Saturday, May 10, 2003

Top 75 Network Security Tools
In May of 2003, I conducted a survey of Nmap users from the nmap-hackers mailing list to determine their favorite security tools. Each respondent could list up to 8. This was a followup to the highly successful June 2000 Top 50 list. An astounding 1854 people responded in '03, and their recommendations were so impressive that I have expanded the list to 75 tools! Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also plan to point newbies to this page whenever they write me saying "I do not know where to start".

Wednesday, May 07, 2003

Wellenreiter v1.8 - scanning for dummies
Perl Wellenreiter-1.8 has been released right now. Get it at our downloadsection. Wellenreiter is the first and only Linux Wireless scanner that does not need configurations by the user. It detects its environment automaticly. As long as the needed modules and drivers are present, Wellenreiter find its settings. As i said in the topic,scanning for dummies.
Practical examples for establishing Web service security in .NET
Instead of abstract theories, here are some examples to provide an easy and quick way to accomplish a rather complex task
Because security is one of the most fundamental aspects in the development and deployment of a Web service, there are a myriad of articles, documentation, and samples of how to make it secure. Yet the majority of this information is conveyed as abstract theory, as opposed to practical, real-world implementation.
Here, I'll share some practical examples on Web service security in .NET, not just abstract theories. These examples provide an easy and fast way to accomplish a rather complex task.
Let's explore programmatic Web service security using Visual Studio .NET to implement a custom, stateful SOAP Header to authenticate a consumer before allowing a method to execute. I will also show you how to remove public access to your Web service, how to prevent anonymous users from obtaining your WSDL file, and how to implement your Web service in an unauthorised manner. I will then explain how you can wrap your entire Web service implementation in a highly secure, encrypted format.

Tuesday, May 06, 2003

MUSC Computer Use Policy
The University recognizes its legal and social obligations to respect the privacy of the authorized users of its computing and network resources. However, users must recognize that the confidentiality of their electronic communications cannot be guaranteed by the University. Moreover, the University reserves the right to audit or monitor any uses of its computing and network resources when necessary to ensure compliance with University policy, and with federal, state and local law.
The University network provides its authorized users with access to many classes of privileged information. Users must maintain the confidentiality and integrity of the information they access, and must not use privileged information for any purpose not explicitly authorized.
The University's computing and network resources exist to support the University's missions of teaching, research, patient care and public service. Incidental personal use of these resources by authorized users is permitted only to the extent that such use is lawful and ethical, does not conflict with the University's missions, does not interfere with other authorized users, and does not cause additional expense to the University.
Scapy
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery, packet sniffer, etc. It can for the moment replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f
Projects of Syn Ack Labs
stegtunnel hides data in the IPID and initial sequence numbers of TCP connections.
lsrtunnel will spoof connections to a host that reverses source routed packets as an arbitrary IP address.
lsrscan is a tool to determine what remote hosts do with loose source routed IP datagrams.
crypt-ml attempts to extend OpenPGP encryption to mailing lists.
is a Linux-based stealthy LKM detector, useful for honeypots and the like.
Crypto crackers
Links to several crypto crackers.