The next, non-commercial, technological Security Forum will take place
on Sunday, the 16th of January, 2005, at Tel Aviv University's Lev
We apologize for the cancellation of last month's first lecture on
wireless hacking. The "Rogla", however, came with extra chocolate.
17:45 - Gathering - hot and cold drinks will be served.
18:00 - Doron Shikmoni, ISOC-IL, CEO - ForeScout Technologies, Israel.
Lecture: Security of DNS and DNS-SECurity.
The Domain Name System is an important and critical part
of the Internet infrastructure. Consequently, it is also
one of the most attacked pieces of that infrastructure.
This talk will describe the main vulnerabilities of the
DNS and attack vectors against it. It will then go into
DNS Security (DNSSEC), an emerging protocol that is aimed
at enhancing the DNS with a set of security features.
We will look at DNSSEC features, see which of the problems
it solves, and try to assess its strengths and weaknesses.
19:30 - We will break for a short recess, as well as for
refreshments and networking between members - hot and cold
drinks will be served.
19:50 - Zvika Gutterman, CTO - Safend.
Lecture: Hold Your Sessions: An Attack on Java Session-id Generation.
HTTP session-id's take an important role in almost any web site
today. This paper presents a cryptanalysis of Java Servlet
$128$-bit session-id's and an efficient practical prediction
algorithm. Using this attack an adversary may impersonate a
Through the analysis we also present a novel, general space-time
tradeoff for secure pseudo random number generator attacks.
This is a joint work with Dahlia Malkhi.
Hot and cold drinks will be freely available.
Attendance is free.
For a map of the university please visit:
For future and past lectures, presentations and general information:
You can also visit our Orkut community (Tausec):
Thank you all, and please pass this information to others.
Who we are
The Security Forum, hosted by the Tel Aviv University, started when a
few of us talked about there being an (almost) complete lack of
professional and social events on security in Israel which are not
completely commercial and about "sticking products down out throats".
We decided to do instead of complain, and here we are.
In previous meetings we had over a hundred arrivals, varying from
soldiers and students, through programmers and government CSO's, all the
way to CEO's and CTO's of different companies, banks and other
institutions. Some have been part of our community since the 70's and
some are just people who are interested in the subject.
Have a good week,