Evifa-Portal

1

Online Resource

Software security engineering : a guide for project managers (2008)

Allen, Julia H [MitwirkendeR]

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780321559685 , 0321559681

Language: English

Pages: xxvi, 315 p , ill.

Parallel Title: Erscheint auch als

Keywords: Computer security ; Software engineering ; Computer networks ; Security measures ; Electronic books ; local

Abstract: "This book's broad overview can help an organization choose a set of processes, policies, and techniques that are appropriate for its security maturity, risk tolerance, and development style. This book will help you understand how to incorporate practical security techniques into all phases of the development lifecycle." -Steve Riley, senior security strategist, Microsoft Corporation "There are books written on some of the topics addressed in this book, and there are other books on secure systems engineering. Few address the entire life cycle with a comprehensive overview and discussion of emerging trends and topics as well as this one." -Ronda Henning, senior scientist-software/security queen, Harris Corporation Software that is developed from the beginning with security in mind will resist, tolerate, and recover from attacks more effectively than would otherwise be possible. While there may be no silver bullet for security, there are practices that project managers will find beneficial. With this management guide, you can select from a number of sound practices likely to increase the security and dependability of your software, both during its development and subsequently in its operation. Software Security Engineering draws extensively on the systematic approach developed for the Build Security In (BSI) Web site. Sponsored by the Department of Homeland Security Software Assurance Program, the BSI site offers a host of tools, guidelines, rules, principles, and other resources to help project managers address security issues in every phase of the software development life cycle (SDLC). The book's expert authors, themselves frequent contributors to the BSI site, represent two well-known resources in the security world: the CERT Program at the Software Engineering Institute (SEI) and Cigital, Inc., a consulting firm specializing in software security. This book will help you understand why Software security is about more than just eliminating vulnerabilities and conducting penetration tests Network security mechanisms and IT infrastructure security services do not sufficiently protect application software from security risks Software security initiatives should follow a risk-management approach to identify priorities and to define what is "good enough"-understanding that software security risks will change throughout the SDLC Project managers and software engineers need to learn to think like an attacker in order to address the range of function...

Note: Includes bibliographical references and index

URL: https://learning.oreilly.com/library/view/-/9780321559685/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

2

Online Resource

Understanding Windows CardSpace : an introduction to the concepts and challenges of digital identities (2008)

Bertocci, Vittorio [VerfasserIn] ; Serack, Garrett [MitwirkendeR] ; Baker, Caleb [MitwirkendeR]

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780321496843 , 0321496841

Language: English

Pages: xxviii, 354 p , ill. , 24 cm

Keywords: Windows CardSpace ; Computer security ; Computer networks ; Access control ; Identity theft ; Prevention ; Web services ; Electronic books ; local

Abstract: Windows CardSpace empowers organizations to prevent identity theft and systematically address a broad spectrum of security and privacy challenges. Understanding Windows CardSpace is the first insider's guide to Windows CardSpace and the broader topic of identity management for technical and business professionals. Drawing on the authors' unparalleled experience earned by working with the CardSpace product team and by implementing state-of-the-art CardSpace-based systems at leading enterprises, it offers unprecedented insight into the realities of identity management: from planning and design through deployment. Part I introduces the fundamental concepts of user-centered identity management, explains the context in which Windows CardSpace operates, and reviews the problems CardSpace aims to solve. Next, the authors walk through CardSpace from a technical standpoint, describing its technologies, elements, artifacts, operations and development practices, and usage scenarios. Finally, they carefully review the design and business considerations associated with architecting solutions based on CardSpace or any other user-centered identity management system. Coverage includes The limitations of current approaches to authentication and identity management Detailed information on advanced Web services The Identity Metasystem, the laws of identity, and the ideal authentication system Windows CardSpace: What it is, how it works, and how developers and managers can use it in their organizations CardSpace technology: user experience, Information Cards, private desktops, and integration with .NET 3.5 and Windows Vista CardSpace implementation: from HTML integration through federation, Web services integration, and beyond Adding personal card support to a website: a detailed, scenario-based explanation Choosing or becoming an identity provider: opportunities, business impacts, operational issues, and pitfalls to avoid Using CardSpace to leverage trust relationships and overcome phishing Whether you're a developer, security specialist, or business decision-maker, this book will answer your most crucial questions about identity management, so you can protect everything that matters: your people, your assets, your partners, and your customers. Foreword xv Preface xviii Part I Setting the Context Chapter 1: The Problem 3 The Advent of Profitable Digital Crime 4 Passwords: Ascent and Decline 29 The Babel of Cryptography 36 The Babel of Web User Interfaces 79 Summ...

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/9780321496843/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

3

Online Resource

A practical guide to trusted computing (2008)

Challener, David [MitwirkendeR]

Upper Saddle River, N.J. : IBM Press/Pearson plc | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780132398428 , 0132398427

Language: English

Pages: xxviii, 347 p , ill. , 24 cm

Keywords: Embedded computer systems ; Programmable controllers ; Computer security ; Electronic books ; local

Abstract: Use Trusted Computing to Make PCs Safer, More Secure, and More Reliable Every year, computer security threats become more severe. Software alone can no longer adequately defend against them: what's needed is secure hardware. The Trusted Platform Module (TPM) makes that possible by providing a complete, open industry standard for implementing trusted computing hardware subsystems in PCs. Already available from virtually every leading PC manufacturer, TPM gives software professionals powerful new ways to protect their customers. Now, there's a start-to-finish guide for every software professional and security specialist who wants to utilize this breakthrough security technology. Authored by innovators who helped create TPM and implement its leading-edge products, this practical book covers all facets of TPM technology: what it can achieve, how it works, and how to write applications for it. The authors offer deep, real-world insights into both TPM and the Trusted Computing Group (TCG) Software Stack. Then, to demonstrate how TPM can solve many of today's most challenging security problems, they present four start-to-finish case studies, each with extensive C-based code examples. Coverage includes What services and capabilities are provided by TPMs TPM device drivers: solutions for code running in BIOS, TSS stacks for new operating systems, and memory-constrained environments Using TPM to enhance the security of a PC's boot sequence Key management, in depth: key creation, storage, loading, migration, use, symmetric keys, and much more Linking PKCS#11 and TSS stacks to support applications with middleware services What you need to know about TPM and privacy--including how to avoid privacy problems Moving from TSS 1.1 to the new TSS 1.2 standard TPM and TSS command references and a complete function library

Note: Includes bibliographical references and index

URL: https://learning.oreilly.com/library/view/-/9780132398428/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

4

Online Resource

Geekonomics : the real cost of insecure software (2008)

Rice, David [VerfasserIn] 1971-

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780321477897 , 0321477898

Language: English

Pages: xx, 362 p , 24 cm

Keywords: Computer security ; Computer software ; Quality control ; Computer software industry ; United States ; Electronic books ; local

Abstract: "The clarity of David's argument and the strength of his conviction are truly inspiring. If you don't believe the world of software affects the world in which you live, you owe it to yourself to read this book." -Lenny Zeltzer, SANS Institute faculty member and the New York Security Consulting Manager at Savvis, Inc. " Geekonomics stays with you long after you finish reading the book. You will reconsider every assumption you have had about software costs and benefits." -Slava Frid, Gemini Systems, CTO, Resilience Technology Solutions "Information Security is an issue that concerns governments, companies and, increasingly, citizens. Are the computer systems and software to which we entrust our sensitive and critical information, technologies that are out of control? David Rice has written an important and welcome book that goes to the heart of this issue, and points to solutions that society as a whole needs to debate and embrace." -Nick Bleech, IT Security Director, Rolls-Royce "If you are dependent upon software (and of course, all of us in the modern world are) this book is a fabulous discussion of how and why we should worry." -Becky Bace The Real Cost of Insecure Software • In 1996, software defects in a Boeing 757 caused a crash that killed 70 people... • In 2003, a software vulnerability helped cause the largest U.S. power outage in decades... • In 2004, known software weaknesses let a hacker invade T-Mobile, capturing everything from passwords to Paris Hilton's photos... • In 2005, 23,900 Toyota Priuses were recalled for software errors that could cause the cars to shut down at highway speeds... • In 2006 dubbed "The Year of Cybercrime," 7,000 software vulnerabilities were discovered that hackers could use to access private information... • In 2007, operatives in two nations brazenly exploited software vulnerabilities to cripple the infrastructure and steal trade secrets from other sovereign nations... Software has become crucial to the very survival of civilization. But badly written, insecure software is hurting people-and costing businesses and individuals billions of dollars every year. This must change. In Geekonomics , David Rice shows how we can change it. Rice reveals why the software industry is rewarded for carelessness, and how we can revamp the industry's incentives to get the reliability and security we desperately need and deserve. You'll discover why the software industry still has shockingly little accountability-and...

Note: Includes bibliographical references (p. 325-339) and index

URL: https://learning.oreilly.com/library/view/-/9780321477897/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

5

Online Resource

Ajax security (2008)

Hoffman, Billy [VerfasserIn] 1980- ; Sullivan, Bryan [MitwirkendeR]

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780321491930 , 0321491939

Language: English

Pages: xxvi, 470 p , ill. , 24 cm

Keywords: Ajax (Web site development technology) ; Computer networks ; Security measures ; Computer security ; Electronic books ; local

Abstract: The Hands-On, Practical Guide to Preventing Ajax-Related Security Vulnerabilities More and more Web sites are being rewritten as Ajax applications; even traditional desktop software is rapidly moving to the Web via Ajax. But, all too often, this transition is being made with reckless disregard for security. If Ajax applications aren't designed and coded properly, they can be susceptible to far more dangerous security vulnerabilities than conventional Web or desktop software. Ajax developers desperately need guidance on securing their applications: knowledge that's been virtually impossible to find, until now . Ajax Security systematically debunks today's most dangerous myths about Ajax security, illustrating key points with detailed case studies of actual exploited Ajax vulnerabilities, ranging from MySpace's Samy worm to MacWorld's conference code validator. Even more important, it delivers specific, up-to-the-minute recommendations for securing Ajax applications in each major Web programming language and environment, including .NET, Java, PHP, and even Ruby on Rails. You'll learn how to: · Mitigate unique risks associated with Ajax, including overly granular Web services, application control flow tampering, and manipulation of program logic · Write new Ajax code more safely-and identify and fix flaws in existing code · Prevent emerging Ajax-specific attacks, including JavaScript hijacking and persistent storage theft · Avoid attacks based on XSS and SQL Injection-including a dangerous SQL Injection variant that can extract an entire backend database with just two requests · Leverage security built into Ajax frameworks like Prototype, Dojo, and ASP.NET AJAX Extensions-and recognize what you still must implement on your own · Create more secure "mashup" applications Ajax Security will be an indispensable resource for developers coding or maintaining Ajax applications; architects and development managers planning or designing new Ajax software, and all software security professionals, from QA specialists to penetration testers.

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/9780321491930/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

6

Online Resource

Hacking : the art of exploitation (2008)

Erickson, Jon [VerfasserIn] 1977-

San Francisco, Calif. : No Starch Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9781593271442 , 1593271441

Language: English

Pages: x, 472 p , ill. , 23 cm. +

Edition: 2nd ed.

DDC: 005.8

RVK:

ST 277

Keywords: Computer security ; Computer hackers ; Computer networks ; Security measures ; Electronic books ; local

Abstract: Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope. Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective. The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to: Program computers using C, assembly language, and shell scripts Corrupt system memory to run arbitrary code using buffer overflows and format strings Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening Outsmart common security measures like nonexecutable stacks and intrusion detection systems Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence Redirect network traffic, conceal open ports, and hijack TCP connections Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

Note: Includes bibliographical references and index

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

7

Online Resource

WarDriving & wireless penetration testing (2007)

Hurley, Chris [MitwirkendeR]

Rockland, Mass. : Syngress ; | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9781597491112 , 159749111X

Language: English

Keywords: Wireless communication systems ; Security measures ; Wireless LANs ; Security measures ; Computer security ; Electronic books ; local ; Electronic books

Abstract: Wireless networking has become standard in many business and government networks. This book is the first book that focuses on the methods used by professionals to perform WarDriving and wireless pentration testing. Unlike other wireless networking and security books that have been published in recent years, this book is geared primarily to those individuals that are tasked with performing penetration testing on wireless networks. This book continues in the successful vein of books for penetration testers such as Google Hacking for Penetration Testers and Penetration Tester's Open Source Toolkit. Additionally, the methods discussed will prove invaluable for network administrators tasked with securing wireless networks. By understanding the methods used by penetration testers and attackers in general, these administrators can better define the strategies needed to secure their networks. * According to a study by the Strategis Group more than one third of the words population will own a wireless device by the end of 2008. * The authors have performed hundreds of wireless penetration tests, modeling their attack methods after those used by real world attackers. * Unlike other wireless books, this is geared specifically for those individuals that perform security assessments and penetration tests on wireless networks.

Note: Includes index

URL: lizenzpflichtig

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

8

Online Resource

Securing the Vista environment (2007)

Gregory, Peter H [VerfasserIn]

Sebastopol, Calif. : O'Reilly | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780596514303 , 0596514301

Language: English

Keywords: Microsoft Windows (Computer file) ; Computer security ; Electronic books ; local

Abstract: "Securing the Vista Environment" takes you on a quick tour of the most significant security features in Vista, Microsoft's first revision of Windows in almost six years. You'll get background on threats and vulnerabilities that will make you think differently about security. Security is more than just the technology and configurations--it's about how we use the system that makes it secure or not. Then we'll cover Vista's security features, from user privileges to Windows Defender, User Account Control, and BitLocker, as well as strategies for protecting your information from unwanted disclosure and accidental damage and loss.

URL: https://learning.oreilly.com/library/view/-/9780596514303/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

9

Online Resource

Hacking for dummies (2007)

Beaver, Kevin [VerfasserIn]

Hoboken, N.J. : Wiley Pub. | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780470052358 , 047005235X

Language: English

Pages: xx, 388 p , ill. , 24 cm

Edition: 2nd ed.

Keywords: Computer security ; Computer networks ; Security measures ; Computer hackers ; Electronic books ; local

Abstract: Are you worried about external hackers and rogue insiders breaking into your systems? Whether it's social engineering, network infrastructure attacks, or application hacking, security breaches in your systems can devastate your business or personal life. In order to counter these cyber bad guys, you must become a hacker yourself-an ethical hacker. Hacking for Dummies shows you just how vulnerable your systems are to attackers. It shows you how to find your weak spots and perform penetration and other security tests. With the information found in this handy, straightforward book, you will be able to develop a plan to keep your information safe and sound. You'll discover how to: Work ethically, respect privacy, and save your system from crashing Develop a hacking plan Treat social engineers and preserve their honesty Counter war dialing and scan infrastructures Understand the vulnerabilities of Windows, Linux, and Novell NetWare Prevent breaches in messaging systems, web applications, and databases Report your results and managing security changes Avoid deadly mistakes Get management involved with defending your systems As we enter into the digital era, protecting your systems and your company has never been more important. Don't let skepticism delay your decisions and put your security at risk. With Hacking For Dummies , you can strengthen your defenses and prevent attacks from every angle!

Note: Includes bibliographical references and index

URL: https://learning.oreilly.com/library/view/-/9780470052358/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

10

Online Resource

Security power tools (2007)

Burns, Bryan [MitwirkendeR]

Sebastopol, Calif. : O'Reilly | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780596009632 , 0596009631

Language: English

Keywords: Computer networks ; Security measures ; Computer security ; Electronic books ; local

Abstract: What if you could sit down with some of the most talented security engineers in the world and ask any network security question you wanted? Security Power Tools lets you do exactly that! Members of Juniper Networks' Security Engineering team and a few guest experts reveal how to use, tweak, and push the most popular network security applications, utilities, and tools available using Windows, Linux, Mac OS X, and Unix platforms. Designed to be browsed, Security Power Tools offers you multiple approaches to network security via 23 cross-referenced chapters that review the best security tools on the planet for both black hat techniques and white hat defense tactics. It's a must-have reference for network administrators, engineers and consultants with tips, tricks, and how-to advice for an assortment of freeware and commercial tools, ranging from intermediate level command-line operations to advanced programming of self-hiding exploits. Security Power Tools details best practices for: Reconnaissance -- including tools for network scanning such as nmap; vulnerability scanning tools for Windows and Linux; LAN reconnaissance; tools to help with wireless reconnaissance; and custom packet generation Penetration -- such as the Metasploit framework for automated penetration of remote computers; tools to find wireless networks; exploitation framework applications; and tricks and tools to manipulate shellcodes Control -- including the configuration of several tools for use as backdoors; and a review of known rootkits for Windows and Linux Defense -- including host-based firewalls; host hardening for Windows and Linux networks; communication security with ssh; email security and anti-malware; and device security testing Monitoring -- such as tools to capture, and analyze packets; network monitoring with Honeyd and snort; and host monitoring of production servers for file changes Discovery -- including The Forensic Toolkit, SysInternals and other popular forensic tools; application fuzzer and fuzzing techniques; and the art of binary reverse engineering using tools like Interactive Disassembler and Ollydbg A practical and timely network security ethics chapter written by a Stanford University professor of law completes the suite of topics and makes this book a goldmine of security information. Save yourself a ton of headaches and be prepared for any network security dilemma with Security Power Tools .

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/9780596009632/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

11

Online Resource

The craft of system security (2007)

Smith, Sean W. [VerfasserIn] 1964- ; Marchesini, John [MitwirkendeR]

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780321434838 , 0321434838

Language: English

Keywords: Computer security ; System design ; Computer networks ; Security measures ; Electronic books ; local

Abstract: "I believe The Craft of System Security is one of the best software security books on the market today. It has not only breadth, but depth, covering topics ranging from cryptography, networking, and operating systems--to the Web, computer-human interaction, and how to improve the security of software systems by improving hardware. Bottom line, this book should be required reading for all who plan to call themselves security practitioners, and an invaluable part of every university's computer science curriculum." --Edward Bonver, CISSP, Senior Software QA Engineer, Product Security, Symantec Corporation "Here's to a fun, exciting read: a unique book chock-full of practical examples of the uses and the misuses of computer security. I expect that it will motivate a good number of college students to want to learn more about the field, at the same time that it will satisfy the more experienced professional." --L. Felipe Perrone, Department of Computer Science, Bucknell University Whether you're a security practitioner, developer, manager, or administrator, this book will give you the deep understanding necessary to meet today's security challenges--and anticipate tomorrow's. Unlike most books, The Craft of System Security doesn't just review the modern security practitioner's toolkit: It explains why each tool exists, and discusses how to use it to solve real problems. After quickly reviewing the history of computer security, the authors move on to discuss the modern landscape, showing how security challenges and responses have evolved, and offering a coherent framework for understanding today's systems and vulnerabilities. Next, they systematically introduce the basic building blocks for securing contemporary systems, apply those building blocks to today's applications, and consider important emerging trends such as hardware-based security. After reading this book, you will be able to Understand the classic Orange Book approach to security, and its limitations Use operating system security tools and structures--with examples from Windows, Linux, BSD, and Solaris Learn how networking, the Web, and wireless technologies affect security Identify software security defects, from buffer overflows to development process flaws Understand cryptographic primitives and their use in secure systems Use best practice techniques for authenticating people and computer systems in diverse settings Use validation, standards, and testing to enhance confidence in a s...

Note: Includes bibliographical references and index

URL: https://learning.oreilly.com/library/view/-/9780321434838/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

12

Online Resource

Virtual honeypots : from botnet tracking to intrusion detection (2007)

Provos, Niels [VerfasserIn] ; Holz, Thorsten [MitwirkendeR]

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780321336323 , 0321336321

Language: English

Keywords: Computer security ; Electronic books ; local

Abstract: Praise for Virtual Honeypots "A power-packed resource of technical, insightful information that unveils the world of honeypots in front of the reader's eyes." -Lenny Zeltser, Information Security Practice Leader at Gemini Systems "This is one of the must-read security books of the year." -Cyrus Peikari, CEO, Airscanner Mobile Security, author, security warrior "This book clearly ranks as one of the most authoritative in the field of honeypots. It is comprehensive and well written. The authors provide us with an insider's look at virtual honeypots and even help us in setting up and understanding an otherwise very complex technology." -Stefan Kelm, Secorvo Security Consulting "Virtual Honeypots is the best reference for honeypots today. Security experts Niels Provos and Thorsten Holz cover a large breadth of cutting-edge topics, from low-interaction honeypots to botnets and malware. If you want to learn about the latest types of honeypots, how they work, and what they can do for you, this is the resource you need." -Lance Spitzner, Founder, Honeynet Project "Whether gathering intelligence for research and defense, quarantining malware outbreaks within the enterprise, or tending hacker ant farms at home for fun, you'll find many practical techniques in the black art of deception detailed in this book. Honeypot magic revealed!" -Doug Song, Chief Security Architect, Arbor Networks "Seeking the safest paths through the unknown sunny islands called honeypots? Trying to avoid greedy pirates catching treasures deeper and deeper beyond your ports? With this book, any reader will definitely get the right map to handle current cyber-threats. Designed by two famous white hats, Niels Provos and Thorsten Holz, it carefully teaches everything from the concepts to practical real-life examples with virtual honeypots. The main strength of this book relies in how it covers so many uses of honeypots: improving intrusion detection systems, slowing down and following incoming attackers, catching and analyzing 0-days or malwares or botnets, and so on. Sailing the high seas of our cyber-society or surfing the Net, from students to experts, it's a must-read for people really aware of computer security, who would like to fight against black-hats flags with advanced modern tools like honeypots." -Laurent Oudot, Computer Security Expert, CEA "Provos and Holz have written the book that the bad guys don't want you to read. This detailed and comprehensive look at honeypots p...

Note: Includes bibliographical references and index

URL: https://learning.oreilly.com/library/view/-/9780321336323/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

13

Online Resource

Secure programming with static analysis (2007)

Chess, Brian [VerfasserIn]

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780321424778 , 0321424778

Language: English

Keywords: Computer security ; Debugging in computer science ; Computer software ; Quality control ; Electronic books ; local

Abstract: The First Expert Guide to Static Analysis for Software Security! Creating secure code requires more than just good intentions. Programmers need to know that their code will be safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine-toothed comb and uncover the kinds of errors that lead directly to security vulnerabilities. Now, there's a complete guide to static analysis: how it works, how to integrate it into the software development processes, and how to make the most of it during security code review. Static analysis experts Brian Chess and Jacob West look at the most common types of security defects that occur today. They illustrate main points using Java and C code examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar mistakes. This book is for everyone concerned with building more secure software: developers, security engineers, analysts, and testers. Coverage includes: Why conventional bug-catching often misses security problems How static analysis can help programmers get security right The critical attributes and algorithms that make or break a static analysis tool 36 techniques for making static analysis more effective on your code More than 70 types of serious security vulnerabilities, with specific solutions Example vulnerabilities from Firefox, OpenSSH, MySpace, eTrade, Apache httpd, and many more Techniques for handling untrusted input Eliminating buffer overflows: tactical and strategic approaches Avoiding errors specific to Web applications, Web services, and Ajax Security-aware logging, debugging, and error/exception handling Creating, maintaining, and sharing secrets and confidential information Detailed tutorials that walk you through the static analysis process "We designed Java so that it could be analyzed statically. This book shows you how to apply advanced static analysis techniques to create more secure, more reliable software." - Bill Joy, Co-founder of Sun Microsystems, co-inventor of the Java programming language "'Secure Programming with Static Analysis' is a great primer on static analysis for security-minded developers and security practitioners. Well-written, easy to read, tells you what you need to know." - David Wagner, Associate Professor, University of California Berkeley "Software develope...

Note: Includes bibliographical references and index

URL: https://learning.oreilly.com/library/view/-/9780321424778/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

14

Online Resource

Endpoint security (2007)

Kadrich, Mark [VerfasserIn]

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780321436955 , 0321436954

Language: English

Keywords: Computer networks ; Security measures ; Computer security ; Electronic books ; local

Abstract: A Comprehensive, Proven Approach to Securing All Your Network Endpoints! Despite massive investments in security technology and training, hackers are increasingly succeeding in attacking networks at their weakest links: their endpoints. Now, leading security expert Mark Kadrich introduces a breakthrough strategy to protecting all your endpoint devices, from desktops and notebooks to PDAs and cellphones. Drawing on powerful process control techniques, Kadrich shows how to systematically prevent and eliminate network contamination and infestation, safeguard endpoints against today's newest threats, and prepare yourself for tomorrow's attacks. As part of his end-to-end strategy, he shows how to utilize technical innovations ranging from network admission control to "trusted computing." Unlike traditional "one-size-fits-all" solutions, Kadrich's approach reflects the unique features of every endpoint, from its applications to its environment. Kadrich presents specific, customized strategies for Windows PCs, notebooks, Unix/Linux workstations, Macs, PDAs, smartphones, cellphones, embedded devices, and more. You'll learn how to: • Recognize dangerous limitations in conventional endpoint security strategies • Identify the best products, tools, and processes to secure your specific devices and infrastructure • Configure new endpoints securely and reconfigure existing endpoints to optimize security • Rapidly identify and remediate compromised endpoint devices • Systematically defend against new endpoint-focused malware and viruses • Improve security at the point of integration between endpoints and your network Whether you're a security engineer, consultant, administrator, architect, manager, or CSO, this book delivers what you've been searching for: a comprehensive endpoint security strategy that works. Mark Kadrich is President and CEO of The Security Consortium, which performs in-depth testing and evaluation of security products and vendors. As Senior Scientist for Sygate Technologies, he was responsible for developing corporate policies, understanding security trends, managing government certification programs, and evangelization. After Symantec acquired Sygate, Kadrich became Symantec's Senior Manager of Network and Endpoint Security. His 20 years' IT security experience encompasses systems level design, policy generation, endpoint security, risk management, and other key issues. Foreword Preface About the Author Chapter 1 Defini...

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/9780321436955/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

15

Online Resource

Fuzzing : brute force vulnerabilty discovery (2007)

Sutton, Michael [VerfasserIn] 1973- ; Greene, Adam [MitwirkendeR] ; Amini, Pedram [MitwirkendeR]

Upper Saddle River, N.J. : Addison-Wesley | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 9780321446114 , 0321446119

Language: English

Keywords: Computer security ; Computer networks ; Security measures ; Computer software ; Development ; Electronic books ; local

Abstract: FUZZING Master One of Today's Most Powerful Techniques for Revealing Security Flaws! Fuzzing has evolved into one of today's most effective approaches to test software security. To "fuzz," you attach a program's inputs to a source of random data, and then systematically identify the failures that arise. Hackers have relied on fuzzing for years: Now, it's your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does. Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes: • Why fuzzing simplifies test design and catches flaws other methods miss • The fuzzing process: from identifying inputs to assessing "exploitability" • Understanding the requirements for effective fuzzing • Comparing mutation-based and generation-based fuzzers • Using and automating environment variable and argument fuzzing • Mastering in-memory fuzzing techniques • Constructing custom fuzzing frameworks and tools • Implementing intelligent fault detection Attackers are already using fuzzing. You should, too. Whether you're a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software. Foreword xix Preface xxi Acknowledgments xxv About the Author xxvii P ARTI B ACKGROUND 1 Chapter 1 Vulnerability Discovery Methodologies 3 Chapter 2 What Is Fuzzing? 21 Chapter 3 Fuzzing Methods and Fuzzer Types 33 Chapter 4 Data Representation and Analysis 45 Chapter 5 Requirements for Effective Fuzzing 61 P ART II T ARGETS AND A UTOMATION 71 Chapter 6 Automation and Data Generation 73 Chapter 7 Environment Variable and Argument Fuzzing 89 Chapter 8 Environment Variable and Argument Fuzzing: Automation 103 Chapter 9 Web Application and Server Fuzzing 113 Chapter 10 Web Application and Server Fuzzing: Automation 137 Chapter 11 File Format Fuzzing 1...

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/9780321446114/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

16

Online Resource

The art of software security assessment : identifying and preventing software vulnerabilities (2006)

Dowd, Mark [VerfasserIn] ; McDonald, John [MitwirkendeR] ; Schuh, Justin [MitwirkendeR]

Indianapolis, Ind. : Addison Wesley Professional | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 0321444426 , 9780321444424

Language: English

Keywords: Computer security ; Computer software ; Development ; Computer networks ; Security measures ; Electronic books ; local

Abstract: "There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude." - Halvar Flake, CEO and head of research, SABRE Security GmbH Note: This is now a 2 volume set which is shrink wrapped. The Definitive Insider's Guide to Auditing Software Security This is one of the most detailed, sophisticated, and useful guides to software security auditing ever written. The authors are leading security consultants and researchers who have personally uncovered vulnerabilities in applications ranging from sendmail to Microsoft Exchange, Check Point VPN to Internet Explorer. Drawing on their extraordinary experience, they introduce a start-to-finish methodology for "ripping apart" applications to reveal even the most subtle and well-hidden security flaws. The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. It demonstrates how to audit security in applications of all sizes and functions, including network and Web software. Moreover, it teaches using extensive examples of real code drawn from past flaws in many of the industry's highest-profile applications . Coverage includes • Code auditing: theory, practice, proven methodologies, and secrets of the trade • Bridging the gap between secure software design and post-implementation review • Performing architectural assessment: design review, threat modeling, and operational review • Identifying vulnerabilities related to memory management, data types, and malformed data • UNIX/Linux assessment: privileges, files, and processes • Windows-specific issues, including objects and the filesystem • Auditing interprocess communication, synchronization, and state • Evaluating network software: IP stacks, firewalls, and common application protocols • Auditing Web applications and technologies This book is an unprecedented resource for everyone who must deliver secure software or assure the safety of existing software: consultants, security specialists, developers, QA staff, testers, and administrators alike. Contents ABOUT THE AUTHORS xv PREFACE xvii ACKNOWLEDGMENTS xxi I Introduction to Software Security Assessment 1 SOFTWARE VULNERABILITY FUNDAMENTALS 3 2 DESIGN REVIEW 25 3 OPERATIONAL REVIEW 67 4 APPLICATION REVIEW PROCESS 91 II Software Vulnerabilities 5 MEMORY CORRUPTION 167 6 C LANGUAGE ISSU...

Note: Includes bibliographical references and index

URL: https://learning.oreilly.com/library/view/-/0321444426/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

17

Online Resource

Network security hacks (2006)

Lockhart, Andrew [VerfasserIn]

Sebastopol, Calif. : O'Reilly | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 0596527632 , 9780596527631

Language: English

Edition: 2nd ed.

Keywords: Computer networks ; Security measures ; Internet ; Security measures ; Computer security ; Electronic books ; local

Abstract: In the fast-moving world of computers, things are always changing. Since the first edition of this strong-selling book appeared two years ago, network security techniques and tools have evolved rapidly to meet new and more sophisticated threats that pop up with alarming regularity. The second edition offers both new and thoroughly updated hacks for Linux, Windows, OpenBSD, and Mac OS X servers that not only enable readers to secure TCP/IP-based services, but helps them implement a good deal of clever host-based security techniques as well. This second edition of Network Security Hacks offers 125 concise and practical hacks, including more information for Windows administrators, hacks for wireless networking (such as setting up a captive portal and securing against rogue hotspots), and techniques to ensure privacy and anonymity, including ways to evade network traffic analysis, encrypt email and files, and protect against phishing attacks. System administrators looking for reliable answers will also find concise examples of applied encryption, intrusion detection, logging, trending and incident response. In fact, this "roll up your sleeves and get busy" security book features updated tips, tricks & techniques across the board to ensure that it provides the most current information for all of the major server software packages. These hacks are quick, clever, and devilishly effective.

Note: Includes index. - "Tips & tools for protecting your privacy"--Cover

URL: https://learning.oreilly.com/library/view/-/0596527632/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

18

Online Resource

Hunting security bugs (2006)

Gallagher, Tom [VerfasserIn] ; Jeffries, Bryan [MitwirkendeR] ; Landauer, Lawrence [MitwirkendeR]

Redmond, Wash. : Microsoft Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 073562187X , 9780735621879

Language: English

Keywords: Computer security ; Computer software ; Testing ; Computer networks ; Security measures ; Electronic books ; local

Abstract: Learn how to think like an attacker-and identify potential security issues in your software. In this essential guide, security testing experts offer practical, hands-on guidance and code samples to help you find, classify, and assess security bugs before your software is released. Discover how to: Identify high-risk entry points and create test cases Test clients and servers for malicious request/response bugs Use black box and white box approaches to help reveal security vulnerabilities Uncover spoofing issues, including identity and user interface spoofing Detect bugs that can take advantage of your program's logic, such as SQL injection Test for XML, SOAP, and Web services vulnerabilities Recognize information disclosure and weak permissions issues Identify where attackers can directly manipulate memory Test with alternate data representations to uncover canonicalization issues Expose COM and ActiveX repurposing attacks PLUS-Get code samples and debugging tools on the Web

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/073562187X/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

19

Online Resource

Linux annoyances for geeks (2006)

Jang, Michael H [VerfasserIn]

Sebastopol, Calif. : O'Reilly | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 0596008015

Language: English

Pages: 502 p , ill.

Keywords: Linux ; Operating systems (Computers) ; Computer security ; Software maintenance ; Electronic books ; local

Abstract: GNU/Linux is an immensely popular operating system that is both extremely stable and reliable. But it can also induce minor headaches at the most inopportune times, if you're not fully up to speed with its capabilities. A unique approach to running and administering Linux systems, Linux Annoyances for Geeks addresses the many poorly documented and under-appreciated topics that make the difference between a system you struggle with and a system you really enjoy. This book is for power users and system administrators who want to clear away barriers to using Linux for themselves and for less-trained users in their organizations. This book meticulously tells you how to get a stubborn wireless card to work under Linux, and reveals little-known sources for wireless driversand information. It tells you how to add extra security to your systems, such as boot passwords, and how to use tools such as rescue disks to overcome overly zealous security measures in a pinch. In everyarea of desktop and server use, the book is chock full of advice based on hard-earned experience. Author Michael Jang has spent many hours trying out software in a wide range of environments and carefully documenting solutions for the most popular Linux distributions. (The book focuses on Red Hat/Fedora, SUSE, and Debian.) Many of the topics presented here are previously undocumented or are discussed only in obscure email archives. One of the valuable features of this book for system administrators and Linux proponents in general is the organization of step-by-step procedures that they can customize for naive end-users at their sites. Jang has taken into account not only the needs of a sophisticated readership, but the needs of other people those readers may serve. Sometimes, a small thing for a user (such as being able to play a CD) or for an administrator (such as updating an organizations' systems from a central server) can make or break the adoption of Linux. This book helps you overcome the most common annoyances in deploying Linux, and trains you in the techniques that will help you overcome other problems you find along the way. In keeping with the spirit of the Annoyances series, the book adopts a sympathetic tone that will quickly win you over. Rather than blaming you for possessing limited Linux savvy, Linux Annoyances for Geeks takes you along for a fun-filled ride as you master the system together.

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/0596008015/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

20

Online Resource

Advanced host intrusion prevention with CSA (2006)

Sullivan, Chad [VerfasserIn] ; Asher, J. A [MitwirkendeR] ; Mauvais, Paul [MitwirkendeR]

Indianapolis, Ind. : Cisco | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 1587052520

Language: English

Pages: 336 p , ill.

Keywords: Cisco Security Agent (Computer file) ; Computer security ; Electronic books ; local

Abstract: Protecting systems within an enterprise has proven as important to overall security as securing the enterprise perimeter. Over the past few years, the number of vulnerabilities stemming from weaknesses in applications and operating systems has grown dramatically. In direct correlation with the number of weaknesses discovered, the number of viruses, worms, and security attacks has also exploded across the Internet. To add to the typical virus issues that businesses have had to confront, there are also malicious programs infiltrating organizations today in the form of spyware and adware. Prevent day-zero attacks Enforce acceptable-use policies Develop host-IPS project implementation plans Evaluate management hierarchy installation options, including single-server, multiserver, and built-in database usage Learn about CSA agents and manual and scripted installation options Understand policy components and custom policy creation Use and filter information from CSA event logs Troubleshoot CSA deployments with agent and management server logs and built-in troubleshooting tools Protecting systems where the private data and intellectual property resides is no longer considered a function of perimeter defense systems but has instead become the domain of endpoint protection software, such as host Intrusion Prevention Systems (IPS). Cisco® Security Agent (CSA) is the Cisco Systems® host-IPS solution. CSA provides the security controls that corporations need to deal with threats to host and desktop computing resources. Advanced Host Intrusion Prevention with CSA is a practical guide to getting the most out of CSA deployments. Through methodical explanation of advanced CSA features and concepts, this book helps ease the fears of security administrators seeking to install and configure a host IPS. This book explains in detail such topics as installation of the management servers, installation of the agents for mass deployment, granular agent policy creation, advanced policy creation, real-world troubleshooting techniques, and best practices in implementation methodology. This guide also provides a practical installation framework taken from the actual installation and support experience of the authors. This book helps you implement host IPS appropriately, giving your organization better protection from the various threats that are impacting your business while at the same time enabling you to comply with various legal requirements put forth in such legislati...

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/1587052520/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

21

Online Resource

Absolute beginner's guide to security, spam, spyware and viruses (2005)

Walker, Andy [VerfasserIn]

Indianapolis, Ind. : Que | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 0789734591

Language: English

Pages: 384 p

Keywords: Computer security ; Spam (Electronic mail) ; Spyware (Computer software) ; Computer viruses ; Electronic books ; local

Abstract: Batten down the hatches! Hackers, spammers and thieves (oh my!) are after you! The mere act of turning on an Internet-connected computer can put you, your family, and your personal finances at risk by exposing you to viruses, scam artists, hackers, identity thieves, and spammers. How do you fight back? Absolute Beginner's Guide to Security, Spam, Spyware and Viruses is your first line of defense. Clear, easy-to-understand definitions of viruses, spyware, and hackers will help you understand what you're up against everytime you go online. Then, you'll learn about other threats, such as identity theft, phishing, and other potential dangers you'll face in your everyday computing. Find out how to search out and destroy spyware, malware and other viscious programs that could potentially harm your computer. Then find out how to lock out hackers, spammers, and theives for good. We'll tell you how to immediately cut the risk of being attacked in half - in less than 10 minutes! Protect your bank accounts, digital photos, digital music collection, masters thesis, and everything you hold near and dear on your computer with the help of the Absolute Beginner's Guide to Security, Spam, Spyware and Viruses .

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/0789734591/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

22

Online Resource

Microsoft windows security resource kit (2005)

Smith, Ben [VerfasserIn] 1975- ; Komar, Brian [MitwirkendeR]

Redmond, Wash. : Microsoft Press | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 0735621748 , 9780735621749

Language: English

Edition: 2nd ed.

Keywords: Microsoft Windows (Computer file) ; Computer security ; Computer networks ; Security measures ; Electronic books ; local

Abstract: Fully updated and revised, this official MICROSOFT RESOURCE KIT delivers the in-depth information and tools you need to plan and implement a comprehensive security-management strategy for Windows-based clients, servers, and networks.

Note: Includes bibliographical references and index

URL: https://learning.oreilly.com/library/view/-/9780735621749/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.

23

Online Resource

Internet forensics (2005)

Jones, Robert [VerfasserIn]

[Erscheinungsort nicht ermittelbar] : O'Reilly | Boston, Mass. :Safari Books Online

add to mindlist on the mindlist

Details

ISBN: 059610006X

Language: English

Pages: 238 p

Keywords: Computer crimes ; Investigation ; Computer security ; Electronic books ; local

Abstract: Because it's so large and unregulated, the Internet is a fertile breeding ground for all kinds of scams and schemes. Usually it's your credit card number they're after, and they won't stop there. Not just mere annoyances, these scams are real crimes, with real victims. Now, thanks to Internet Forensics from O'Reilly, there's something you can do about it. This practical guide to defending against Internet fraud gives you the skills you need to uncover the origins of the spammers, con artists, and identity thieves that plague the Internet. Targeted primarily at the developer community, Internet Forensics shows you how to extract the information that lies hidden in every email message, web page, and web server on the Internet. It describes the lengths the bad guys will go to cover their tracks, and offers tricks that you can use to see through their disguises. You'll also gain an understanding for how the Internet functions, and how spammers use these protocols to their devious advantage. The book is organized around the core technologies of the Internet-email, web sites, servers, and browsers. Chapters describe how these are used and abused and show you how information hidden in each of them can be revealed. Short examples illustrate all the major techniques that are discussed. The ethical and legal issues that arise in the uncovering of Internet abuse are also addressed. Not surprisingly, the audience for Internet Forensics is boundless. For developers, it's a serious foray into the world of Internet security; for weekend surfers fed up with spam, it's an entertaining and fun guide that lets them play amateur detective from the safe confines of their home or office.

Note: Includes index

URL: https://learning.oreilly.com/library/view/-/059610006X/?ar

Permalink

Library	Location	Call Number	Volume/Issue/Year	Availability

Others were also interested in ...

Online Resource

MPI Ethno. Forsch.