[Blake]

GSO would like to start a newsletter/zine (all depends on how much material we get)
So if you want to submit a paper to be included in issue #1 please send me a plain text file with the subject "Zine" to admin@governmentsecurity.org.

Topics we would like covered

• System Hardening
  
• Exploit Tutorials
  
• Exploit Development
  
• Your own tool or code releases
  
• Security Tool Review
  
• Political Articles on Legislature effecting the security community

What I also need is some one that can do an ASCII art logo for GSO. PM GSecur if you can do it.

The deadline is April 30th.

[easternerd]

that would be a really cool feature..
everyone can make a combined effort to make this a success.
looking forward for the first article.
hope to chip in with something soon. ;)

[Blake]

definatly chip in we need stuff or the project will die

[Blake]

Contributors So far : mSMittens: CISSP Notes: Security Models: Access Control Models

[Tyrano]

have you thought about making it in pdf format? so there can be pictures and such :)

[Blake]

That could be an idea, but it might make editing a pain.

[Logan]

great idea!

it would be cool if you would offer something in return (if not very many things come back)... like 2600 gives you a shirt i think if they except your article (don't expect you to do that, but it's just a thought)

if i think of something for it, i'll send it to you (don't expect anything soon though.. school ruins my 'social' life)

btw, you spelled professionals wrong^

[packet]

I'll try to get "A Review of the Foundstone Enterprise Vulnerability Manager" written up...

Actually a very cool product.

--P>G>>

[Gotisch]

are articles about the basics desired too ?

[Travis]

ABout the basics are desired as well,but refrain from "hacking for stros etc"
It'd be much more appreciative if you could right something up about the basics of VoIP or TCP/IP.

[nuorder]

lookin good so far

[Nick W]

Quote

The so called "black hats" do most of the contributing around here.

Awww gee, so I suppose we aren't allowed to contribute to the call for papers, either, eh?

Naw, I'm not a black hat, but one of the issues I was going to talk about was the mshta methods for installing a file and how a dedicated hacker would bypass generic virusscanners to do so.

For example, within 5 minutes of the release of any IE exploit, I can create a POC (proof-of-concept) that will download and execute an exe that opens your CD-ROM tray.

Well, for the most part, anyway. A lot of time I will delay releasing a POC on these forums cause I'm worried that a "script-kiddie" will use it. The reality is, administrators need to know in order to adapt their web scan engines for their AV, IDS, or other software so they can catch hostile web applications.

But there is an even easier way to handle it. It involves deleting mshta or doing ONE registry edit that will prevent a visual basic script from running. For example, just the other day I released information on how to disable the Windows Firewall in XP service pack 2. It was a simple batch file. It's ridiculous that Microsoft makes it *that* easy to disable stuff as important as a firewall.

Anyway, I gotta stop ranting. Just name a subject and I'll write up something on it by April 30th.