The Old New at All.Net
  • 2014-12-09 Fearless Security: Standards of Practice in Context - Part 1: Some Examples (small) (med) (big) (1080p) (youtube)
  • 2014-12: Stupid security getting even stupider
  • 2014-11-B: Eat your own dog food
  • 2014-11-03 Fearless Security: Technical Security Architecture - Structure and Colntent (small) (med) (big) (1080p)
  • 2014-11: What's the big deal about big data loss (actually theft)?
  • 2014-10-07 Fearless Security: Technical Security Architecture - Perception and Behavior (small) (med) (big) (1080p)
  • 2014-10: Cyber (whatever that is) insurance yet again?
  • 2014-09-24 Developing a global standard of practice supported by the science of information protection, Keynote Address Beijing, China (Video)
  • 2014-09-25 Beijing, China, Digital diplomatics, consistency analysis, and digital forensics
  • 2014-09-17: SARA and Standards of Practice - The ICS-ISAC SARA Conference
  • 2014-09-08 Fearless Security: Technical Security Architecture - Process and Data State (small) (med) (big) (1080p)
  • 2014-09-02 Webster Lab1 (small) (med) (big) (1080p)
  • 2014-09: 2-factor this into your thinking
  • 2014-08-20 Webster Man in the Middle Lab (small) (med) (big) (1080p)
  • 2014-08-11 Fearless Security: Technical Security Architecture - Lifecycles and Context (Small) (Med) (Large) (1080p)
  • 2014-08-05 Webster Cyber Explorers Overview and Prospectus (small) (med) (big) (1080p)
  • 2014-08-05 Time and Space Interval Record Schedule Consistency Analysis for Atomic Items without Interactions in Open Spaces with Stationary Locations
  • 2014-08-03 Webster CyberLab Access (small) (med) (big)
  • 2014-08-B: A touch of the Ebola
  • 2014-08: Aurora and why it doesn't really matter
  • 2014-07-17 Webster CyberLab Architecture (small) (med) (big)
  • 2014-07-14 Fearless Security - Technical Security Architecture - Inventory, Workflows, and Metadata (small) (med) (big)
  • 2014-07-10 K4 - Decision Making For Investors - ProSeeder (small) (med) (big)
  • 2014-07: Encrypt it all!!!
  • 2014-06-16 Fearless Security - Technical Security Architecture Overview (small) (med) (big)
  • 2014-06-11 K4 - Decision Making For Investors (small) (med) (big)
  • 2014-06: Is it secure?
  • 2014-05-12 Fearless Security - Control Architecture (small) (med) (big)
  • 2014-05: May Day - attack mechanisms revisited - were you surprised by the NSA's activities?
  • 2014-04-17 The Webster CyberLab DDoS demonstration (small) (med) (big)
  • 2014-04-14 Governance (small) (med) (big)
  • 2014-04: The RSA: Science Fiction and Humor
  • 2014-03-10 Risk Management - there are some subtleties (small) (med) (big)
  • 2014-03-B: The Snowden virus - disrupting the secret world by exploiting their policies
  • 2014-03: The four tactical situations of cyber conflict
  • 2014-02-10 Risk Management Concepts (small) (med) (big)
  • 2014-02: Countering hardware storage device Trojans
  • 2014-01-29: Decider update now available
  • 2014-01-B: After the Red Team
  • 2014-01-23 Decider Introduction (small) (med) (big)
  • 2014-01-20 Fearless Security - Duty to Protect (small) (med) (big)
  • 2014-01: Why we need better reporters to solve our security problems
  • 2013-12-16 Fearless Security - Understanding your business (small) (med) (big)
  • 2013-12: Return of the telnet return
  • 2013-11-14 Digital diplomatics and forensics - Going forward on a global basis - Paris, Digital Diplomatics
  • 2013-11-B: Transparency - a different protection objective
  • 2013-11-11 Fearless Security - The Basics (small) (med) (big)
  • 2013-11-11 Fearless Security - The Basics (slides)
  • 2013-11: Demystifying control architecture
  • 2013-10-B: The "big deal" approach to risk management
  • 2013-10: Trust and worthiness
  • 2013-09-11 50 CyberSecurity Myths and What To Do About Them - DARPA CyberSecurity Forum
  • 2013-09: The surveillance society: pros, cons, alternatives, and my view
  • 2013-08: 50 Ways to respond to "Computer Repair..."
  • 2013-08: Three words you should never use in security and risk management
  • 2013-07-B: How to justify (security) metrics and what to measure
  • 2013-07: Mobility and industrial control systems
  • 2013-06: Courses (audio with slides) at all.net
  • 2013-06: 6 more books now available in digital form for free
  • 2013-06: Separation of Duties and RFPs
  • 2013-05-22 Building a new scientific theory and practice of digital forensics - 1st International Summit of Digital Forensics Keynote Address
  • 2013-05-B:The harder problems
  • 2013-05: Write lock the past, access control the present, anticipate the future
  • 2013-04-B: Actionable metrics (Guest Editor)
  • 2013-04: Managing Oops
  • 2013-03-C: Limiting Insider Effects Through Micro-Zoning
  • 2013-03-B: Welcome to the Information Age - a 1-page primer
  • 2013-03: Security Heroes
  • 2013-02-B: Stupid Security Winner for 2012
  • 2013-02-11 The need for science and engineering disciplines to move the information protection field forward - CMU CyLab Invited Speaker
  • Card Trick (YouTube)
  • Coin Trick (YouTube)
  • 2000- Sandia National Laboratories talk on influence strategies (YouTube)
  • 1988 Cincinnati, OH Presentation on Computer Viruses (YouTube)
  • 1988-02-26 IBM Presentation on Computer Viruses (YouTube)
  • 1988-07-20 IBM Presentation on Computer Viruses (YouTube)
  • 2013-02 Thinking more clearly
  • 2013-01 Raising all boats - by improving the average
  • 2012-12-07 A note on recovery of data from overwritten areas of magnetic media
  • 2012-12 Enterprise Security Architecture Options and Basis
  • 2012-12 Industrial Control System Security Decisions and Architecture Update
  • When someone says they were "screwed" ...
  • 2012-12 Ten Bad Assumptions
  • 2012-11-15 Distributed Denial of Services - San Francisco Electronic Crimes Task Force
  • 2012-11 The Design Basis Threat
  • 2012-10-17 Separation Technology Options - Separation Management Decisions - Industrial Control Systems Joint Working Group
  • 2012-10 Industrial Control System Security Decisions and Architecture
  • 2012-10 Changing the leverage
  • 2012-09-21 The Future of Digital Forensics - 1st Chinese Conf. on Digital Forensics - As Published
  • 2012-09-21 The Future of Digital Forensics - 1st Chinese Conf. on Digital Forensics - Paper
  • 2012-09-21 The Future of Digital Forensics - 1st Chinese Conf. on Digital Forensics - Talk
  • 2012-09 Eventually, you are going to make a mistake
  • 2012-08 As the consequences rise, where is the risk management?
  • 2012-07 Changes at All.Net
  • 2012-07-01B The Facebook debacle and what it says about the other providers
  • 2012-06-05 Open CyberWar - Early Release
  • 2012-06-01 Question everything
  • 2012-05-30 Update on the State of the Science of Digital Evidence Examination
  • 2012-05-25 Forensic Methods for Detecting Insider Turning Behaviors - IEEE WRIT (paper)
  • 2012-05-25 Forensic Methods for Detecting Insider Turning Behaviors - IEEE WRIT (slides)
  • 2012-05-01 The threat reduction approach - Point - Counterpoint
  • 2012-04-01 The insider turned bad
  • 2012-04-01 Digital Forensic Evidence Examination - 4th Edition released
  • 2012-03 The Physics of Digital Information (part 2) (JDFSL)
  • 2012-03-01 Three emerging technologies
  • 2012-02-01 Ethics in security research
  • 2012-01-31: Influence Operations
  • 2012-01-24 Detection of Insider Turning Behaviors with Forensic Methods - DoD CyberCrime
  • 2012-01-01 The security squeeze
  • 2011-12-01 Can we attribute authorship or human characteristics by automated inspection?
  • 2011-11-03 Saving SMBs from data leakage
  • 2011-11-01 Webification and Authentication Insanity
  • 2011-10-26 Using architectural analysis tools for better protection decisions
  • Dr. Cohen's dissertation - "Computer Viruses " (1985)
  • 2011-10-15 Security Metrics (circa 2005) for the enterprise protection model
  • 2011-09 The Physics of Digital Information (part 1) (JDFSL)
  • 2011-10-01 Consistency Under Deception Implies Integrity - ICSJWG version
  • 2011-10-01 Security vs. Convenience - The Cloud - Mobile Devices - and Synchronization
  • 2011-09-29 Security Reference Architecture Frameworks - WebEx feed
  • 2011-09-29 Security Reference Architecture Frameworks - An Approach for the Energy Sector
  • 2011-09-22 ICS Security Architecture - Where Worlds Collide - SecureWorld
  • 2011-09-11 CIP version of "Progress and evolution of critical infrastructure protection over the last 10 years?"
  • 2011-09-01 Consistency under deception implies integrity
  • 2011-08-01 Progress and evolution of critical infrastructure protection over the last 10 years?
  • 2011-07 How Do We Measure Security?
  • 2011-07 Putting the Science in Digital Forensics (JDFSL)
  • 2011-07-01 The structure of risk and reward
  • 2011-06-28 Securing the Mobile Enterprise - Mobile Computing Summit 2011 - Security Workshop
  • 2011-06-15 Keynote on the Science of Security - Bogota
  • 2011-06-14 Challenges to Digital ForensicEvidence - Short Course - Bogota
  • June 1, 2011 Security Metrics - A Matter of Type
  • May 25, 2011 IEEE Oakland Conference: The need for and progress in science for information protection and digital forensics
  • May 1, 2011 The "R" word
  • April 12, 2011 - Dr. Cohen's Commencement Address at the University of Pretoria
  • April 12, 2011 - Fred Cohen receives an honorary doctorate in Computer Science
  • April 11, 2011 - Dr. Cohen's Guest Lecture at the University of Pretoria
  • April 1, 2011 - Change your passwords how often?
  • March 1, 2011 - Any is not All
  • February 16, 2011 Fred Cohen named "Fellow of (ISC)2" at RSA ceremony
  • February 14, 2011 MiniMetriCon: How to Tell When an Insider is About to Go Bad
  • February 14, 2011 MiniMetriCon: Metrics for Digital Forensics
  • February 1, 2011 - Why are we so concerned about governments getting our data?
  • January 30, 2011 - IFIP Paper: The State of the Science of Digital Evidence Examination
  • January 30, 2011 - IFIP Slides: The State of the Science of Digital Evidence Examination
  • January 22, 2011 - Dr. Cohen on aljazeera discussing cyberwarfare (YouTube)
  • January 15, 2011 - The Bottom Ten List - Information Security Worst Practices - Getting Even Worse
  • January 1, 2011 - Risk aggregation - again and again and again...
  • December 27, 2010 - All.Net has moved to the cloud!!!
  • December 11, 2010 - Book code cryptography may be nearly dead
  • December 1, 2010 - Changes to the Federal Rules of Evidence - Rule 26
  • November 2, 2010 - The physics of digital information and its application to digital forensics
  • November 1, 2010 - Keynote - Where do enterprise protection and digital forensics converge? AND Where do they diverge?
  • November 1, 2010 - How do we measure "security"?
  • October 1, 2010 - Moving target defenses with and without cover deception
  • September 14, 2010 - NeFX Workshop - Digital Forensic Evidence Examination - The State of the Science - and Where to Go From Here
  • September 1, 2010 - User Platform Selection Revisited
  • August 19, 2010 - Recent and Hoped for Advances in Digital Forensics (NPS guest lecture)
  • August 11, 2010 - Power Grid Protection (Keynote address at Smart Grid Meeting)
  • August 1, 2010 - The DMCA Still Restricts Forensics
  • July 3, 2010 - Updated Decider look and feel
  • July 1, 2010 - Mediated Investigative Electronic Discovery
  • June 1, 2010 - The difference between responsibility and control
  • May 21, 2010 - A Method for Forensic Analysis of Control
  • May 20, 2010 - Forensic Fonts Paper published in SADFE
  • May 20, 2010 - Forensic Fonts Slides presented at SADFE
  • May 1, 2010 - The Virtualization Solution
  • April 1, 2010 - Attacks on information systems - a bedtime story
  • March 1, 2010 - The attacker only has to be right once - another information protection fallacy
  • February 18, 2010 - Another ridiculous cyber warfare game to scare deciders into action
  • February 2, 2010 - Risk Management: There Are No Black Swans
  • February 1, 2010 - Developing the science of information protection
  • January 30, 2010 - The Science of Digital Forensic Evidence Examination (the paper)
  • January 7, 2010 - Attribution of Messages to Sources in Digital Forensics
  • January 4, 2010 - The Science of Digital Forensic Evidence Examination
  • January 1, 2010 - The Bottom Ten List - Information Security Worst Practices
  • December 22, 2009 - COFEE and the state of digital forensics (Christmas special!!!)
  • December 3, 2009 - Dr. Cohen named a "Security Hero" by PC Pro
  • December 1, 2009 - Using the right words
  • November 13, 2009 - Dr. Cohen became a "Digital Forensics Certified Practitioner"
  • November 3, 2009 - Forensic Fonts
  • November 1, 2009 - Passwords again - why we can't leave well enough alone
  • October 1, 2009 - Partitioning and virtualization - a strategic approach
  • September 1, 2009 - Forensics: The limits of my tools, my techniques, and myself
  • August 1, 2009 - Virtualization and the cloud - Risks and Rewards
  • July 1, 2009 - The speed of light, it's easy to forge, email is always fast, and more
  • June 1, 2009 - Security Decisions: Deception - When and where to use it
  • May 1, 2009 - Culture clash: Cloud computing and digital forensics
  • May 1, 2009 - Protection testing: What protection testing should we do?
  • April 8, 2009 - Proposed Cyber-Security Law: What's the problem?

    On April 2, 2009 ABC News identified Dr. Cohen as the most famous hacker of all time. But by grouping him with convicted computer criminals, they did a real disservice to the public. While Dr. Cohen has successfully innovated over the course of his 30+ year career in information protection, has identified and demonstrated many novel methods of attack and defense, and has done successful penetration tests for government and private concerns many times, he has never been arrested for any crime, he has long held US government security clearances, and he is one of the most trusted individuals in the information protection field in the world today.

  • April 1, 2009 - Risk management: There are no black swans
  • March 1, 2009 - How spam vigilantes are wrecking email and encourage violations of law
  • February 14, 2009 - Digital forensics must come of age
  • February 1, 2009 - A structure for addressing digital forensics
  • January 25, 2009 - Digital Forensic Evidence clickable diagram
  • January 25, 2009 - Run decider from your browser
  • January 1, 2009 - Change management: How should I handle it?
  • December 15, 2008 - Short Note: Twittering Away Your Privacy
  • December 1, 2008 - Digital Forensic Evidence: A Wave Starting to Break
  • November 1, 2008 - Security Decision: Zoning your network
  • October 1, 2008 - Social tension and separation of duties
  • September 1, 2008 - Default deny is best practice? Not anymore!
  • August 1, 2008 - Control Architecture: Access Controls
  • July 1, 2008 - Fault modeling, the scientific method, and thinking out of the box
  • June 1, 2008 - Inventory Revisited - How to reduce security losses by 70%?
  • May 1, 2008 - Control Requirements for Control Systems... Matching Surety to Risk
  • Decision Support Systems for Security - RSA Conference - (2008-04-11)
  • April 7, 2008 - Metrics for Digital Forensics - MiniMetriCon Slides
  • April 4, 2008 - New Book: "Enterprise Information Protection" AVAILABLE SOON
  • April 1, 2008 - The Botnets are coming - The Botnets are coming...
  • March 1, 2008 - New Book: "Challenges to Digital Forensic Evidence" NOW AVAILABLE
  • March 1, 2008 - Enterprise Information Protection - It's About the Business
  • February 28, 2008 - ISOI 1996 DCA presentation used for...
  • Febuary 28, 2008 - ISOI DCA presentation - DCAs then and now
  • January 28, 2008 - Failing Floppy Disk Recovery - IFIP Paper in Kyoto
  • January 21, 2008 - New Book: "Challenges to Digital Forensic Evidence"
  • January 1, 2008 - Get Smart ... Accidental Security
  • January 1, 2008 - Unintended Consequences
  • December 31, 2007 - Why you cannot always trust the WayBack Machine for digital forensic evidence
  • December 1, 2007 - Get Smart ... Security End-of-year
  • December 1, 2007 - Security, justice, and the future
  • November 1, 2007 - Get Smart ... Covert Awareness
  • November 1, 2007 - Security by Psychology
  • October 1, 2007 - Get Smart ... Measuring Compliance
  • October 1, 2007 - Making compliance simple - not
  • September 1, 2007 - Get Smart ... Identity Assurance
  • September 1, 2007 - Identity Assurance and Risk Aggregation
  • August 30, 2007 - Influence updated to new GUI, controls, file formats, etc.
  • August 18, 2007 - Decider libraries updated and controls improved
  • August 10, 2007 - Consulting service offerings updated
  • August 1, 2007 - Get Smart ... Conflicts of Interest
  • August 1, 2007 - The ethical challenge
  • July 1, 2007 - Get Smart ... Making Better Security Decisions
  • July 1, 2007 - Security Decision Support
  • June 10, 2007 - The Decider - Download Now!!!
  • June 1, 2007 - Get Smart ... Which User Platform
  • June 1, 2007 - User Platform Selection
  • June 1, 2007 - Risk Management
  • May 14, 2007 - How to be reasonably secure using mobile off-the-shelf computing
  • May 13, 2007 - Podcast site with a few interesting items
  • May 1, 2007 - Security Ethics and the Professional Societies
  • April 17, 2007 - New Security Metrics software - Download now!!!
  • April 1, 2007 - Industry Analysis Report - The Emerging Risk Management Space
  • April 1, 2007 - Get Smart ... Information Content Inventory
  • March 1, 2007 - Simulator, database, games - again available at all.net
  • March 1, 2007 - Industry Analysis Report - Emerging Market Presence
  • March 1, 2007 - Get Smart ... Sensible Security - You Wouldn't?
  • February 1, 2007 - Industry Analysis Report - Framework and Market Summary
  • February 1, 2007 - Get Smart ... Measuring Security
  • January 15, 2007 - Influence Update - improved reporting and analysis
  • January 1, 2007 - Get Smart ... Closing the Gap
  • December 1, 2006 - Security Decisions 2007 - Download now!!!
  • December 1, 2006 - Get Smart ... The Security Schedule?
  • November 26, 2006 - Simulator, database, games moving to java versions - temporarily available at north.all.net
  • November 22, 2006 - Free online courses on Linux, Linux Firewalls, and Linux Networking
  • November 15, 2006 - Read about Strategic Scenario Adventures
  • November 14, 2006 - Influence updated to include simulation and in-depth advice
  • Join our low-volume announcement list at yahoogroups
  • November 1, 2006 - Get Smart ... The Holidays Bring the Fraudsters
  • October 1, 2006 - Get Smart ... Physical/Logical Convergence?
  • September 24, 2006 - SecurityDecisions - Security decision support tool sampler
  • September 20, 2006 - Gamer - Security awareness and training sampler
  • September 18, 2006 - Maps - software security mapping tool
  • September 10, 2006 - Influence - software tool
  • September 1, 2006 - Get Smart ... How can I Show I am Me in Email?
  • August 1, 2006 - Get Smart ... Service Oriented Architecture Security Elements
  • July 6, 2006 - New SP-800-53 to ISO and Governance Guidebook Map
  • July 1, 2006 - Get Smart ... The Life Expectancy of Defenses
  • June 19, 2006 - Get Smart... Why the CISO should work for the CEO - Three Case Studies
  • June 15, 2006 - Business modeling for risk management - presentation update
  • March 13, 2006 - New Information Warfare Book Released
  • March 1, 2006 - Information Security Awareness Basics Released

    Managing Network Security

    2003

    July, 2003 - Why?
    June, 2003 - Background Checks
    May, 2003 - Operations Security for the Rest of Us
    April, 2003 - Documenting Security
    March, 2003 - Novelty Detection
    February, 2003 - Switching Your Infrastructure
    January, 2003 - Security Programming

    2002

    December, 2002 - Back Up a Minute
    November, 2002 - Breaking In - to test security?
    October, 2002 - Reworking Your Firewalls
    Sepember, 2002 - Deception Rising
    August, 2002 - You're in a Bind!
    July, 2002 - Is Open Source More or Less Secure?
    BOUNS ARTICLE - July, 2002 - Smashed Again by Stupid Security
    June, 2002 - Academia's Vital Role in Information Protection
    May, 2002 - Terrorism and Cyberspace
    April, 2002 - Misimpressions We Need to Extinguish
    March, 2002 - Embedded Security
    February, 2002 - How to Get Around Your ISP
    January, 2002 - The End of the Internet as we Know it

    2001

    December, 2001 - The World Doesn't Want to be Fixed
    November, 2001 - The Deception Defense
    October, 2001 - The DMCA
    September, 2001 Special Issue - The Balancing Act
    September, 2001 - The Best Security Book Ever Written
    August, 2001 - Bootable CDs
    July, 2001 - A Matter of Power
    June, 2001 - The Wireless Revolution
    May, 2001 - The New Cyber Gang - A Real Threat Profile
    April, 2001 - To Prosecute or Not to Prosecute
    March, 2001 - Corporate Security Intelligence
    February, 2001 - Testing Your Security by Breaking In - NOT
    January, 2001 - Marketing Hyperbole at its Finest

    2000

    December, 2000 - The Millennium Article - Yet Again! - The Bots are Coming!!! The Bots are Coming!!!
    November, 2000 - Why Everything Keeps Failing
    October, 2000 - The Threat
    September, 2000 - Chipping
    August, 2000 - Understanding Viruses Bio-logically
    July, 2000 - What does it do behind your back?
    June, 2000 - Why Can't We Do DNS Right?
    May, 2000 - Eliminating IP Address Forgery - 5 Years Old and Going Strong
    April, 2000 - Countering DCAs
    March, 2000 - Collaborative Defense
    February, 2000 - Worker Monitoring
    January, 2000 - Digital Forensics

    1999

    December, 1999 - Why it was done that way
    BONUS ARTICLE - November, 1999 - So Much Evidence... So Little Time
    November, 1999 - The Limits of Cryptography
    October, 1999 - Security Education in the Information Age
    September, 1999 - In Your Face Information Warfare
    August, 1999 - What's Happening Out There
    July, 1999 - Attack and Defense Strategies
    June, 1999 - The Limits of Awareness
    May, 1999 - Watching the World
    April, 1999 - Simulating Network Security
    Bonus Article: Incident at All.Net - 1999 Edition
    March, 1999 - The Millisecond Fantasy
    February, 1999 - Returning Fire
    January, 1999 - Anatomy of a Successful Sophisticated Attack

    1998

    December, 1998 - Balancing Risk
    November, 1998 - The Real Y2K Issue?
    October, 1998 - Time-Based Security?
    September, 1998 - What Should I Report to Whom?
    August, 1998 - Third Anniversary Article - The Seedy Side of Security
    July, 1998 - How Does a Typical IT Audit Work?
    June, 1998 - Technical Protection for the Joint Venture
    May, 1998 - Risk Staging
    April, 1998 - The Unpredictability Defense
    March, 1998 - Red Teaming
    February, 1998 - The Management of Fear
    January, 1998 - Y2K - Alternative Solutions

    1997

    December, 1997 - 50 Ways to Defeat Your Intrusion Detection System
    November, 1997 - To Outsource or Not to Outsource - That is the Question.
    October, 1997 - The Network Security Game
    September, 1997 - Change Your Password - Do Si Do
    August, 1997 - Penetration Testing?
    July, 1997 -
    June, 1997 - Relativistic Risk Analysis
    May, 1997 - Prevent, Detect, and React
    April, 1997 - Would You Like to Play a Game?
    March, 1997 - Risk Management or Risk Analysis?
    February, 1997 - Network Security as a Control Issue
    January, 1997 - Integrity First - Usually

    1996

    December, 1996 - Where Should We Concentrate Protection?
    November, 1996 - How Good Do You Have to Be?
    October, 1996 - Why Bother?

    Internet Holes

    September, 1996 - The SYN Flood
    August, 1996 - Internet Incident Response
    July, 1996 - Internet Lightning Rods
    June, 1996 - UDP Viruses
    May, 1996 - Eliminating IP Address Forgery
    April, 1996 - Spam
    March, 1996 - Bonus: Incident at All.Net
    March, 1996 - The Human Element
    January, 1996 - Automated Attack and Defense

    1995

    December, 1995 - 50 Ways to Attack Your World Wide Web Systems
    November, 1995 - Network News Transfer Protocol
    October, 1995 - The Sendmail Maelstrom
    September, 1995 - Packet Fragmentation Attacks
    August, 1995 - ICMP

    On-Line Strategic Gaming:
    Web-based Strategic Games
    Web-based on-line strategic games are now supported. A default game (One Upsmanship) provides a simple game where you try to think up a better short joke than your competitors. More complex games are available for those wishing to purchase strategic games.

    New Articles:
    Managing Network Security
    December, 1998 - Balancing Risk
    Technical Baselines
    Classification Scheme for Information System Threats, Attacks, and Defenses;A Cause and Effect Model; and Some Analysis Based on That Model.
    Recent Research Results
    A Note on the Role of Deception in Information Protection

    New Features:
    The InfoSec Bookstore
    A listing of hundreds of books on information security with select book reviews and push-button ordering from Amazon.com.
    The Security Educators Mailing List
    Our mission is to provide an open forum for educators in information security to discuss issues related to courses, curriculum, books, and other education-related items.
    DTK Version 0.6
    DTK's newest version includes features like time/use based authentication, remote access to intrusion data, and network infocon support.

    To contact us, send email to fred at all.net