School of Computer Science, and
Center for Cybermedia Research
University of Nevada at Las Vegas
Las Vegas, NV 89154-4109
Phone: (702)-895-3681
Fax: (702)-895-0964
Email: hlb at acm dot org
URL: http://www.berghel.net
Dr. Berghel is currently Professor and Director of the School of Computer Science, and Director of both the Center for Cybermedia Research and Identity Theft and Financial Fraud Research and Operations Center, at the University of Nevada at Las Vegas. He has held a variety of research and administrative positions in industry and academia during his twenty-five year career in computing. His current research focuses on Internet and Web technologies, Internet security and forensics, interactive and participatory computing environments, cyberpublishing, and electronic information management. His research work appears frequently in a variety of scientific and technical venues, and his columns, editorials, and articles appear regularly in such publications as Computer and the Communications of the ACM.
Berghel founded and chaired the ACM Technology Outreach Program (1993-2003), the Electronic Communities Committee (1995-7), served on the ACM Publications Board (1992-2000, 2001-2003), and as Vice Chair of the ACM Local Activities Board and Member Activities Board (1993-2003). Berghel also publishes extensively on cyberspace in a wide variety of scholarly publications, and has designed or developed countless interactive Websites for applications as diverse as the World Wide Web Test Pattern , networked gaming, digital ballot boxes, interactive CGI programming support, digital publications, the ACM's Web-based Graduate Assistantship Directory , and the new ACM Interactive Timeline of Computing Website, to name but a few.
Berghel has been selected as ACM Outstanding Lecturer of the Year four times (1996, 1997, 1998 and 2004), and has also been twice selected as an IEEE Distinguished Visitor on behalf of the IEEE Computer Society (1995-8 and 1998-2001). His many awards and recognition's include the 1996 ACM Distinguished Service Award and induction as both Fellow of the ACM and Fellow of the IEEE.
The same Internet that provides us with access to enormous repositories of information, sustains e-commerce, and provides global interactivity, also exposes us to a wide range of vulnerabilities. This talk will discuss such vulnerabilities from basic Internet reconnaissance (e.g., Whois, NSLookup) to the more advanced tactics involving Web-based Hacking Support Sites, War Dialing, War Driving, Port Scanners, packet sniffers, pseudo proxy servers, network mapping and OS fingerprinting,to name but a few). Illustrations of such reconnaissance will be given.
In addition, several categories of traditional exploits (e.g., SYN floods, ACK storms, DOS and DDOS attacks, buffer overflows, ping wars and packet storms) will be compared with the next-generation exploits (Zero-day exploits, polymorphic and metamorphic viruses and worms, and multi-platform malware).
ABSTRACT: This talk has three distinct objectives. First, it provides the audience with a high-level overview of current and planned wireless technologies and standards. Second, it provides a low-level overview at the level of wireless packet analysis of wireless traffic. Finally, it combines the former two overviews in a realistic, objective discussion of wireless vulnerabilities, and separates fact from fiction. Several best-of-breed wireless security tools will be demonstrated.
For the past decade, Internet Forensics has been subsumed under the rubric of Computer Forensics. Typically, Internet forensics is buried in the latter chapters of Computer Forensics books - usually between "the Criminal Justice System" and "Conclusion". In this talk, I will show why Internet Forensics should be considered an art in its own right. While Computer Forensics is older and more mature, it is a very different activity requiring very different skills. Internet Forensics is more about eternal vigilance than search-and-seizure.
Several aspects of Internet Forensics will be discussed, including packet crafting, Denial of Service attacks, stimulus-response theory, malware, packet analysis, intrustion detection, fragmentation theory, and protocol bending, to name but a few.
A brief review of the speaker's "Packet Pal Primer" Website at http://hlb.cs.unlv.edu/packetpal/pp.html will be useful in following along with the lectures.
The rapid explosion in Internet use has added new dimensions to the business of risk aversion, both in terms of illegal and unethical activities. The new millennia carries with it previously unimagined categories of Internet activity that is of major concern to law enforcement, the Federal Government, the Internet research community, computing and information practitioners, and to an increasing degree, the public at large.This talk will describe the technological underpinnings of a specific cluster of risk-prone Internet activities including aggressive Internet and Web mining, the practice of anonymization and remailing, cybervandalism, cyber-espionage (both economic and political), information warfare, identity theft and white-collarcyber crime. The technologies used to deploy these activities will be discussed, along with a general discussion of their social implications and economic impact.
Without question, electronic publishing is one of the hottest topics in computing. Groups worldwide want to know how to do it well, how to advertise it effectively, how to enhance the capabilities of electronic publishing to include emerging multimedia technologies, and, most of all, how to make money at it. In our view, electronic publishing efforts, with few exceptions, fall short of expectations in two ways. First, they typically misuse or under-utilize the existing network and Web technology. Second, they fail to appreciate the fact that the intellectual "content" of a publication is just ingredient of its value.
In our view, the successful publishers in the future will be those who add value over and above the value of the original content. We'll outline what seem to us to be some of the fundamental issues connected with the addition of value to electronic publications. We will provide a conceptual overview of the value-added publishing landscape, and suggest ways in which future electronic publishers may take better advantage of technology.
The enormous impact of the Web has made it very tempting to follow the "DIP" (digitize, index and post) model of creating digital libraries or extending current libraries into cyberspace. In so doing, many have forsaken the challenging aspects of future digital libraries for the pedestrian.
We will contrast the DIP model with the "MIP" (meta-data, interactive and participatory) model that we see as the real payoff in future digital libraries. Various supporting technologies will be discussed and demonstrated that will enable future digital libraries to focus on such critical roles as content enhancement and the facilitation of thought swarms.
EQUIPMENT REQUIRED (all talks): Digital Projector with XGA or higher-resolution connected to a Windows 2000 or XP computer with Powerpoint. Instructor will bring a CD containing Powerpoint slides. Computer with direct Internet Access helpful.