Basic Steps in Forensic Analysis of Unix Systems
One especially important element to crime solving is the effective use of science and technology. Science and technology applied to the solution of criminal acts, or forensic science, solves crimes by assisting police investigators to identify suspects and victims, clearing innocent persons of suspicion and ultimately bringing the wrongdoer to justice.

Common Criteria Mutual Recognition Arrangement
The Arrangement on the Mutual Recognition of Common Criteria Certificates in the field of Information Technology Security is now available to view.

Cisco presentations

• Introduction and Motivation by Tames van der Does


• Threat analysis by Michael Behringer


• Step 1: Securing Network Elements by Luc Billot


• Step 2: Securing Routing and Switching by Tames van der Does


• Step 3: Prevention of Address Spoofing by Michael Behringer


• Value-add Security Services by Tames van der Does


• Tracing Attacks by Michael Behringer


• Creating Emergency Response Teams and co-operation with other teams by Tames van der Does


• MPLS security by Michael Behringer

Security-Enhanced Linux Version II
The second public release of the LSM-based SELinux prototype was made. This release contains many bug fixes and improvements to both LSM and SELinux and is based on the lsm-2001_09_23 patch against kernel 2.4.10.

µPKI
A Public Key Infrastructure (PKI) is the set of technologies and policies that provide scalable infrastructure for securing internet interactions through the use of public key cryptography. PKI is used in many applications such as IPsec VPN, Code signing, SSL, and secure mail.
µPKI is a C toolkit optimized for embedded devices. It minimizes memory, code and stack usage yet provides a very comprehensive feature set, allowing it to scale up and down to a wide range of devices.

Microsoft Personal Security Advisor
Microsoft Personal Security Advisor (MPSA) is an easy to use web application that will help you secure your Windows NT™ 4.0 or Windows 2000™ personal computer system. Simply press the Scan Now button to receive a detailed report of your computer's security settings and recommendations for improvement.
MPSA will scan your system and build a customized report on items such as: missing security patches, weak passwords, Internet Explorer and Outlook Express security settings, and Office macro protection settings. More details on the specific tests performed by MPSA are available by clicking on the "Features" menu option above.

For each weakness identified on your computer, MPSA provides easy to understand information on the security issue at hand, how to fix it, and links to additional information about the issue. Once you correct a reported deficiency, you can run the scan again and see the results of the change. Running MPSA on a regular basis will help ensure that your system stays up to date and secure.

What are Islamic fundamentalists doing in porn sites? The CIA tells you...
NOW WE know how jehadis get their kicks. CIA chief George Tenet let it out of the brown paper bag during a session with US Senators. Osama bin Laden and other Islamicists, it seems, use cyberporn to send messages secure from Western intelligence's peeping Toms.

FBI operation penetrates hacker underground
The FBI has gained a foothold in the hacker underground thanks to an 18-month undercover operation launched during the height of the U.S. military's 1999 bombing campaign in Kosovo.

SAFER - Security Alert For Enterprise Resources
SAFER has been published by eGlobal Technology's security team since June 1998. Its purpose is to provide a service to the security community by summarizing and commenting on all new security vulnerabilities and tools, on a monthly basis.
If you are responsible for the security of any system, then we hope that you will subscribe and find it useful.

Qtfw
Qtfw is a Qt GUI frontend for FreeBSD's ipfw utility. It helps configure the firewall in FreeBSD with a nice and comprehensive user interface. User can edit rules in the current list, save rules for future use, configure kernel sysctl variables, and finally, create shell script from qtfw rules.

Global Network Security Services
GNSS is an Internet and network security company established by pioneers of data transfer and secure communications.
GNSS provides data and network protection for businesses connected to the internet, networks, and businesses that transmit and store digitally formatted information and proprietary assets.

CounterPunch
CounterPunch is the bi-weekly muckraking newsletter edited by Alexander Cockburn and Jeffrey St. Clair. Twice a month we bring our readers the stories that the corporate press never prints. We aren't side-line journalists here at CounterPunch. Ours is muckraking with a radical attitude and nothing makes us happier than when CounterPunch readers write in to say how useful they've found our newsletter in their battles against the war machine, big business and the rapers of nature.

Did the CIA Push An Aussie Officer Over the Edge?
From the Bloodbaths In East Timor to a Suicide in Arlington.

Internet Fraud Complaint Center
The Internet Fraud Complaint Center (IFCC) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
IFCC's mission is to address fraud committed over the Internet. For victims of Internet fraud, IFCC provides a convenient and easy-to-use reporting mechanism that alerts authorities of a suspected criminal or civil violation. For law enforcement and regulatory agencies at all levels, IFCC offers a central repository for complaints related to Internet fraud, works to quantify fraud patterns, and provides timely statistical data of current fraud trends.

Encryption Information
The intention of this page is to introduce the reader to the processes of encryption techniques. It will first begin with a definition of what exactly encryption is, followed by a description of the origins of encryption. Then I will discuss a few of the different types of encryption systems and definitions.

This chapter is not going to be a mathematical description of encryption. It has been written with the non-mathematical person in mind. If you wish to know more about encryption systems there are many good books that have been written on every type of encryption system. This chapter will just give a brief overview of the types of encryption systems and how they work.

Typhon
Typhon, an updated version of Cerberus Internet Scanner, is a vulnerability assessment tool. It will scan a given host for known security holes and vulnerabilities. It does this by looking at the services offered by a host and each of these are examined for holes. For example, Typhon will check for over 180 known vulnerabilities in the web service or daemon offered by a server. Once a scan has been completed a report in HTML is produced detailing what security holes were found, the impact of those holes and how to fix them. Once these holes have been removed then the host will be more secure against attacks. As new vulnerabilities are discovered almost on a daily basis it is necessary to ensure that the Typhon is kept upto date and hosts are scanned on a regular basis.

Linux Administrators Security Guide
New version!

PGP Security - PGPsdk 2.1.1. Source Code for Peer Review
Download the PGP SKD source code for Mac, Unix or Windows.

NSA upgrades
The National Security Agency is beginning a 15-year, multibillion-dollar effort to modernize the nation's cryptographic systems, which are rapidly growing obsolete and vulnerable.

National Infrastructure Protection Center (NIPC)
The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity. The NIPC provides timely warnings of international threats, comprehensive analysis and law enforcement investigation and response.

Secrets of the Spies
Discover spy secrets from Mata Hari through the Cold War and meet the biggest double agents.

Secrets Of The NSA
To find out more about America's most secretive agency, Correspondent David Martin interviewed the NSA's Robert Bogart and Vernon Shiflett. Bogart teaches code breaking and Shiflett runs the recycling facility. Here are some nuggets from his conversations with them.

National Security Nightmare
The National Security Agency is the largest spy agency in the United States, and perhaps the world. Twice as big as the CIA, the NSA eavesdrops on communications worldwide.

News cameras have never been allowed inside the ultra-secret agency - until now.

Kerberos: The Network Authentication Protocol
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.

Bugnosis
Detect Web bugs. A Web bug is a graphic on a Web page or in an e-mail message designed to monitor who is reading the page or message. Web bugs are often invisible because they are typically only 1-by-1 pixels in size. In many cases, Web bugs are placed on Web pages by third parties interested in collecting data about visitors to those pages.

The Intelligence Network
IntellNet is dedicated to providing individuals and groups aggregated news and documents from around the world in an easy-to-access and understand format.
Our software and human experts traverse a network of more than five hundred Web sites to deliver the latest news, documents, photographs, videos and other content. We also provide original content based on reports received from our sources on the ground.

Science, Technology and the CIA
Mention of the Central Intelligence Agency generally elicits visions of espionage and covert action operations. It may also produce images of the multitude of finished intelligence products the agency turns out – from the tightly controlled President’s Daily Brief, available only to the president and a select circle of advisers, to a number of less restricted intelligence assessments. The CIA’s role in the application of science and technology to the art of intelligence is far less appreciated.

Windows XP activation technology revealed
A German copy-protection company has published details of Microsoft's technology for preventing casual copying of Windows XP but concluded the technology allows for reasonable upgrades and doesn't threaten customers' privacy.

OPSEC Professionals Society The OPSEC Professionals Society was established in March 1990 to further the practice of Operations Security as a profession and to foster the highest quality of professionalism and competence among its members. OPSEC is a process used to deny to potential adversaries information about capabilities and/or intentions by identifying, controlling and protecting evidence of the planning and executing of sensitive activities. This process is equally applicable to government, its contractors, and to private enterprise in the protection of their trade secrets and other proprietary information. While military strength and capability still are required during the next years of uncertainty, we must likewise protect our critical economic information and technologies from those who seek to exploit them to their benefit and to our disadvantage.
The Society provides a network through which all members can exchange views and information on such topics as methodology and procedures for planning, conducting and managing OPSEC programs and related activities. Its training sessions and publications emphasize practical and common sense approaches to solving OPSEC problems.

U.S. Navy caught hacking into British marine charity Web site
The U.S. Navy has been caught attempting to break in to secure areas of a World Wide Web site sponsored by a U.K. marine-mammal preservation charity, according to officials at the organization.

SpyLOG Has Sights Set on World
Russian Internet rating agency SpyLOG has crossed the border and is gearing up to market itself in other European countries, including the Czech Republic, Germany and Britain.
But visitors would never guess the agency's origins by glancing at its English-language site, www.mytrix.com. Its Russian roots are nowhere to be found — which is how SpyLOG wants it.
"We conducted polls and concluded that a statistical service that uses the word 'spy' in its name — and which has Russian roots on top of that — would surely provoke fears in people," SpyLOG head Andrei Andreyev, 26, said in an e-mail interview.

Microsoft withdraws Windows XP security claim
A promotional Web site for Microsoft's soon-to-be-released Windows XP operating system said it would offer the same protection from viruses and hackers that major corporations use, but the company has since rescinded those assurances.

...:::[Root-Core Network]:::...
Root-Core was formaly know as Neblonica and was founded in 1998. In 1999 the named changed to Root-Core. We mainly focus on information sharing not causing havoc. We do not spend all day searching for boxes to root. We are a open group, we almost always accept members.

Computer Key Stroke Logger
The KEYKatcher Monitors computer use in the home or the office and insures computer usage policy compliance. The KEYKatcher is a tiny recording device that clips onto your keyboard cable. It's used to log keystrokes typed on the computer. It doesn't require any external power source and it installs in less than 10 seconds. The KEYKatcher records all keystrokes, and stores them in a non-volatile memory. Even if the device is unplugged, or your computer is turned off, the KEYKatcher will continue to store the information.

[lf] Cyber Citizen lands Felony Charges?
Brian K. West, who did nothing more than try to get a local copy of an html document to pre-test how an ad would look on a webpage, using Microsoft FrontPage, may well have his reputation ruined and his finances destroyed as a result of his actions. He did not deface the site. He did not damage anything. He accidentally found a security hole, tested it to make sure it was real, and then called the owner of the site to inform him of the problem. In short, West faces a felony conviction for telling the Poteau Daily News that he discovered a serious misconfiguration in their server.

Weekend: Encryption effort
There have been many articles recently extolling the virtues of encrypting your communications via the internet. But there is another side to this debate. Russell Kay, senior reviews editor of Computerworld in the US, gives us his view.

Components of the Nigerian Letter Scam

The Nigerian Letter Scam and its infinite variations has been around since the late 70's and is probably known by every fraud officer in the world. This scam has now moved from being committed through snail mail to being committed via e-mail but its essential components are remain the same. The only difference is that the perpetrators have become more sophisticated in their letter writing.

In its simplest form, the scam involves an innocent recipient who receives a letter from an individual posing as a Government Official or an officer of a Nigerian state business who claims to have stolen millions of dollars and needs to get the money out of the country. The person cannot use his own bank account and therefore asks to send money to your bank account after which he would give you 10-35% of the money in exchange for this service. Once the fraudster has your account number he then empties your account.

ImageSat International
This is the Web page for the Israeli EROS A spysat. (The one launched by Russia that the Taiwanese are using to spy on the PRC.)

Censorship in action: why I don't publish my HDCP results
I have written a paper detailing security weaknesses in the HDCP content protection system. I have decided to censor myself and not publish this paper for fear of prosecution and/or liability under the US DMCA law.

Net activists launch campaign to jam 'Echelon'
Internet privacy activists and "hacktivists" have announced a day-long cyber-protest intended to jam a computer surveillance network whose existence isn't acknowledged by the governments said to run it.

Highlights The Report of the Independent Panel on the CIA In-Q-Tel Venture.

Satellite Vulnerability: a post-Cold War issue?
The widely discussed use of US reconnaissance satellites during the Gulf War will strongly motivate future regional adversaries to seek ways of countering US space-based assets. The presumption that reconnaissance satellites can operate covertly is obsolete. Tracking US reconnaissance satellites can provide valuable support to a hostile country's concealment and deception programs. Iraq's ability to conceal both major weapons programs and many SCUD launchers is a warning of the serious consequences such programs can have. Space surveillance systems of the type likely to be acquired by Third World countries are inconspicuous and may well go undetected, while direct ascent ASAT rockets are within the reach of many countries. This article argues that fundamental reexamination of the functions and architecture of US overhead reconnaissance is needed, and should be done outside the traditional Cold War bureaucratic structures.

Mike McCants' Satellite Tracking TLE ZIP Files
The "McCants" weekly file has approximately 1570 LEO satellite elements (including elements on classified satellites). This file is updated daily about 4:25PM Central Time. The "higher drag" and "visual" elements are updated daily. The other OIG elements are updated on Wednesday and Thursday afternoons. The classified objects are updated whenever I receive and process observations.

The NT Toolbox
This page contains links to files we are making available for download here. This may change around from time to time. Click on the appropriate link to begin downloading. Please do not send any email asking support for these. These programs are freely available on the Internet. We just thought we'd save you the trouble of scouring for the best utilities. ,

Foundstone
As part of our ongoing R&D efforts, the Foundstone team has created several unique utilities that have assumed an indispensable place in our security toolkit. Foundstone programmers wrote these utilities, and we use them in our own security assessments. Foundstone is providing the software free of charge to the public.

..:: CD Freaks ::.. [ The Power of United Burners ] - [ Main Page ]
How to bypass the anti-copy measurements on CD's.

My Code Red Advisory
A new worm appeared on the Internet and began propagating using Microsoft's increasingly infamous "Can O'Worms" IIS web servers.

Calling itself CodeRedII, this is a completely new worm, written from scratch and with a very different agenda and replication technology.

HackerHeaven
This is hackerheaven, a site for hackers, by hackers. With hacker, I mean the hacker mentioned in the Jargon file (no, not the one carving furniture :)

Dshield - Distributed Intrusion Detection System
DShield.org is an attempt to collect data about cracker activity from all over the internet. This data will be cataloged and summarized. It can be used to discover trends in activity and prepare better firewall rules.
Right now, the system is tailored to simple packet filters. As firewall systems that produce easy to parse packet filter logs are now available for most operating systems, this data can be submitted and used without much effort.
More complex patterns, such as are used by application level firewalls may be handled in the future.

Cops, Crimes and HAL2001
HAL2001 is an event similar to HIP97, where hackers come together, learn about lots of nifty new stuff and pick each others brains clean. Unfortunately, a lot of scriptkiddies that call themselves 'hackers' attend as well, and usually only because of the 1 Gbit uplink that will be present.
Rop Gonggrijp (from hacktic fame) wrote a short text about HAL2001, targeted at that dubious group of people. A fun read for real hackers (tm) and a wise lesson for neophytes. Read on for the text.

Hacker Grabs JDS Earnings Release Prior To Posting
Executives at the fiber-optics company, based here, said during the company's earnings call Thursday that a hacker gained access to a draft of its fourth-quarter financial release as it was being prepared for the company's Web site. JDS quickly halted trading of its stock because of the incident.
JDS had its earnings release ready to post on its Web site with the push of a button Thursday, and someone was able to guess the release's URL before it became public on the site, a company spokesman said Friday.

Save Your Site
For the fullest online security, companies need the broadest array of defenses. Many commercial sites maintain firewalls to control access and allow certain kinds of content (or people) in or out. Most encrypt sensitive data like credit card numbers in transit over the Internet. Yet web applications inside your firewall are essentially wide-open targets. Holes and vulnerabilities in commercial web software constantly crop up and need to be filled or plugged with upgrades or patches from vendors.
Businesses can't afford to wait passively for security glitches to be discovered and fixed manually. And continually fixing code written in-house by hand is an expensive, time-consuming and never-ending task. In fact, most sites add so much new code every day that they could never hope to keep up by patching or fixing holes manually. This makes a majority of sites essentially insecure.
Sanctum's AppShield™ can make your online business all but impenetrable to Web Perversion. And our AppScan™ software can show you where your applications are vulnerable, and recommend how to fix them.
Protecting the applications running at the heart of your online business by manually patching or upgrading is a strategy that will fail you, sooner or later.

SECUROM
SecuROM™ is a PC CD-ROM copy protection solution developed by Sony DADC. Together with its sister plants Sony DADC is the world market leader in CD replication services. Protect your profits with SecuROM™and see what a difference it makes.

The Spread of the Code-Red Worm (CRv2)
Around 10:00 UTC in the morning of July 19th, 2001 a random seed variant of the Code-Red worm (CRv2) began to infect hosts running unpatched versions of Microsoft's IIS webserver. The worm spreads by probing random IP addresses and infecting all hosts vulnerable to the IIS exploit. As noted by others, there are at least two variants of the worm: one that used a fixed, static seed for its random number generator, and another that used a random seed. [eeye] [stuart] In this paper, we examine the characteristics of the random seed variant of Code-Red (CRv2).

ITNet exposes job seekers' details online
A job applicant to IT services firm ITNet had more to worry about than company perks after sensitive details from his application form were left accessible online.

FAQ and Guide to Cracking

I am going to describe the methods and strategies used to access various UNIX hosts among the internet unauthorizedly. This guide will not teach you how to hack, neither do you have to be a hacker to use the techniques described here. Hacking means finding your own way to do it, and finding new approaches to accomplishing something. I am only going to supply you with one possible approach to cracking.

Commonly overlooked audit trails on intrusions
This is my attempt of compiling a 'top list' of audit trails that
are being left after intrusions where the intruders try to cover their
tracks but don't do a good job. To put it short, there are actually
a lot of audit trails on a normal UNIX system, which can almost all
be overcome, but with some effort, that most intruders evade.

Protecting against the unknown - improving information security for the future
This paper attempts to define the problem and answer the question:
What pure or applied technical measures can be taken to protect the Internet against future forms of attack?

Inside the E-Mails of a Spy
The following are representative samples of Robert P. Hanssen's thinking on various issues, from the breakdown in security at DOE facilities and Clinton-administration bungling to Israeli intelligence operations to Fidel Castro and the Elian Gonzalez case. All are taken from a collection of Hanssen's e-mails.

Inside the E-Mails of a Spy
The following are representative samples of Robert P. Hanssen's thinking on various issues, from the breakdown in security at DOE facilities and Clinton-administration bungling to Israeli intelligence operations to Fidel Castro and the Elian Gonzalez case. All are taken from a collection of Hanssen's e-mails.

STUDY MANUAL   COUNTER INTELLIGENCE  PROLOGUELN324
The purpose of this booklet is to present basic information on the mission and activities of Counter Intelligence. But, with the understanding that the primary mission is to support the commanders of the armed forces. This booklet is dedicated to the concepts of Counter Intelligence in relation with its functional areas, the application of these functions, and a specific dedication and instructions on how to apply these functions. The terms "special agent of Counter Intelligence" (SA) refers to all those persons who conduct and contribute to the handling and gathering of information of the
multi-disciplinary intelligence of the hostile services. This booklet is
primarily oriented at those persons involved in the control and execution of the operations of CI. In like manner, this booklet has a very significant value for other members of the armed forces that function in the areas and services of security and other departments of intelligence.

When Secrets Crash
When a passenger airliner crashes, investigators from the National Transportation Safety Board quickly arrive on the scene to try to determine what went wrong. Press conferences and press coverage follow. The NTSB Web site notes that media are briefed at least once a day by one of the board members accompanying the investigating team and that a public affairs officer maintains contact with the media. Viewers of the nightly news often see aerial images of the crash site. The flight and airplane involved will be precisely identified by the airline and NTSB. Eventually, the public can expect a detailed report on the conclusions.
Things can be very different when the crash involves a military aircraft--particularly if it is an airplane whose existence or mission the United States has not yet acknowledged or that carries particularly sensitive equipment. Over the years, a variety of secret intelligence and military aircraft have crashed, and the specifics of US government responses have varied--sometimes as the result of the different circumstances of the crashes, other times as the result of different rules for dealing with the press queries concerning classified programs. However, preserving secrecy has been a constant objective.

U.S. News: China: How big a threat? (7/23/01)
It was originally created by the U.S. Air Force and is now entrusted with some of the U.S. government's most sensitive and secretive national security studies. So executives at Rand, a think tank based in Santa Monica, Calif., were stunned when intelligence officials called on June 8 to say they were firing Rand from a classified project ordered by Congress to assess China's future military capabilities. The National Intelligence Council (NIC), a group that reports directly to CIA chief George Tenet, concluded that Rand was failing to do its job adequately and decided it needed to hire another contractor.

Fight over Euro-intelligence plans
The sudden closure of one of the world’s largest spy stations is a potential harbinger of confrontation between the U.S. and Germany.

The alt.2600 FAQ file on hacking, including loops
The purpose of this FAQ is to give you a general introduction to the topics covered in alt.2600 and #hack. No document will make you a hacker.

Internet Storm Watch Project
Today Internet Storm Center gathers more than 3,000,000 intrusion detection log entries every day. It is rapidly expanding in a quest to do a better job of finding new storms faster, isolating the sites that are used for attacks, and providing authoritative data on the types of attacks that are being mounted against computers in various industries and regions around the globe. Internet Storm Center is a free service to the Internet community. The work is supported by the SANS Institute from tuition paid by students attending SANS security education programs.

www.hack.co.za
Known exploits.

.:[packet storm]:.
An extremely large and current security tools resource which is for the community, by the community. Packetstorm is a non-profit organization kept alive for the sole purpose of helping secure the World's networks.

GaRe's Free Security Info
This site is dedicated to protecting internet users from Denial of Services (Dos) attacks for windows, explotes, by providing ways of protecting your system. These pages up to date with the most recient attacks, and explotes. If this page is missing a protection you know is avalible, has incorrect information, or missing information on some explote, please let me know.

A rogue's gallery of denial of service attacks
Tuesday, May 22, started out as just another day at CERT Coordination Center at Carnegie Mellon University in Pittsburgh. By day's end, CERT, widely regarded as the Fort Knox of computer security, would be knocked off the net by a distributed denial of service (DDoS) attack. In 2001, even the crème de la crème of network security is vulnerable. If it can happen to CERT, it can happen to you.

Secure Online Behavior: Developing Good Security Habits

The Internet has evolved to be a fundamental business innovation with a clearly demonstrated ability to positively affect organizations as well as individuals. Unfortunately, the Internet was not designed with security in mind - it is inherently insecure. Regardless of how many anti-virus programs, firewalls, and other security programs computer users may use, security continues to be a serious issue. And human error continues to be the weakest link in the security chain.

While human error can never be entirely eliminated, it can certainly be minimized. One of the best things that users can do to protect themselves and their information is to be aware of which behaviors may place them at risk, and to eliminate those behaviors. This article is the first in a series of three that will attempt to introduce readers to good security habits. This installment will offer a brief overview of some of the security threats that prey on bad user habits, and will introduce some fundamental secure habits that should be used for all computer applications. The ensuing articles will offer more in-depth examinations of the threats posed specifically by e-mail and Internet usage, and the habits that users can adopt to minimize the risks posed by these threats.

The Attacks on GRC.COM
Nothing more than the whim of a 13-year old hacker is required to knock any user, site, or server right off the Internet.

I believe you will be as fascinated and concerned as I am by the findings of my post-attack forensic analysis, and the results of my subsequent infiltration into the networks and technologies being used by some of the Internet's most active hackers.

Microsoft Does Not Understand Security
With a bit of horror, I learned that Microsoft's developers have no understanding of security.

Spy Suspect Hanssen to Plead Guilty
Trying to close the books on an espionage debacle that rocked the FBI, the government struck a deal with ex-agent Robert Hanssen that would spare his life in exchange for a full confession detailing secrets he sold the Russians, people familiar with the case said Tuesday.

Spy Agency Reveals Some, Not All
Hidden along Route 32, in a drab beige building that looks every bit the cheap motel it once was, is America's official museum of secrets.

Windows 2000 Security Recommendation Guides
NSA has developed and distributed configuration guidance for Microsoft Windows NT in the form of NT configuration guides. These guides are currently being used throughout the government and by numerous entities as a security baseline for their NT systems.
To assist our Windows 2000 user community, NSA has developed security configuration guidance for Windows 2000, with the cooperation of the other government agencies and industry partners who provided their expertise and extensive technical review. The configuration guides for Microsoft Windows 2000 are being posted on the NSA web site and are presented in three parts: ".inf" files, configuration guides, and supporting documents.

Echelon Spy System
The Croatian NSEI System is Based on the American Spy System ‘Echelon’.

The Nacional Central Electronic Reconnaissance system (NSEI) is the most powerful and most secretive part of Croatia’s intelligence system. In the last ten years, massive financial resources have been invested in this system. As a specially organized unit of the Office for National Security (UNS), this system is responsible for monitoring all connections with countries outside of Croatia’s borders, as well as for monitoring all connections within Croatia which have any association with terrorist acts, intelligence or with directed attempts to destroy the constitutional system.
The monitoring system automatically turns itself on and records any telephone conversations when key words are mentioned, such as explosive, bomb, package, president, minister and others. The American system ‘Echelon’ operates in a similar, albeit much more complex and vast way throughout the world.

In-Q-Tel
In-Q-Tel is dedicated to developing information technology for the CIA that is commercially available, affordable, and supported. In-Q-Tel seeks technology that enables the gathering of accurate, comprehensive and timely foreign intelligence in the interest of national security.

Email snooping almost banned
A cluster of new laws will soon come into effect curbing companies' rights to snoop through workers' emails.
Workers sending personal email across the corporate pipeline will gain a little more protection than they have at present but privacy advocates warn that it won't be a lot.

WWW.huh?: You Are the First Line of Defense
Defense Department computer security systems and specialists foiled nearly 22,500 would-be intruders in 1999 and 24,500 in 2000. There's no let-up in sight.

Sigaba Updates Email Encryption Gateway
Sigaba announced the availability of the its Email Encryption Gateway (SEEG) version 2.0. Enhancements include compatibility with the proposed Advanced Encryption Standard (AES), expanded desktop email encryption support and interoperability with Sigaba Courier. Sigaba Courier is an HTML-based product for use with SEEG version 2.0 that allows users to open Sigaba encrypted email, without the need to download any additional software.

Hampton, New Hampshire Man Convicted and Sentenced for Hacking into Former Employer's Computer Server
McKenna, who was fired by Bricsnet on Friday, October 20, 2000, hacked into his former employer’s computer server on two occasions. The first time was the evening of Friday, October 20, 2000, the day he was fired. The second was the following morning, Saturday, October 21, 2000. McKenna remotely accessed the computer server of his former employer, via the Internet, without authorization and caused damage in four ways: 1) he deleted approximately 675 computer files; 2) he modified computer user access levels; 3) he altered billing records; and, 4) he transmitted E-mails, which purported to have originated from an authorized representative of the victim corporation, to over one hundred (100) clients. Those E-mails contained false statements about business activities of the corporation.

New Encryption and Decryption drafts
The W3C released initial drafts of XML Encryption Syntax and Processing and Decryption Transform for XML Signature.

Study: Interactive TV Could Be 'Spy in Your Home'

A new report from the Center for Digital Democracy (CDD) warns that the privacy concerns of the Internet will be magnified by interactive television (ITV), as technology makers and marketers turn the living room into a laboratory and track everything from income to favorite color.

San Angelo, Texas: Home of Spies
Thanks to neighboring Goodfellow Air Force Base, this isolated West Texas city of 87,000 may harbor more spies, ex-spies and future spies per capita than any place in America, save Washington, D.C.

Statement for the Record for the Joint Economic Committee Cyber Threat Trends and US Network Security
In 2015 we anticipate that the world will almost certainly experience quantum leaps in information technology (IT) and in other areas of science and technology.  IT will be the major building block for international commerce and for empowering nonstate actors.  Most experts agree that the IT revolution represents the most significant global transformation since the Industrial Revolution beginning in the mid-eighteenth century.

Really Secure E-Mail
To be an effective business tool, e-mail must be controlled so that messages are secure and misuse is minimized. Here, we look at two products for doing just that: One uses digital rights management (DRM) and the other, acceptable usage policy (AUP).

 Russian Computer Hacker Indicted in California for Breaking into Computer Systems and Extorting Victim Companies
A federal grand jury today indicted a Russian computer hacker on a host of federal charges for allegedly breaking into computer systems, stealing credit card information and attempting to extort payments from the victim companies for "computer security services."

The Emperor's Codes: The role of Bletchley Park in breaking Japan’s secret ciphers
American hi-jacking of history did not start with the film U-571, as Michael Smith makes clear in this sequel to Station X, his revelations about the pivotal role of GCHQ’s Bletchley Park codebreakers in winning the Hitler war. While Alan Turing and his fellow boffins were applying their mathematical genius exclusively to cracking codes like the U-boats’ ‘Shark’ – in line with the Anglo-American agreement to give the European war theatre precedence – the US Navy’s cryptographers were effectively denying their British opposite numbers vital information on the war in their own Pacific ‘preserve’.

SANSFIRE
Welcome to SANSFIRE, a SANS conference with an emphasis on Forensics, Investigation, Response and Education. SANS has a tradition of offering theme based conferences to meet special needs of the defensive information community. Often, bringing security workers with a common problem together will result in a number of breakthroughs. Perhaps you recall SANS ID’99, the seminal gathering leading to the advanced intrusion detection techniques we employ today. Now, perhaps you are asking, “why do we need a forensics conference”?What do you do when you detect an unknown pattern on the network? When you see outbound packets leaving your system, how do you determine what process is causing the activity? If your disk light starts flashing furiously and you aren’t running anything, how do you check it out? When the boss directs you to toss one of the organization’s computer systems, how do you go about doing it? System, security, and network administrators need tools and techniques to face these challenges.
We will offer case studies that illustrate exactly how various tools and processes solved common problems, mini-tutorials on seizure, evidence collection, system and network forensics, data recovery, and product selection. Preceding the Technical Program we will offer five days of leading edge, in-depth courses taught by the highest rated teachers in the world, including leaders in forensics.

NSA Releases Win2K Security Recommendation Guidelines
The US National Security Agency (NSA) has released a set of guidelines and templates to assist in securing Windows 2000 systems. The materials contain 5 templates to use with Microsoft's Security Configuration Editor, 17 guides to secure various aspects of the OS, and 3 supporting documents with indepth defense coverage and particulars about various popular software packages.


The templates include configuration settings for domain controllers (DCs), domain policy, and server and workstation settings. The guides are available in Adobe Portable Document Format (PDF) and cover a broad range of topics, including network architecture, Group Policy, file and disk resources, Encrypting File System (EFS), DNS, Active Directory (AD), Microsoft IIS, Kerberos, public key infrastructure (PKI), Windows NT and 9x clients, Outlook, and routers.

Information Operations
The AOC is on the front lines of an undeclared information war. The defense of Army networks across the world is imperative. It is obvious that no “out-of-the-box” security tool will suffice to protect the integrity of the Army’s digital domain. Consequently, Army network managers need to do a lot more in terms of Enclave Site Defense. For guidance, they can turn to the Army’s standard doctrine. A shown in this paper, defending a network enclave is not much different than defending a hilltop in the jungle. The same principles of war apply. As seen in FM 100-5, the Army does not rely on weapon systems alone to guarantee success on the battlefield. Instead, commanders deploy weapons systems in conjunction with some time-honored tactics that favor offensive over defensive operations. The same should be true for Enclave Site Defense. Defending a site is more than just deploying the weapon systems. It is also about detecting the attack and reacting to it. This paper will discuss these very issues.

Computerworld Resource Center: Security
Computer World's Security site with a lot of articles. Good reading!

Hacking Into Wall Street
On March 10, 2000, the Nasdaq reached an all-time high, breaking the 5000 mark for the very first time. Internet Trading Technologies (ITTI) wasn't participating in the market upswing, however. The company was too busy working to fend off an online attack.

Hacking threat rises with layoffs
When someone cracked Slip.net's computer system, altered customer accounts and deleted important databases, the Internet service provider didn't need to look far to find the attacker.

It wasn't a criminal outfit seeking credit card numbers, and it wasn't a scrawny whiz kid hacking away for a challenge in his dark bedroom.

It was Nicholas Middleton, a former computer administrator for Slip.net, who had been unhappy at the San Francisco company and recently quit. Middleton fought the resulting criminal charges on a legal technicality but lost and got three years' probation.

U.S. Considered Sharing Security Secrets With China, Syria, Pakistan
Newly declassified documents show that America considered sharing secret computer security code "keys" with foreign powers including China, Syria and Pakistan.

The documents include a secret 1993 CIA cable on the "Clipper" project, a computer security chip developed by the U.S. government. The Clipper chip contained advanced "key recovery" surveillance technology, allowing the government to secretly tap phone conversations and monitor computer communications.

HoneyNet Project
The Honeynet Project is a group of thirty security professionals dedicated to learning the tools, tactics, and motives of the blackhat community and sharing those lessons learned. The team collects this information on their own time with their own resources. The primary method for obtaining information is through the use of a Honeynet. It is our hope and intent to develop the security community in the two following ways.

Raise awareness.
To raise awareness of the threats and vulnerabilities that exist in the Internet today. We raise awareness by demonstrating real systems that were compromised in the wild by the blackhat community. Many people believe it can't happen to them. We hope to change their mind.

Teach and inform.
For those in the community who are already aware and concerned, we hope to give you the information to better secure and defend your resources.

Pentagon plans to X-out data on old computers
The Pentagon believes it has found a way to give its old computers away to American schools and still protect information locked in the machines' hard drives.

Hackers attempted to breach California power grid
As Californians suffered under rolling blackouts last month, computer hackers were trying to breach the computer system at the California Independent System Operator (Cal-ISO), which oversees most of state's power transmission grid.

Foreign spies serious threat to U.S.
A 30-year veteran of the intelligence field says most Americans "almost ignore ... the power of intelligence and counterintelligence" in this country, despite the danger foreign intelligence agents pose to the nation's security.