CEG 429/629: Internet Security

Links to Security Papers, News, and Sites

Prabhaker Mateti

Some of these links are broken.  If you are really curious, find current links via web search or by visiting www archives.

  1. www.cs.wright.edu/~pmateti/InternetSecurity/... CEG429 ReadingList
  2. www.phrack.com  also www.phrack.org/  An electronic magazine that publishes excellent, in-depth technical articles on security exploits whose authors rarely reveal their true names. If we can put aside our prejudices regarding who and what hackers are, we will see that this site is a source of solid technical information that can be used by bad guys for malicious purposes, and the good guys to protect their own computer systems.
  3. www.usenix.org/event/woot11/  Yearly USENIX Workshop on Offensive Technologies.
  4. www.defcon.org/  "world's longest running and largest underground hacking conference."
  5. Cryptography Link Farm,  "Encryption and Security-related Resources",  www.cs.auckland. ac.nz/~pgut001/links.html A a major security resource link farm (currently around 410K) of security and encryption products, companies, papers, conferences, e-commerce and digital cash, security and intelligence agencies, smart cards, digital certificates and CA's, standards and publications, security problems and holes, and anything else vaguely related to encryption and security.
  6. packetstormsecurity.org/ "Full disclosure of security issues is the only effective way to both push the development of secure software and to ensure that issues are rapidly identified and resolved. To that end, Packet Storm is firmly committed to archiving and providing the most complete set of security tools and papers available to the technical community at large, irrespective of commercial, political, or any other bias."  Also is a source code archive of tools and exploits.
  7. www.securityfocus.com Slogan: "The leading provider of Security Intelligence Service for Business"  Hosts BUGTRAQ.  The site has a comprehensive collection of security tools.  It also highlights current incidents in internet security.  This is a white-hat site.
  8. www.cert.org "CERT" does not stand for anything now. Used to stand for Computer Emergency Response Team.  The CERT/CC is a major reporting center for Internet security problems.
  9. www.attrition.org/mirror/ collects the images of defaced web sites, such as CIA.  Recently (2002), stopped this activity.
  10. www.infowar.com takes a broader view of security and has articles about how countries can get affected.
  11. netsecurity.about.com/  Guide to Internet/Network Security.
  12. CERIAS at Purdue University(Center for Education and Research in Information Assurance and Security) is one of the first National Centers of Academic Excellence in Information Assurance by the Department of Defense.
  13. The SANS (System Administration, Networking, and Security) Institute is a research and education organization.  http://www.sans.org/
  14. Fred Cohen and Associates, "50 Ways Series", http://all.net/journal/50/top.html  Fred Cohen is an early researcher in the security field.  The all.net site is an excellent source of information.
  15. www.infosyssec.org A comprehensive computer and network security portal with many tutorials.
  16. security bloggers network .com/security-blogger-awards/
  17. Rootshell  Used to be good, but has not been updated for a few months.
  18. antionline.com  There is nothing here that is anti to online -- just a name.  www.antioffline.com Rival.
  19. Hackers.com "One of the prettiest hacker sites in existence. You will also find plenty of useful content if you dig through it."
Awareness

Windows NT Security Exploits This page will attempt to list all known NT Exploits used in hacking NT security, and application security related to an NT system.

alt.hackers A newsgroup where hackers discuss what they do best. Here hackers gather to share information about hacking and cracking.

Noted and Notorious Hacker Feats  Byte magazine article of  September 1995 / 20th Anniversary. Hackerdom is divided into two parts: technologically adept and clever people, who could write a computer game in a night, and, sadly, irresponsible slime balls, who hijack computer and phone systems for the heck of it. This is a look at some of the amazing stunts that have been pulled by both hackers and crackers.

Hacker Defense Foundation is a Not-for-Profit foundation dedicated and committed to the advancement of the hacking community, through education, of the social, political, and legal implications of the uses of technology, and seeks to enlighten the public and law enforcement about hacking community, through education, that hackers are not the lawless goons that law enforcement, the news media, and Hollywood would try to portray them as.  The Hacker's Defense Foundation does not condone, support, or defend criminal acts.

Computer Break-Ins: A Case Study
Computer break-ins are getting more common every day. Log files and even program binaries are changed, making it very hard for the system administrators to assess the damage and track down the intruders. This paper describes the modus operandi of hackers based on multiple hacking attempts that occurred during this year at some department computers. Special attention is paid to the methods they use to break into computer systems and what they do once they are in.

2600: The Hacker Quarterly Home of the hacking magazine.  2600 is one of the oldest hacking groups.

The Happy Hacker Home Page
Written in non-technical language, this web site is dedicated to education about security issues and harmless hacking without breaking laws.

The Social Organization of The Computer Underground
This paper examines the social organization of the "computer underground" (CU). The CU is composed of actors in three roles, "computer hackers," "phone phreaks," and "software pirates." These roles have frequently been ignored or confused in media and other accounts of CU activity. By utilizing a data set culled from CU channels of communication this paper provides an ethnographic account of computer underground organization.

People

The United States Vs. Craig Neidorf
Craig Neidorf was a college student accused of fraud and interstate transportation of stolen property as a result of a document published in his electronic newsletter, Phrack. The case ended after four days of trial when the government dropped its charges. The charges against Neidorf came as part of a two-year investigation into illegal activity, during which the government seized over 40 systems and 23,000 disks.

The Official Kevin Mitnick Site
This web page is dedicated to the most famous computer hacker of all time, Kevin Mitnick, who was imprisoned without trial. This page is dedicated to freeing Kevin Mitnick.

Firewalls

Building a Linux firewall
Learn about the three types of firewalls, application proxy gateway, circuit level relay, and packet filter.

S.u.S.E. Firewall Mini HOWTO
How to compile the kernel for firewall support for the S.u.S.E. version of Linux. Should work for other versions as well.

Firewalling and Proxy Server HOWTO
This is another HOWTO on firewalling that includes proxy server documentation also.

Firewalls Mailing List  There is a wealth of information on firewalls from the Linux community.

IP Masquerading Web Site  IP masquerading is an essential part of firewalling and allows you to share an Internet connection as well. All of the information you'll ever need on IP masquerading.

Linux Bridge+Firewall Mini-HOWTO version 1.1.3
Using a bridge instead of a hub, with firewall support.

Linux firewall facilities for kernel-level packet screening
A paper explaining Linux firewalls and IP masquerading.

Linux Firewall Package
A short basic article on Linux firewalls.

One Host "Karate" Firewall Howto
Instructions on how to recompile your kernel for simple firewall support.

Tools for Users

The Anonymizer
Many people surf the web under the illusion that their actions are private and anonymous. Unfortunately, it isn't so. Every time you visit a site, you leave a calling card that reveals where you're coming from, what kind of computer you have, and other details. Most sites keep logs of all your visits. In many cases, this logging may constitute a violation of your privacy.

PGP

 

Linux Security Issues

 

Debian Security Information
A good list of security issues maintained by Debian.

Linux Security Alerts
A list in HTML format of Linux security alerts. Maintained by RedHat.

Linux Secuirty Archive
A mailing list archive in HTML format maintained by Sonic.Net.

Linux Security Home Page
The so called "official" Linux security page.

Linux Security HOW-TO Page
A comprehensive HOW-TO on Linux security and specific examples of how to better secure your Linux system.

Linux Security Wishlist
Security features that are not in Linux, but we wish that they were.

RedHat Linux Security Mailing List Archives
A Linux security mailing list maintained by RedHat that goes back to 1995. It is searchable.

RedHat Linux Secuiryt Alert Mailing List Archive
Security alerts mailing list also maintained by RedHat. Back to 1995.

Vulnerability Engine
The place to go for kernel and security patches for Linux, AIX, FreeBSD, Solaris and many more OS's.

 

  Books/Articles
pmateti@wright.edu