Termin:Chaotic-Congress-Cinema Nr. 10Aus Attraktor Wiki
Chaotic-Congress-Cinema Nr. 10
Wir schauen uns die Aufzeichnung von Congress Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-) Weitere Informationen unter Chaotic Congress Cinema. Rootkits and Trojans on Your SAP LandscapeSAP Security and the Enterprise SAP systems are the heart of many enterprises. Most critical business functions run on SAP Applications and the complexity of these systems makes it very difficult to protect against attackers. Default setups, forgotten/unimplemented security configurations, weak password management and change processes that apply to one ‘unimportant’ system can result in complete compromise of the SAP landscape. The legal consequences, lost/damaged business and reputation can be disastrous depending on the type of the attack. While companies invest a lot to secure SAP systems at business process level for example by designing authorization concepts, implementing separation of duties or by using GRC (Governance Risk and Compliance) tools, the security at technical level mostly lacks attention. In this paper, I present several attack paths exploiting configuration weaknesses at technical level, leading to attack potential to single systems, to whole SAP landscapes, and finally the whole enterprise network. By demonstrating creative exploit variants of configuration weaknesses, I motivate the necessity to safeguard a SAP system at technical level. http://events.ccc.de/congress/2010/Fahrplan/events/4082.en.html
Ignorance and Peace Narratives in CyberspaceCloud Computing, Assessment, and Fools like Me. This paper explores the challenges of being proactive with existing and future data mining possibilities when facing the realities of institutional expectations for assessment and when facing the fact that one’s own understanding of cyber capabilities is less than ideal. This paper discusses the current assessment cyber resources, trends, and pressures within USA academic institutions and the challenges of reactive/proactive labor in the midst of multiple levels of technological/informational literacies amongst administrators. Years ago, when young nuns were entering a particular Catholic convent, they were asked to write autobiographical essays which were filed away along with other information about each nun. When they were elderly, these nuns agreed to be a part of a study on Alzheimers, giving permission for scientists to perform autopsies upon their deaths. Susan Kemper, a cognitive psychologist and psycholinguist was able to take the autobiographies from these humanities-based school teachers, and predict the probability of alzheimers from their sentence structures at eighteen. Luckily, replications of this kind of research are difficult. I say luckily because these kinds of findings might have potential hazards for those whose writing at 18 indicates alzheimers: specifically, living in a country in which health care is not a fundamental right, insurance companies might want access to this kind of data. I think of this study each time that I find myself in a meeting as an administrator at a university in the United States, navigating difficult decisions about gathering writing samples from a large group of 18 year old students. While our assessment rhetoric suggests that we “come in peace,” I find myself worrying over the potential hazards of employing certain cloud computing resources to facilitate our data collection of student essays. This paper explores the challenges of being proactive with existing and future data mining possibilities when facing the realities of institutional expectations for assessment and when facing the fact that one’s own understanding of cyber capabilities is less than ideal. This paper discusses the current assessment cyber resources, trends, and pressures within USA institutions and the challenges of reactive/proactive labor in the midst of multiple levels of technological/informational literacies amongst administrators.
|