Difference between pages "UPSEC 08" and "Hash (tool)"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (New page: CALL FOR PAPERS Usability, Psychology, and Security 2008 April 14, 2008 San Francisco, CA, USA Sponsored by USENIX, The Advanced Computing Systems Association Co-located with the 5th US...)
 
(needs expanding)
 
Line 1: Line 1:
CALL FOR PAPERS
+
{{Expand}}
 +
{{Infobox_Software |
 +
  name = Hash |
 +
  maintainer = [[The Grugq]] |
 +
  os = {{Linux}} |
 +
  genre =  |
 +
  license =  |
 +
  website = [http://www.tacticalvoip.com/ tacticalvoip.com] |
 +
}}
  
Usability, Psychology, and Security 2008
+
===Background===
April 14, 2008
+
San Francisco, CA, USA
+
  
Sponsored by USENIX, The Advanced Computing Systems Association
+
Hash ('''Ha'''cker '''She'''ll) is a tool to enable people to evade detection while penetrating a system.
  
Co-located with the 5th USENIX Symposium on Networked Systems Design 
+
Hash, originally written in 2003, was re-written in June 2007 and released at the Korean security conference, [http://www.powerofcommunity.net Power of Community] that November.
& Implementation (NSDI '08), which will take place April 16-18, 2008, 
+
and the First USENIX Workshop on Large-Scale Exploits and Emergent 
+
Threats (LEET '08), which will take place April 15, 2008
+
  
IMPORTANT DATES
+
===Features===
Submissions due: January 18, 2008
+
Notification of acceptance: February 28, 2008
+
Final papers due: March 18, 2008
+
  
WORKSHOP ORGANIZERS
+
'''Hacking utilities'''
 +
* Inline file transfer
 +
* qondom - remote diskless execution
  
Program Chairs
+
'''Builtins'''
Elizabeth Churchill, Yahoo! Research
+
* Triggers
Rachna Dhamija, Harvard University
+
* Aliasing
 +
* Basic file system and shell escape commands
  
Program Committee
+
===External Links===
Steven M. Bellovin, Columbia University
+
* [http://powerofcommunity.net/poc2007/grugq.pdf PoC presentation: ''Hacking Sucks!'']
Dan Boneh, Stanford University
+
* [http://www.tacticalvoip.com/tools.html hash-0.2.5.tar.gz]
Coye Cheshire, University of California, Berkeley
+
Julie Downs, Carnegie Mellon University
+
Stuart Schechter, Microsoft Research
+
Sean Smith, Dartmouth University
+
J.D. Tygar, University of California, Berkeley
+
Paul Van Oorschot, Carleton University
+
  
OVERVIEW
+
[[Category:Anti-Forensic Tools]]
Information security involves both technology and people. To design 
+
[[Category:Anti-forensics tools]]
and deploy secure systems, we require an understanding of how users 
+
of those systems perceive, understand, and act on security risks and 
+
threats.
+
 
+
This one-day workshop will bring together an interdisciplinary group 
+
of researchers, systems designers, and developers to discuss how the 
+
fields of human computer interaction, applied psychology, and 
+
computer security can be brought together to inform innovations in 
+
secure systems design. We seek to deepen the conversation about 
+
usable security to go beyond the user interface, toward developing 
+
useful and usable systems of humans and technology.
+
 
+
TOPICS
+
Topics include but are not limited to:
+
 
+
- Error detection and recovery
+
- Human perception and cognitive information processing
+
- Identity and impression management
+
- Individual and cultural differences
+
- Information seeking and evaluation
+
- Judgment and decision-making
+
- Learning, training, and experience
+
- Mental models
+
- Models of privacy, sharing, and trust
+
- Organizational, group, and individual behavior
+
- Risk perception, risk analysis, and risk communication
+
- Security behavior study methodology
+
- Social engineering
+
- Social influence and persuasion
+
- System proposals and design approaches
+
- Threat evaluation
+
- Usability
+
- User motivation and incentives for secure behavior
+
 
+
The study of human attention, learning, reasoning, and behavior 
+
addresses issues of central relevance to computer security. For example:
+
 
+
- Security weaknesses often arise from biases in human perception and 
+
cognitive information processing. For example, phishing attacks use 
+
confusing perceptual cues and fear to trick users into revealing 
+
sensitive information.
+
 
+
- Assessing, creating, and managing secure systems requires ongoing 
+
information seeking and information evaluation, as new threats emerge 
+
constantly. However, understanding complex and dynamic systems is 
+
time-consuming and error-prone, and users have little motivation to 
+
spend the time and effort that is required.
+
 
+
- The perception of risk can influence users' willingness to employ 
+
security mechanisms or engage in risky behavior. However, risk 
+
perception and decision-making are often based on limited domain 
+
knowledge and are subject to bias; we underestimate some risks and 
+
exaggerate others.
+
 
+
- People's level of confidence in their risk assessments can be 
+
perceptually and socially manipulated, independent of actual risks. 
+
Attackers (and system designers) often create the perception of 
+
security, even when none exists.
+
 
+
- Human reasoning follows certain patterns, which are subject to 
+
change with experience. Through training and education, we can help 
+
users to learn methods and procedures and develop mental models of 
+
how security systems work.
+
 
+
- People learn through interaction with others. Models of social 
+
influence suggest that information garnered from a trusted source can 
+
affect people's behavior or attitudes, but the level of trust 
+
conferred on others is dependent on situational factors. 
+
Organizational factors and group behavior can also have a large 
+
effect on individual behavior.
+
 
+
- Approaches to risk assessment, identity and impression management, 
+
and trust vary from one individual to another and also vary by culture.
+
 
+
SUBMISSIONS
+
Usability, Psychology, and Security 2008 invites insightful new 
+
contributions that apply aspects of human/computer interaction and 
+
applied psychology to solving problems in computer security. We 
+
invite submissions in two categories.
+
 
+
1. Short papers: We encourage short papers that describe innovative 
+
work in progress or position papers that map out directions for 
+
future research or design. Short papers should be no longer than five 
+
(5) pages.
+
 
+
2. Full papers: Full papers may describe systems, case studies, 
+
fieldwork descriptions, experimental studies, and design frameworks. 
+
Full papers must be no longer than ten (10) single-spaced 8.5" x 11" 
+
pages, including figures, tables, and references.
+
 
+
All submissions should offer new contributions that have not been 
+
published elsewhere. Author names and affiliations should appear on 
+
the title page. Submissions must be in PDF and must be submitted via 
+
the form on the Usability, Psychology, and Security 2008 Call for 
+
Papers Web site:
+
 
+
http://www.usenix.org/upsec08/cfp
+
 
+
Papers accompanied by nondisclosure agreement forms will not be 
+
considered. All submissions will be treated as confidential prior to 
+
publication in the Proceedings.
+
 
+
Simultaneous submission of the same work to multiple venues, 
+
submission of previously published work, and plagiarism constitute 
+
dishonesty or fraud. USENIX, like other scientific and technical 
+
conferences and journals, prohibits these practices and may, on the 
+
recommendation of a program chair, take action against authors who 
+
have committed them. In some cases, program committees may share 
+
information about submitted papers with other conference chairs and 
+
journal editors to ensure the integrity of papers under 
+
consideration. If a violation of these principles is found, sanctions 
+
may include, but are not limited to, barring the authors from 
+
submitting to or participating in USENIX conferences for a set 
+
period, contacting the authors' institutions, and publicizing the 
+
details of the case.
+
 
+
Note, however, that we expect that many papers accepted for the 
+
workshop will eventually be extended as full papers suitable for 
+
presentation at future conferences.
+
 
+
Authors uncertain whether their submission meets USENIX's guidelines 
+
should contact the Program Chairs, upsec08chairs@usenix.org, or the 
+
USENIX office, submissionspolicy@usenix.org.
+
 
+
HISTORY
+
This workshop evolved from Usable Security (USEC'07). The USEC'07 
+
program and papers are available on the workshop Web site:
+
 
+
http://www.usablesecurity.org/
+

Revision as of 12:10, 5 July 2008

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Hash
Maintainer: The Grugq
OS: Linux
Genre:
License:
Website: tacticalvoip.com

Background

Hash (Hacker Shell) is a tool to enable people to evade detection while penetrating a system.

Hash, originally written in 2003, was re-written in June 2007 and released at the Korean security conference, Power of Community that November.

Features

Hacking utilities

  • Inline file transfer
  • qondom - remote diskless execution

Builtins

  • Triggers
  • Aliasing
  • Basic file system and shell escape commands

External Links