Cryptosmith

Over the years, Fred Cohen has probably written more about information security on a broader range of subjects than any 3 other experts. He’s posted a lot of it on his “all.net” web site, which he’s had since about the dawn of the World Wide Web. What the site lacks in pizazz it makes up for in content.

The only problem is that he doesn’t put much attention into navigation. It takes patience to poke around and find what you want. I know he’s had some classic papers on his virus work on-line, but I couldn’t find them easily. That led me to create the following collection of links.

• Fred’s home page
  • He’s been offering consulting services almost forever. One hardly hears from him any more, so I assume he’s too busy consulting to waste time with papers and conference talks.
• Introduction to viruses from the 80s
  • This is a version of paper he presented 2 or 3 times in the late 1980s. It’s sort of a subset of material appearing in his book  A Short Course on Computer Viruses.
• Encyclopedia entry on viruses from 1990
  • Actually, this is an important citation. It’s the only place I’ve seen him specifically refer to the ‘covert channel’ experiments he performed with viruses on multilevel systems. Ross Anderson refers to this work in his impressive Security Engineering book, but doesn’t cite this.
  • Cohen, Fred (1990). “Computer Viruses” in Computer Security Encyclopedia.
  • Unfortunately I haven’t been able to track down the original published source, “Computer Security Encyclopedia” (1990). It is so thoroughly out of print that not even Amazon lists it, and it doesn’t even show up on ABE Books.
• Peter Gutmann’s paper on hard drive wiping – a mirror
• Textbook outline for Intro information security
• Page of Technical Safeguards

Posted under History of Technology & Security & Tech Teaching | No Comments »

This item is Copyright by Rick Smith of Cryptosmith LLC.

It is licensed for use by others under the
Creative Commons Attribution 3.0 United States License.

Posted under Uncategorized | Comments Off

This is a draft privacy policy.

The Cryptosmith web site focuses on providing information to its visitors. In all cases, however, we collect some information. This privacy policy describes what we collect, how we use it, and how users may modify the information they provide.

• How we treat site visitors (people who don’t log in)
• How we treat site users (people who register with the site or use OpenID to log in)
• How we use the information we collect
• How users can change their information
• Who to contact for more information

Site Visitors

If you just visit the site, we collect the following information:

• Numerical Internet Protocol (IP) address
• Domain name associated with that address
• Operating system and browser information, if provided by your browser.

When you visit this site, we try to store one or more cookies in your web browser. These are small files that let us keep track of your visits.

Site Users

If you register with the site and create a login and password, we collect the following information:

• The user name and password you select. The WordPress blog software hashes (encrypts) the password to prevent us from seeing what password you select.
• A personal name to apply to your comments and postings.
• An e-mail address.

If you log in to the site using OpenID, we try to collect the following information:

• The OpenID identifier you use to log in.
• A personal name to apply to your comments and postings.
• An e-mail address.

Whenever you log in to the site (as opposed to simply visiting it), we store a cookie in your browser so that you don’t have to log in repeatedly.

How We Use Information We Collect

Here is how we use the information:

• We use the IP address, domain name, and browser cookies to identify and track individual visitors. We then use this information to help us improve the site’s contents.
• We also use information about a visitor’s operating system and/or browser to keep statistics on visitors. This helps us ensure that we remain compatible with our visitors’ systems.
• We use a registered user’s name, ID, and/or e-mail address to identify legitimate blog participants. We reserve the right to delete a registered user without notice and at our discretion if we suspect the user’s intent to be spam or disruption.
• At present we make no particular use of e-mail addresses, though we reserve the right to use them in the future to occasionally contact registered users.
• At present we only use the registered user IDs and passwords to authenticate legitimate blog users. However, we reserve the right to use this information for statistical studies of user password selection. If we do so, we will not publish specific information about individual password choices and will keep such information confidential.

How Users Can Change Their Information

If you are a registered user, or if you log in using OpenID, you may examine and modify your site profile. When you first log in, the site displays the Dashboard, which displays a dark gray heading: the WordPress “W” logo appears on the left, followed by “Cryptosmith.” On the right hand side, the Dashboard displays the text “Howdy,” followed by your name. If you click on your name, you may edit your profile.

You may also edit your profile by clicking on the “Profile” link in the navigation bar on the leftmost column of the Dashboard.

For More Information

If you have questions about this privacy policy, or anything else on this site, contact Rick Smith, the site’s owner. Click here for Rick Smith’s contact information.

Posted under Security | No Comments »