the area of database administration. In this class, you'll learn how to configure an Oracle database for multilingual applications. You will practice various methods of recovering the database using RMAN and Flashback technology. Database performance monitoring tools will be covered, in addition to the steps to take to resolve common problems and improve performance. You will also learn how to administer a database efficiently by using database technologies such as the Resource Manager, the Scheduler, Automatic Storage Management (ASM), and VLDB features. You will set up a secure database using Virtual Private Database, and learn how to efficiently move data from database to database. The lesson topics are reinforced with structured hands-on practices and a workshop. This course is designed to prepare you for the corresponding Oracle Certified Professional exam.

This course counts towards the Hands-on course requirement for the Oracle Database 10g Administrator Certification. Only instructor-led inclass or instructor-led online formats of this course will meet the Certification Hands-on Requirement. Self Study CD-Rom and Knowledge Center courses are excellent study and reference tools but DO NOT meet the Hands-on Requirement for certification.

Download

100 LINUX TIPS AND TRICKS.

RHCE Syngress RedHat Certified Engineer Study Guide


Contents:

RHCE Prerequisites
Hardware and Installation
The Boot Process
Linux Filesystem Administration
Package Management
User Administration
System Administration Tools
Kernel Services and Configuration
Apache and Squid
Network File-Sharing Services
Domain Name Service
Electronic Mail
Other Networking Services
The X Window System
Securing Services
Troubleshooting
Appendix A: Sample Exam 1
Appendix B: Sample Exam 2

Download