Spring 2004

Clay Shields

front | classes | research | personal | contact

Information Assurance

Schedule of Presentation

Date	Presenter 1	Topic	Presenter 2	Topic
March 29	Brent Putman	Format String Vulnerability in Apache auth_ldap module	Will Licamele	Heap-based buffer overflow: REALPLAYER
April 3	Rich Frankel	Insufficient Javascript filtering in Hotmail	Jerome Butcher Green	Topic
April 5	Matthew Steckman	Problems with Randomness	Logan Kendall	GNU Mailman Message Denial o f Service Vulnerability
April 10	Chris Belanger	Ultr@ VNC Buffer overflow	Heath Walden	Flaw in the implementation of the Georgetown University Online Directory
April 12	Ketan Bhalla	Topic	Dan Kahan	Google XSS Injection Vulnerability
April 19	Clare Schramm	Vulnerability on a Temporary Folder Creation in Avast	Daryeneh Badaly	Microsoft DNS Resolver
April 24	Ian Block	Microsoft's Silent Patches	Kevin Cherepski	Topic
April 26	Milen Dinkov	Mozilla Vulnerabilities	Robert Browning	Topic

IA Class Presentation Guidelines

Over the course of the semester, we will be reading material from the bugtraq and RISKS mailing lists. The purpose of this is for you to be aware of and understand the current state of information assurance and to gain an understanding of common vulnerabilites.

To this end, each student will choose a date to present a topic of their choice from a recent Bugtraq item. You may also choose an item out of RISKS or other media if it strikes you as interesting and relevant, but you need to get permission from me ahead of time. Please feel free to talk to me ahead of time if you have questions or concerns about presenting.

For the presentation, I will expect you to spend about 3-4 minutes on:

What the problem is
What could have prevented it
What can be done to work around it
What can be done to prevent it from occurring in the future

Note that this is very general, applies more to bugtraq entries than RISKS entries, and that you should feel free to change or expand it as necessary for the topic you choose.

For RISKS or other media entries, assuming you have permission to present those, you might choose to do something like:

What the issue is
Whether or not it is even an issue
What the possible problems and benefits are
What we can learn from seeing the problem

IA Class Web Entry

After you have completed your presentation, you will complete a short web page about the material in your presentation and send it to me so I can put it up for everyone in the class to see and review. This is due within five days of your presentation.

Please use this blank page as a basis for consistency. Look at the HTML for some comments as to what to do. Please send your submission via e-mail, with the topic as the subject line.