Dragan on Security

Microsoft Press is celebrating 25 years and gives free book “Writing Secure Code for Windows Vista” by Michael Howard and David LeBlanc. You can download book in PDF format here.

They say:

For 25 years, Microsoft Press books have focused on helping you take your skills and knowledge to the next level. Celebrate our 25th Anniversary with a “Free E-Book of the Month” offer! Simply sign up for the Microsoft Press Book Connection Newsletter for notification of offers, register, and download the selection of the month.

In this, just before New Year post, I will take chance to mention one of most respected technical journals in the IT security field. That is  Computers & Security – Elsevier, official journal of Technical Committee 11 (computer security) of the International Federation of Information Processing.

From time to time, I serve as reviewer for scientific and technical journals, conferences and papers including Elsevier Computers & Security.

This journal, now in its 21st year, with a new editorial board and new regular features and columns, is essential reading for IT security professionals around the world.

In Journal Citation Report list published by Thompson Reuters, this journal is listed with impact factor for many years. That means that articles published in Elsevier Computers & Security journal are often cited and have important impact on further research and development in area of computer security.

Elsevier, like most scientific publishing companies, relies on effective peer review processes to uphold not only the quality and validity of individual articles, but also the overall integrity of the journals we publish.

Here you can flowchart which shows per review process.

On Elsevier web site you can read:

Those who publish with Elsevier can take pride in knowing that the most honored scholars, scientific leaders and educators – from Galileo to Jules Verne to Stephen W. Hawking – have published with Elsevier, as well. In fact, in 2006, 6 Nobel Prize winners had been previously published with Elsevier.

So, if you are planning to publish your important scientific paper in area of security, you definitely should consider Elsevier Computers & Security.

We Are Sorry to Inform You - about rejected papers of famous researchers.

Also interesting: “Once upon a time there was a little-known patent clerk in Bern who received a disappointing annual performance review in ‘05 – Annual Performance Review: Albert Einstein“.

You’ll probably be surprised when you see this.

There is interesting call for papers for an Elsevier’s special issue of Electronic Commerce Research and Applications on Social Networks and Web 2.0. You can submit your manuscripts online. Papers will be reviewed and published depending of reviewers’ decisions.

It will cover many of relevant topics related to this hot and fast evolving area. I’m particularly interested in privacy and protections issues of social networks and Web 2.0.

Important dates are:

• Optional abstracts: April 15, 2008
• Initial submission: June 15, 2008
• First round reviews: August 15, 2008
• Resubmission by: October 15, 2008
• Final acceptance: December 15, 2008

The Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone is available online – legitimately. This is a good book, and well worth downloading. I also would recommend Applied Cryptography by Bruce Schneier which is not free yet, but is very good and considered as bible of cryptography.

Coming soon. This is a new Operating systems I course textbook with lab exercises for GNU/Linux System Programming. More details here. I contributed a little bit.

Note: Book is in Serbian language. Original title is GNU/Linux sistemsko programiranje.

Paper Reduction of False Positive Intrusions by using Neural Nets, which I worked on with colleagues, is now available at IEEE Digital Library.

Abstract

The main idea of this paper is to propose a new solution for a Wireless Intrusion Detection Prevention System (WIDPS). The proposed WIDPS has a high degree of autonomy in tracking suspicious activity and detecting positive intrusions. Our focus was the reduction of detected false positive intrusion by implementing adaptive self-learning neural net in the system. Once it is fully developed and tested, this WIDPS would enable real-time response against threats, even to zero-day attacks.

Remark: Subscription to IEEE Digital Library required to download full paper in PDF format.

The 52nd International Belgrade Book Fair will take place on October 22 – 28, 2007, in Belgrade. The International Belgrade Book Fair will gather numerous local and foreign exhibitors. About 800 local and foreign publishers will feature their editions.

This year, at Belgrade Fair, the participants will be publishers from Italy, Canada, the USA, Greece, Japan, the UK, France, Brazil, Portugal, Angola, Iran, Switzerland, Poland, Croatia, Bosnia and Herzegovina, and Montenegro.

The topic of the 52nd International Belgrade Book Fair is Dositej Obradović, on the occasion of the anniversary of his arrival to Serbia, his importance for profiling of Serbian education, as well as his importance for the Serbian/Italian cultural and literary relations.

The Guest of Honor Country of the 52nd International Belgrade Book Fair will be Italy. In addition to many programs at the Italian National Stand, the Belgrade Book Fair guests will be Claudio Magris, Fleur Jaeggy, Sergio Romano, Angela Nanetti, Pino Boero, Arnaldo Colasanti, Dante Maffia and Predrag Matvejevic.

My book “Sigurnost računarskih sistema i mreža” (English translation “Security of Computer Systems and Networks”) and published by Mikro knjiga, will be presented at Belgrade book fair.  You also can see and buy there the book “Operativni sistemi: teorija, praksa i rešeni zadaci” (in English “Operating Systems: Theory, Practice and Solved Problems”).

Here: Rare 17th Century work on Cryptography.

Title: Cryptomenytices et cryptographiae libri IX. In quibus & planissima Steganographiae à Johanne Trithemio, abbate Spanheymensi & Herbipolensi, admirandi ingenij viro, magicè & aenigmaticè olim conscriptae, enodatio traditur. Inspersis ubiquè authoris ac aliorum, non contemnendis inventis…

Author: Selenus, Gustavus [pseud. of August, Duke of Braunschweig-Luneburg]

IEEE Security and Privacy, issue July/August 2007 (Vol. 5, No. 4), has interesting article Estimating Software Vulnerabilities (subscription required).

Abstract

Any given piece of software has some number of publicly disclosed vulnerabilities at any moment, leaving the system exposed to potential attack. The author presents a method for identifying and analyzing these vulnerabilities using public data from easily accessible sources.