[17461] in cryptography@c2.net mail archive
Re: analysis of the Witty worm
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Jun 13 14:57:29 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Jerrold Leichter <jerrold.leichter@smarts.com>
Cc: cryptography@metzdowd.com
In-Reply-To: Your message of "Fri, 10 Jun 2005 18:42:36 EDT."
<Pine.SOL.4.61.0506101841300.8962@frame>
Date: Fri, 10 Jun 2005 20:26:10 -0400
In message <Pine.SOL.4.61.0506101841300.8962@frame>, Jerrold Leichter writes:
>| | The paper itself (there's a link in the article) has several more items
>| | of interest to this list. Especially interesting is the effective
>| | cryptanalysis of the PRNG used by the worm. Implicit in many of the
>| | analyses, though not a focus of the paper, is the amount of information
>| | that the authors could gather about network configurations at different
>| | sites: as we all know, traffic analysis is a powerful technique.
>| The links in the paper no longer work - they go to restricted pages. The
>| (or an) HTML version is in the Google cache at:
>|
>| http://64.233.161.104/search?q=cache:oS94i-ojvIgJ:www.cc.gatech.edu/~akumar/
>witty.html+witty+worm+analysis+paxson&hl=en&start=1
>Oops. I should have read it more closely first. The only thing in Google's
>cache is the intro page, with an abstract. The paper (pdf and ps) and a slide
>
>show are inaccessible, and are not in Google's cache.
>
>Anyone saved a copy?
It's on Vern's web page:
http://www.icir.org/vern/papers/witty-draft.pdf or
http://www.icir.org/vern/papers/witty-draft.ps
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
