Improving the Security of Your Site by Breaking Into it
In this paper we will take an unusual approach to system security.
Instead of merely saying that something is a problem, we will look
through the eyes of a potential intruder, and show _why_ it is one. We
will illustrate that even seemingly harmless network services can become
valuable tools in the search for weak points of a system, even when
these services are operating exactly as they are intended to.
Thursday, March 22, 2001
Tuesday, March 20, 2001
GnuPG (The GNU Privacy Guard)
GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.
GnuPG is a complete and free replacement for PGP. Because it does not use the patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application.
Spammimic
There is tons of spam flying around the Internet. Most people can't delete it fast enough. It's virtually invisible. This site gives you access to a program that will encrypt a short message into spam. Basically, the sentences it outputs vary depending on the message you are encoding. Real spam is so stupidly written it's sometimes hard to tell the machine written spam from the genuine article.
There is tons of spam flying around the Internet. Most people can't delete it fast enough. It's virtually invisible. This site gives you access to a program that will encrypt a short message into spam. Basically, the sentences it outputs vary depending on the message you are encoding. Real spam is so stupidly written it's sometimes hard to tell the machine written spam from the genuine article.
Tripwire
Tripwire is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc. The hard part is doing it the right way, balancing security, maintanence, and functionality.
Tripwire is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc. The hard part is doing it the right way, balancing security, maintanence, and functionality.
ShareSniffer, Inc.
Welcome to ShareSniffer.com, home of the wildly popular software program ShareSniffer. Right now—this instant—there are tens of thousands of computers worldwide that are sharing files deliberately with the Internet—requiring no password and no special software other than the Microsoft Windows™ operating system. In testing ShareSniffer, we have discovered files of all types available for copying, viewing or even execution.
Welcome to ShareSniffer.com, home of the wildly popular software program ShareSniffer. Right now—this instant—there are tens of thousands of computers worldwide that are sharing files deliberately with the Internet—requiring no password and no special software other than the Microsoft Windows™ operating system. In testing ShareSniffer, we have discovered files of all types available for copying, viewing or even execution.
SilentRunner
SilentRunner is a passive, multi-functional software tool that monitors network activity in real time, producing a virtual picture of network usage and vulnerabilities.
SilentRunner is a passive, multi-functional software tool that monitors network activity in real time, producing a virtual picture of network usage and vulnerabilities.
Cybercrime
Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Department of Justice.
Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Department of Justice.
International Forum on Surveillance by Design
A one day public meeting on the development of global surveillance strategies for law enforcement and national security.
A one day public meeting on the development of global surveillance strategies for law enforcement and national security.
Intelligence Programs and Systems - Alphabetical Listing
This resource is a comprehensive alphabetical listing of intelligence programs, including both those for which detailed descriptions are available, as well as those for which profiles are not yet available. It is an extremely mixed bag that includes major hardware programs for which extensive profiles are available, medium-sized software implementations which are briefly described, as well as a whole bunch of other cats and dogs which are not and may never be profiled, but whose existence is known and which are included for the sake of completeness and potential future inclusion. In 1993, the Secretary of Defense directed all functional areas to select standard information systems and applications, and eliminate legacy systems. To date, the Department has identified 1,849 information systems, of which functional communities have selected 247 as migration systems. DoD will eliminate at least 1,079 of these legacy systems by the year 2000.
This resource is a comprehensive alphabetical listing of intelligence programs, including both those for which detailed descriptions are available, as well as those for which profiles are not yet available. It is an extremely mixed bag that includes major hardware programs for which extensive profiles are available, medium-sized software implementations which are briefly described, as well as a whole bunch of other cats and dogs which are not and may never be profiled, but whose existence is known and which are included for the sake of completeness and potential future inclusion. In 1993, the Secretary of Defense directed all functional areas to select standard information systems and applications, and eliminate legacy systems. To date, the Department has identified 1,849 information systems, of which functional communities have selected 247 as migration systems. DoD will eliminate at least 1,079 of these legacy systems by the year 2000.
Inside the NSA
It was simpler during the Cold War when the National Security Agency had one major target -- the Soviet Union. Now there are many new targets and problems.
It was simpler during the Cold War when the National Security Agency had one major target -- the Soviet Union. Now there are many new targets and problems.
MIL-HDBK-1195 Radio Frequency Shielded Enclosures
Electromagnetic Interference (EMI) is a description of the phenomenon which results from allowing conducted and radiated electrical signals to reach destinations where their presence is undesirable. Uncontrolled EMI may cause computer malfunction or error, detonation of electrically explosive devices, or be the cause for loss of classified information to an enemy. The objective of this handbook is to provide a basic understanding of the problems associated with the acquisition of a facility containing one or more EMI shielded enclosures. It is intended that only the characteristics of the facility that are unusual in comparison to a nonshielded facility will be addressed. This handbook is a brief introduction to EMI shielding theory, and presents basic criteria of importance during the planning, design, and construction of a typical facility containing an EMI shielded enclosure.
Electromagnetic Interference (EMI) is a description of the phenomenon which results from allowing conducted and radiated electrical signals to reach destinations where their presence is undesirable. Uncontrolled EMI may cause computer malfunction or error, detonation of electrically explosive devices, or be the cause for loss of classified information to an enemy. The objective of this handbook is to provide a basic understanding of the problems associated with the acquisition of a facility containing one or more EMI shielded enclosures. It is intended that only the characteristics of the facility that are unusual in comparison to a nonshielded facility will be addressed. This handbook is a brief introduction to EMI shielding theory, and presents basic criteria of importance during the planning, design, and construction of a typical facility containing an EMI shielded enclosure.
Computer Forensics
The Autopsy Forensic Browser is an HTML based front-end interface to TCT (The Coroners Toolkit ) and TCTUTILs. It allows an investigator to browse forensic images (an image generated from using dd(1)) from a file, inode, or block level abstraction. It also provides a convenient interface for searching for key words on an image.
The Autopsy Forensic Browser is an HTML based front-end interface to TCT (The Coroners Toolkit ) and TCTUTILs. It allows an investigator to browse forensic images (an image generated from using dd(1)) from a file, inode, or block level abstraction. It also provides a convenient interface for searching for key words on an image.
The President John F. Kennedy Assassination Records Collection
In 1992, the National Archives and Records Administration established the John F. Kennedy Assassination Records Collection pursuant to Public Law 102-526. The Collection contains more than 4 1/2 million pages of assassination-related records, photographs, motion pictures, sound recordings and artifacts.
In 1992, the National Archives and Records Administration established the John F. Kennedy Assassination Records Collection pursuant to Public Law 102-526. The Collection contains more than 4 1/2 million pages of assassination-related records, photographs, motion pictures, sound recordings and artifacts.
Subscribe to:
Posts (Atom)