Evidence Eliminator - What evidence is on your hard drive?
Links to interesting Forensic Services.
These sites offer services, software programs and information about recovering deleted data from hard drives.
Thursday, January 17, 2002
Quality Security Tools
In May/June of 2000, we conducted a survey of 1200 Nmap users from the nmap-hackers mailing list to determine their favorite security tools. Each respondant could list up to 5.
I was so impressed by the list they created that I am putting the top 50 up here where everyone can benefit from them. I think anyone in the security field would be well advised to go over the list and investigate any tools they are unfamiliar with. I also plan to point newbies to this page whenever they write me saying "I do not know where to start".
In May/June of 2000, we conducted a survey of 1200 Nmap users from the nmap-hackers mailing list to determine their favorite security tools. Each respondant could list up to 5.
I was so impressed by the list they created that I am putting the top 50 up here where everyone can benefit from them. I think anyone in the security field would be well advised to go over the list and investigate any tools they are unfamiliar with. I also plan to point newbies to this page whenever they write me saying "I do not know where to start".
Wednesday, January 16, 2002
Electronic Harassment Specialists
It is our goal to help victims of Electronic Harassment. This is done with decades of well trained, experienced and knowledgeable professionals. Electronic Harassment occurs in almost every country in the world, it knows no borders. Neither do we. We will not rest until Electronic Harassment is properly legislated or eliminated.
It is our goal to help victims of Electronic Harassment. This is done with decades of well trained, experienced and knowledgeable professionals. Electronic Harassment occurs in almost every country in the world, it knows no borders. Neither do we. We will not rest until Electronic Harassment is properly legislated or eliminated.
Monday, January 14, 2002
Free Security Scan
Worried about hacker attacks on your always on Internet connection? Test your Internet Security with our Free Security Scan. This utility will scan your computer for possible weaknesses. We simply scan for available ports and processes servicing those ports that appear to the public.
Worried about hacker attacks on your always on Internet connection? Test your Internet Security with our Free Security Scan. This utility will scan your computer for possible weaknesses. We simply scan for available ports and processes servicing those ports that appear to the public.
Saturday, January 12, 2002
Intelligence Community Markup Language
The IC Metadata Sub-Working Group (MSWG) has developed the Intelligence Community Markup Language (ICML) as part of the ICCIO Executive Council and Working Group commitment to IC inter-organization interoperability. ICML is based on a number of data modeling activities that have occurred in the IC over the last ten years, all of which have been used in one way or another to develop ICML.
The first focus of ICML is to aid finished intelligence production. Since a majority of the intelligence content being produced within the IC takes the form of documents, it was felt by the MSWG that limiting the scope of the initial ICML release to this type of intelligence content would yield the most benefits in the shortest period of time. The ICML standard as written incorporates key writing styles, metadata, and structure requirements of typical IC products.
ICML is described as a Document Type Definition (DTD).
The IC Metadata Sub-Working Group (MSWG) has developed the Intelligence Community Markup Language (ICML) as part of the ICCIO Executive Council and Working Group commitment to IC inter-organization interoperability. ICML is based on a number of data modeling activities that have occurred in the IC over the last ten years, all of which have been used in one way or another to develop ICML.
The first focus of ICML is to aid finished intelligence production. Since a majority of the intelligence content being produced within the IC takes the form of documents, it was felt by the MSWG that limiting the scope of the initial ICML release to this type of intelligence content would yield the most benefits in the shortest period of time. The ICML standard as written incorporates key writing styles, metadata, and structure requirements of typical IC products.
ICML is described as a Document Type Definition (DTD).
Friday, January 11, 2002
Seven Simple Computer Security Tips
- Use strong passwords. Choose passwords that are difficult or impossible to guess. Give different passwords to all accounts.
- Make regular backups of critical data. Backups must be made at least once each day. Larger organizations should perform a full backup weekly and incremental backups every day. At least once a month the backup media should be verified.
- Use virus protection software. That means three things: having it on your computer in the first place, checking daily for new virus signature updates, and then actually scanning all the files on your computer periodically.
- Use a firewall as a gatekeeper between your computer and the Internet. Firewalls are usually software products. They are essential for those who keep their computers online through the popular DSL and cable modem connections but they are also valuable for those who still dial in.
- Do not keep computers online when not in use. Either shut them off or physically disconnect them from Internet connection.
- Do not open e-mail attachments from strangers, regardless of how enticing the Subject Line or attachment may be. Be suspicious of any unexpected e-mail attachment from someone you do know because it may have been sent without that person’s knowledge from an infected machine.
- Regularly download security patches from your software vendors.
Wednesday, January 09, 2002
.Net vote rigging illustrates importance of Web services
In December, Java was more popular than .Net for building Web services, according to a ZDNet UK poll, but weeks later the position had dramatically reversed; investigation revealed just what lengths Microsoft will go to to promote its products.
In December, Java was more popular than .Net for building Web services, according to a ZDNet UK poll, but weeks later the position had dramatically reversed; investigation revealed just what lengths Microsoft will go to to promote its products.
Tuesday, January 08, 2002
IT Security Cookbook
This book is intended as a 'self help' guide to computer & network security, primarily for security managers, programmers and system administrators.
This book is intended as a 'self help' guide to computer & network security, primarily for security managers, programmers and system administrators.
Thursday, January 03, 2002
The Complete, Unofficial TEMPEST Information Page
Across the darkened street, a windowless van is parked. Inside, an antenna is pointed out through a fiberglass panel. It's aimed at an office window on the third floor. As the CEO works on a word processing document, outlining his strategy for a hostile take-over of a competitor, he never knows what appears on his monitor is being captured, displayed, and recorded in the van below.
Across the darkened street, a windowless van is parked. Inside, an antenna is pointed out through a fiberglass panel. It's aimed at an office window on the third floor. As the CEO works on a word processing document, outlining his strategy for a hostile take-over of a competitor, he never knows what appears on his monitor is being captured, displayed, and recorded in the van below.
Wednesday, January 02, 2002
OpenAntiVirus Project
Successful open source software always proves excellence in reliability, effectiveness, scalability, and portability. The Apache httpd, the Linux operating system and Perl as a scripting language or in the field of security OpenSSH, OpenSSL and GnuPG are prominent examples disguising that there are important fields lacking comparable solutions. One of these fields is anti-virus software. Previous attempts to fill the gap failed due to lack of concept and/or inability to attract essential expertise. To build a network of anti-virus developers within the Open Source Community providing mandatory resources for communication and project management the OpenAntiVirus Project was founded August 30th 2000.
Monday, December 31, 2001
Social Engineering Fundamentals, Part I: Hacker Tactics
One morning a few years back, a group of strangers walked into a large shipping firm and walked out with access to the firm’s entire corporate network. How did they do it? By obtaining small amounts of access, bit by bit, from a number of different employees in that firm. First, they did research about the company for two days before even attempting to set foot on the premises. For example, they learned key employees’ names by calling HR. Next, they pretended to lose their key to the front door, and a man let them in. Then they "lost" their identity badges when entering the third floor secured area, smiled, and a friendly employee opened the door for them.
The strangers knew the CFO was out of town, so they were able to enter his office and obtain financial data off his unlocked computer. They dug through the corporate trash, finding all kinds of useful documents. They asked a janitor for a garbage pail in which to place their contents and carried all of this data out of the building in their hands. The strangers had studied the CFO's voice, so they were able to phone, pretending to be the CFO, in a rush, desperately in need of his network password. From there, they used regular technical hacking tools to gain super-user access into the system.
In this case, the strangers were network consultants performing a security audit for the CFO without any other employees' knowledge. They were never given any privileged information from2
Wednesday, December 12, 2001
DSL - DSLreports.com
Shield Probe.. Get an instant security analysis now. You dont even need to know your own IP address!
Note: Interesting scan results, with your IP address removed, may be shown publicly to the left of the scan applet. This is not a security risk. If this disturbs you, please do not get scanned.
Shield Probe.. Get an instant security analysis now. You dont even need to know your own IP address!
Note: Interesting scan results, with your IP address removed, may be shown publicly to the left of the scan applet. This is not a security risk. If this disturbs you, please do not get scanned.
Monday, December 10, 2001
Technical Surveillance Counter Measues
Contrary to what is advertised, there is no do-it-yourself magic bullet in eavesdropping detection. You can not dial a number to see if your phone is tapped. There is not any one instrument which will detect all "bugs" for you. There is no gadget, which will protect you from all wire-tappers. Technical Surveillance Counter Measures (TSCM) also known as Eavesdropping Detection or Debugging is labour and equipment and involves intensive hard work.
Granite Island Group
The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet.
Friday, December 07, 2001
BestCrypt data encryption software
Jetico, Inc. offers BestCrypt data encryption software and BCWipe data erasing software for Windows 95/98/ME/NT/2000/XP and Linux operating systems.
The BestCrypt software performs encryption using the USA Federal Standard DES in Cipher Block Chaining mode, the Russian Federal Standard GOST 28147-89 in Cipher Feedback mode, the Blowfish in Cipher Block Chaining mode and the Twofish in Cipher Block Chaining mode algorithms at the same time. The BestCrypt software allows translate encrypted data between any of these four algorithms.
BestCrypt data encryption systems bring military strength encryption to the ordinary computer user without the complexities normally associated with strong data encryption.
Jetico, Inc. offers also the BCWipe utility for Windows 95/98/ME/NT/2000/XP and Linux. It is a useful utility for secure file deleting and wiping free space on disk. BCWipe supports a correspondent U.S. Department of Defense recommendations (DoD 5200.28-STD).
CGIProxy-- HTTP/FTP Proxy in a CGI Script
This CGI script acts as an HTTP or FTP proxy. Through it, you can retrieve any resource that is accessible from the server it runs on. This is useful when your own access is limited, but you can reach a server that in turn can reach others that you can't. It can easily be configured for anonymous browsing, so you can set up your own anonymous proxy like The Anonymizer. It's very simple to install, and very configurable.
When an HTML resource is retrieved, it's modified so that all links in it point back through the same proxy, including images, form submissions, and everything else. Once you're using the proxy, you can browse normally and (almost) forget it's there.
This CGI script acts as an HTTP or FTP proxy. Through it, you can retrieve any resource that is accessible from the server it runs on. This is useful when your own access is limited, but you can reach a server that in turn can reach others that you can't. It can easily be configured for anonymous browsing, so you can set up your own anonymous proxy like The Anonymizer. It's very simple to install, and very configurable.
When an HTML resource is retrieved, it's modified so that all links in it point back through the same proxy, including images, form submissions, and everything else. Once you're using the proxy, you can browse normally and (almost) forget it's there.
Internet anonymity for Windows power users
Our previous article, "Do-it-yourself Internet anonymity" was targeted towards average Windows users. It generated a startling number of e-mail requests for some advanced tactics, which I'm happy to supply. However, power user or not, I'd recommend at least skimming the earlier article if you haven't read it, just to ensure that you're not forgetting something
Our previous article, "Do-it-yourself Internet anonymity" was targeted towards average Windows users. It generated a startling number of e-mail requests for some advanced tactics, which I'm happy to supply. However, power user or not, I'd recommend at least skimming the earlier article if you haven't read it, just to ensure that you're not forgetting something
Tuesday, December 04, 2001
ELECTRONIC WARFARE AND RADAR SYSTEMS ENGINEERING HANDBOOK
This handbook is designed to aid EW and Radar systems engineers in making general estimations regarding capabilities of systems. It is not intended as a detailed designer's guide, rather it covers a variety of subjects of general interest.
It was originally published by the Avionics Department of the Naval Air Warfare Center Weapons Division in 1992 under the report number TS 92-78. Since that time five editions were published before changing the document number to TP 8347
CryptoHeaven Secure Free Email, Online Storage, File Sharing
CryptoHeaven is developed to accelerate wide spread use of highest-grade cryptography and distributed without restrictions upon its further dissemination.
A user-friendly, no-compromise information-heaven crypto system is created, where no third party, including server administrators and others watching, have access to plain text version of transmitted information. Information is stored in encrypted form on the server as generated by the client, and only the sender and the recipient possess the keys to gain access to the information. Having the entire log of all transmissions made and all of the data stored on the server, does not give access to the plain text version of information.
We use only the finest in cryptography, including an AES symmetric cipher Rijndael with 256 bit symmetric key, public-key cryptography with 2048-4096 bit asymmetric keys and SHA-256 message digest function.
CryptoHeaven is developed to accelerate wide spread use of highest-grade cryptography and distributed without restrictions upon its further dissemination.
A user-friendly, no-compromise information-heaven crypto system is created, where no third party, including server administrators and others watching, have access to plain text version of transmitted information. Information is stored in encrypted form on the server as generated by the client, and only the sender and the recipient possess the keys to gain access to the information. Having the entire log of all transmissions made and all of the data stored on the server, does not give access to the plain text version of information.
We use only the finest in cryptography, including an AES symmetric cipher Rijndael with 256 bit symmetric key, public-key cryptography with 2048-4096 bit asymmetric keys and SHA-256 message digest function.
FBI software cracks encryption wall
The FBI is developing software capable of inserting a computer virus onto a suspect's machine and obtaining encryption keys, a source familiar with the project told MSNBC.com. The software, known as "Magic Lantern", enables agents to read data that had been scrambled, a tactic often employed by criminals to hide information and evade law enforcement. The best snooping technology that the FBI currently uses, the controversial software called Carnivore, has been useless against suspects clever enough to encrypt their files.
The FBI is developing software capable of inserting a computer virus onto a suspect's machine and obtaining encryption keys, a source familiar with the project told MSNBC.com. The software, known as "Magic Lantern", enables agents to read data that had been scrambled, a tactic often employed by criminals to hide information and evade law enforcement. The best snooping technology that the FBI currently uses, the controversial software called Carnivore, has been useless against suspects clever enough to encrypt their files.
Anti-Virus Makers and FBI Dirty Secrets
Eric Chien, chief researcher at Symantec's antivirus research lab, said that provided a hypothetical keystroke logging tool was used only by the FBI, then Symantec would avoid updating its antivirus tools to detect such a Trojan. The security firm is yet to hear back from the FBI on its enquiries about Magic Lantern but it already has a policy on the matter.
"If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it - we wouldn't detect it," said Chien. "However we would detect modified versions that might be used by hackers."
Eric Chien, chief researcher at Symantec's antivirus research lab, said that provided a hypothetical keystroke logging tool was used only by the FBI, then Symantec would avoid updating its antivirus tools to detect such a Trojan. The security firm is yet to hear back from the FBI on its enquiries about Magic Lantern but it already has a policy on the matter.
"If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it - we wouldn't detect it," said Chien. "However we would detect modified versions that might be used by hackers."
Thursday, November 22, 2001
Hackers access Playboy.com's credit card data
Computer hackers broke into the Playboy Enterprises' Web site -- playboy.com -- gaining access to the credit card numbers of several customers, a company spokeswoman said Tuesday.
The company's technology team discovered the breach last weekend before the hackers sent threatening e-mails to the company's customers, said Playboy spokeswoman Laura Sigman. Consumers began alerting Playboy about the violation Sunday evening.
Firms warned of 'drive-by hackers'
Companies that use wireless technology to allow workers to log into networks throughout offices have been warned they could be laying themselves open to hackers.
The alert comes ahead of the scheduled signing in Hungary on Friday of a European convention that aims to unite about 30 countries in the fight against cyber-criminals.
Companies that use wireless technology to allow workers to log into networks throughout offices have been warned they could be laying themselves open to hackers.
The alert comes ahead of the scheduled signing in Hungary on Friday of a European convention that aims to unite about 30 countries in the fight against cyber-criminals.
Wednesday, November 21, 2001
OuterBrains 2K2 (a geek event)
What is OuterBrains ?
OuterBrains 2K2 is a party that brings together the hackers- and demo-scene. The hackers will have their hacking competitions and some nice seminars where the demo-scene people have their demos and related competitions. Three days non-stop action. More than 400+ people sharing ideas, tips, tricks, code, gfx, music and other digital information.
What is OuterBrains ?
OuterBrains 2K2 is a party that brings together the hackers- and demo-scene. The hackers will have their hacking competitions and some nice seminars where the demo-scene people have their demos and related competitions. Three days non-stop action. More than 400+ people sharing ideas, tips, tricks, code, gfx, music and other digital information.
FBI software cracks encryption wall
MAGIC LANTERN installs so-called “keylogging” software on a suspect’s machine that is capable of capturing keystrokes typed on a computer. By tracking exactly what a suspect types, critical encryption key information can be gathered, and then transmitted back to the FBI, according to the source, who requested anonymity.
The virus can be sent to the suspect via e-mail — perhaps sent for the FBI by a trusted friend or relative. The FBI can also use common vulnerabilities to break into a suspect’s computer and insert Magic Lantern, the source said.
Magic Lantern is one of a series of enhancements currently being developed for the FBI’s Carnivore project, the source said, under the umbrella project name of Cyber Knight.
MAGIC LANTERN installs so-called “keylogging” software on a suspect’s machine that is capable of capturing keystrokes typed on a computer. By tracking exactly what a suspect types, critical encryption key information can be gathered, and then transmitted back to the FBI, according to the source, who requested anonymity.
The virus can be sent to the suspect via e-mail — perhaps sent for the FBI by a trusted friend or relative. The FBI can also use common vulnerabilities to break into a suspect’s computer and insert Magic Lantern, the source said.
Magic Lantern is one of a series of enhancements currently being developed for the FBI’s Carnivore project, the source said, under the umbrella project name of Cyber Knight.
Tuesday, November 20, 2001
the-Cloak
The Cloak sits between your computer and any web sites you visit. It prevents the web sites you visit from finding out who you are. And it can use the standard SSL protocol to encrypt all communication from your browser, so that no one (except for the-Cloak) knows where you are surfing.
The Cloak sits between your computer and any web sites you visit. It prevents the web sites you visit from finding out who you are. And it can use the standard SSL protocol to encrypt all communication from your browser, so that no one (except for the-Cloak) knows where you are surfing.
Anti Censoring Section
Search For a Public Proxy: Search our Frequently Updated Database for Free Public Proxies.
Anonymity on the net: Hiding your real IP when using normal web applications ( Browsing - ICQ - IRC , etc )
Using Shell accounts.
Bypassing Proxy Restrictions (Do you wanna surf Blocked Pages?) Public Proxy Servers, and how to use them
Redirectors ( Redir - SSH , etc )
CGI Proxy Servers ( including how to build your own! )
Port Tunneling ( HTTP-PORT® )
Surfing the net through a shell account ( Lynx )
Bypassing ISP`s Port Blocks
Search For a Public Proxy: Search our Frequently Updated Database for Free Public Proxies.
Anonymity on the net: Hiding your real IP when using normal web applications ( Browsing - ICQ - IRC , etc )
Using Shell accounts.
Bypassing Proxy Restrictions (Do you wanna surf Blocked Pages?) Public Proxy Servers, and how to use them
Redirectors ( Redir - SSH , etc )
CGI Proxy Servers ( including how to build your own! )
Port Tunneling ( HTTP-PORT® )
Surfing the net through a shell account ( Lynx )
Bypassing ISP`s Port Blocks
Monday, November 19, 2001
Plan to Migrate to Advanced Encryption Standard
Once considered invulnerable, the Data Encryption Standard that secures many banking and e-commerce transactions has been cracked. Enterprises should switch to the Advanced Encryption Standard when feasible.
Once considered invulnerable, the Data Encryption Standard that secures many banking and e-commerce transactions has been cracked. Enterprises should switch to the Advanced Encryption Standard when feasible.
On the Security of PHP, Part 1
This article will provide you an overview of various security issues with PHP and offer advice on secure PHP programming practices.
This article will provide you an overview of various security issues with PHP and offer advice on secure PHP programming practices.
Friday, November 16, 2001
The Security Specific Search Engine
Welcome to searchSecurity.com's archive of Previous Events. Here, you can find Host to previous Q&A talks with Security professionals and experts.
Welcome to searchSecurity.com's archive of Previous Events. Here, you can find Host to previous Q&A talks with Security professionals and experts.
Wednesday, November 14, 2001
News: Bug secrecy vs. full disclosure
By Bruce Schneider.
Last month Scott Culp, manager of the security response center at Microsoft, published an essay describing the current practice of publishing security vulnerabilities to be "information anarchy." He claimed that we'd all be a lot safer if researchers would keep details about vulnerabilities to themselves, and stop arming hackers with offensive tools. Last week, at Microsoft's Trusted Computing Forum, Culp announced a new coalition to put these ideas into practice.
This is the classic "bug secrecy vs. full disclosure" debate. I've written about it previously in Crypto-Gram; others have written about it as well. It's a complicated issue with subtle implications all over computer security, and it's one worth discussing again.
ICANN eyes DNS security, solutions
MARINA DEL REY, Calif. - Of all the Internet's security concerns, one of the least troublesome may be the physical security of its root name servers, the top servers in the Internet's traffic directing system. There are only 13 of them, a redundant system located in scattered locations around the world, any one of which could probably be reconfigured in a pinch on a "beefy laptop."
MARINA DEL REY, Calif. - Of all the Internet's security concerns, one of the least troublesome may be the physical security of its root name servers, the top servers in the Internet's traffic directing system. There are only 13 of them, a redundant system located in scattered locations around the world, any one of which could probably be reconfigured in a pinch on a "beefy laptop."
Monday, November 12, 2001
Private Idaho 3.52t
Private Idaho is a PGP, anonymous remailer, and nym server front-end for Windows. It was initially made by Joel McNamara and, when he released the source code, I (Ian Lynagh) picked it up "just to look at it". Within a few days I had released PI3.0tb1 and haven't looked back since.
Private Idaho is a PGP, anonymous remailer, and nym server front-end for Windows. It was initially made by Joel McNamara and, when he released the source code, I (Ian Lynagh) picked it up "just to look at it". Within a few days I had released PI3.0tb1 and haven't looked back since.
Cryptography and Network Security
Like the author says "This page is unmaintained and full of many old, rotted links. Sorry. " Anyway, some links do work!
Like the author says "This page is unmaintained and full of many old, rotted links. Sorry. " Anyway, some links do work!
ESL400 scanner: Hardware like this makes it possible to eavesdrop the contents of your monitor (e.g. from a van in front of your office or from the neighboring flat)
Zero Emission Pad Freeware
Since decades international secret services use the fact that all electronic devices emit compromising rays. These rays can be used to recover a picture displayed by a monitor. Even if these rays passed walls and the receiver is many meters away. Together with our partner, the University of Cambridge (Great Britain), we offer to you the possibility to defuse these compromising rays via software (patent-pending "Soft-Tempest"). The text editor Steganos II Zero Emission Pad is the world's first Windows editor that supports the emission defusing display.
Stego Online by Romana Machado
This privacy utility demonstrates a new way of communicating securely. Want to communicate securely, but don't want to send large files of strange-looking numbers? Want to use strong crypto, but know that your email is not secure enough? Stego works like invisible ink for Internet communication. Stego can hide an encrypted text file in a GIF format image file - which is the most commonly used image format on the World Wide Web. The resulting GIF can be attached to an email message or posted on a web page.
This privacy utility demonstrates a new way of communicating securely. Want to communicate securely, but don't want to send large files of strange-looking numbers? Want to use strong crypto, but know that your email is not secure enough? Stego works like invisible ink for Internet communication. Stego can hide an encrypted text file in a GIF format image file - which is the most commonly used image format on the World Wide Web. The resulting GIF can be attached to an email message or posted on a web page.
Steganography Information, Software, and News to Enhance Your Privacy.
In an ideal world we would all be able to openly send encrypted email or files to each other with no fear of reprisals. However there are often cases when this is not possible, either because you are working for a company that does not allow encrypted email or perhaps the local government does not approve of encrypted communication (a reality in some parts of the world). This is where steganography can come into play.
Steganography simply takes one piece of information and hides it within another. Computer files (images, sounds recordings, even disks) contain unused or insignificant areas of data. Steganography takes advantage of these areas, replacing them with information (encrypted mail, for instance). The files can then be exchanged without anyone knowing what really lies inside of them. An image of the space shuttle landing might contain a private letter to a friend. A recording of a short sentence might contain your company's plans for a secret new product. Steganography can also be used to place a hidden "trademark" in images, music, and software, a technique referred to as watermarking.
In an ideal world we would all be able to openly send encrypted email or files to each other with no fear of reprisals. However there are often cases when this is not possible, either because you are working for a company that does not allow encrypted email or perhaps the local government does not approve of encrypted communication (a reality in some parts of the world). This is where steganography can come into play.
Steganography simply takes one piece of information and hides it within another. Computer files (images, sounds recordings, even disks) contain unused or insignificant areas of data. Steganography takes advantage of these areas, replacing them with information (encrypted mail, for instance). The files can then be exchanged without anyone knowing what really lies inside of them. An image of the space shuttle landing might contain a private letter to a friend. A recording of a short sentence might contain your company's plans for a secret new product. Steganography can also be used to place a hidden "trademark" in images, music, and software, a technique referred to as watermarking.
When Osama Bin Ladin Was Tim Osman
Conspiracy Theory: The other man, dressed in Docker's clothing, was not a native Afghan any more than Olberg was. He was a 27-year-old Saudi. Tim Osman (Ossman) has recently become better known as Osama Bin Ladin. "Tim Osman" was the name assigned to him by the CIA for his tour of the U.S. and U.S. military bases, in search of political support and armaments.
Conspiracy Theory: The other man, dressed in Docker's clothing, was not a native Afghan any more than Olberg was. He was a 27-year-old Saudi. Tim Osman (Ossman) has recently become better known as Osama Bin Ladin. "Tim Osman" was the name assigned to him by the CIA for his tour of the U.S. and U.S. military bases, in search of political support and armaments.
David Shayler on MI6 Gaddafi Assassination Plot
This is the first ever police investigation into an allegation made against MI6. It directly contradicts former Foreign Secretary Robin Cook's claim that the Gaddafi Plot has "no basis in fact" and is "pure fantasy".
There are no charges against David Shayler for perjury or wasting police time, confirming that his detailed sworn statement was honest, reliable and true.
The Crown Prosecution Service has claimed there is not enough evidence likely to secure a conviction of the two MI6 officers responsible for the Plot, three and a half years after David made the initial disclosure and a year after he gave evidence. However, the police did gather 'relevant material'.
Shayler calls for statement from Prime Minister and Foreign Secretary about MI6 funding of groups with connections to Bin Laden who were involved in the attack.
This is the first ever police investigation into an allegation made against MI6. It directly contradicts former Foreign Secretary Robin Cook's claim that the Gaddafi Plot has "no basis in fact" and is "pure fantasy".
There are no charges against David Shayler for perjury or wasting police time, confirming that his detailed sworn statement was honest, reliable and true.
The Crown Prosecution Service has claimed there is not enough evidence likely to secure a conviction of the two MI6 officers responsible for the Plot, three and a half years after David made the initial disclosure and a year after he gave evidence. However, the police did gather 'relevant material'.
Shayler calls for statement from Prime Minister and Foreign Secretary about MI6 funding of groups with connections to Bin Laden who were involved in the attack.
OpenSSH 3.0 released
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods.
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods.
Hacker Watchdog Group Shows Enlightened View About Security
On 9 November 2001, Microsoft and security companies @Stake, BindView, Foundstone, Guardent and Internet Security Systems announced the formation of a hacker watchdog group called the Responsible Disclosure Forum. The group aims to establish guidelines and codes of conduct for releasing information about software vulnerabilities.
On 9 November 2001, Microsoft and security companies @Stake, BindView, Foundstone, Guardent and Internet Security Systems announced the formation of a hacker watchdog group called the Responsible Disclosure Forum. The group aims to establish guidelines and codes of conduct for releasing information about software vulnerabilities.
US government fails hacker testa
DESPITE dramatically tighter security at US buildings since the terrorist attacks, a House panel is giving the US Government failing marks for lax protection of federal computer networks.
The "F" grade dropped from the "D-" that the government earned in September 2000. Fully two-thirds of federal agencies — including the departments of Defence, Commerce, Energy, Justice and Treasury — flunked the latest "computer security report card".
DESPITE dramatically tighter security at US buildings since the terrorist attacks, a House panel is giving the US Government failing marks for lax protection of federal computer networks.
The "F" grade dropped from the "D-" that the government earned in September 2000. Fully two-thirds of federal agencies — including the departments of Defence, Commerce, Energy, Justice and Treasury — flunked the latest "computer security report card".
Friday, November 09, 2001
Satellite on a shoestring going strong 1 month later
OK, not really security related but fun to read anyway....
After a month in orbit, a satellite built by Naval Academy midshipmen with off-the-shelf parts from Radio Shack is exceeding all expectations, sending and receiving messages from ham radio users around the world.
Academy students and professors hoped the satellite would work for a month, given that many of the parts they used have no history of operating in space. But since the satellite was launched from Kodiak, Alaska, on Sept. 30, it has shown no signs of degrading, and the group is hoping the satellite will work at least another year and maybe another five.
OK, not really security related but fun to read anyway....
After a month in orbit, a satellite built by Naval Academy midshipmen with off-the-shelf parts from Radio Shack is exceeding all expectations, sending and receiving messages from ham radio users around the world.
Academy students and professors hoped the satellite would work for a month, given that many of the parts they used have no history of operating in space. But since the satellite was launched from Kodiak, Alaska, on Sept. 30, it has shown no signs of degrading, and the group is hoping the satellite will work at least another year and maybe another five.
Information Assurance
The Defense Security Service (DSS) Industrial Security Information Assurance Branch is comprised of computer security specialists and computer scientists who support existing Industrial Security programs.
New Dimensions International
Confronted by dramatic advances in technology and an historic shift in the Global Marketplace, security faces dynamic challenges. NDI services have grown to match the dynamic thresholds in technology and the new and changing World Order. Attacks emerge DAILY from global sources.
Attacks against the "Information Infrastructure" have reached unprecedented proportions with only more increases in sight.
NDI has advanced system security services, training, risk assessment and security designs since 1985. We have worked with government, Healthcare financial institutions, corporations, the public sector and telecommunications to ensure safe and sound security practices to help improve the understanding of the Intruder AND help develop policy, assess risks and prescribe remedies...SOLUTIONS.
Confronted by dramatic advances in technology and an historic shift in the Global Marketplace, security faces dynamic challenges. NDI services have grown to match the dynamic thresholds in technology and the new and changing World Order. Attacks emerge DAILY from global sources.
Attacks against the "Information Infrastructure" have reached unprecedented proportions with only more increases in sight.
NDI has advanced system security services, training, risk assessment and security designs since 1985. We have worked with government, Healthcare financial institutions, corporations, the public sector and telecommunications to ensure safe and sound security practices to help improve the understanding of the Intruder AND help develop policy, assess risks and prescribe remedies...SOLUTIONS.
gPIKT
gPIKT is a PIKT graphical user interface. It is written using Perl/Gtk. As of now, no other external modules are required.
gPIKT's basic philosophy is to present the user a tree of systems and their elements. All of them can be dragged to "publish list", and the list can then be published with a simple click. Each system and element have a context menu, where almost all command line piktc options are implemented.
PIKT
Sysadmins have long wrestled with the task of writing generalized scripts to monitor systems and deal with recurring problem situations. As conventionally practiced, this approach has numerous disadvantages: it is hard to account for diversity across machines and operating systems; operations are fragile and error-prone; scripts for handling simple tasks are difficult to code, or are hardly worth the effort to maintain; scheduling and managing scripts are time-consuming and repetitive; setup is inflexible; activity and error logging is rudimentary or nonexistent; and the whole mass of scripts and configuration files is nearly impossible to keep track of or even comprehend.
PIKT attempts to solve some of the problems observed in more traditional methods of monitor scripting and managing system configurations. PIKT is an embedded scripting language and accompanying script interpreter. PIKT is also a sophisticated script and system configuration file preprocessor for use with the Pikt scripting language or any other scripting language of your choice.
Finally, PIKT is a cross-platform, centrally run script scheduler (like cron), customizing installer (like rdist), command shell enhancement, and total script and configuration file management facility. PIKT's primary purpose is to monitor systems, report problems, and fix those problems whenever possible, but its flexibility lends itself to quite a few other uses as well.
Internet Journal of Rescue and Disaster Medicine
This on-line journal combines the contents of The Internet Journal of Aeromedical Transportation TM and The Internet Journal of Disaster Medicine TM.
This on-line journal combines the contents of The Internet Journal of Aeromedical Transportation TM and The Internet Journal of Disaster Medicine TM.
Computer Security Group - Books & Journals
The Computer Security Group is an informal group of people with similar interests: mainly security, cryptology, and distributed systems.
We hold meetings, seminars, and workshops which are described in more detail in subsequent pages. Attendance is not restricted to members of the Computer Laboratory; we welcome visitors from other universities, companies, and other organisations.
Computer security has been among the laboratory's research interests for many years, along with related topics such as cryptology, formal methods, medical information security, electronic commerce, steganography and information hiding, and the robustness of distributed systems in general.
Here is a list of proceedings and journals which are edited by members of our group. It also has information on the "Computer & Communications Security Reviews".
IBM 4758 PCI Cryptographic Coprocessor
The IBM PCI Cryptographic Coprocessor adds a high-security environment to your OS/2®, Windows NT®, Windows 2000®, AIX®, OS/400®, z/OS®, and OS/390® server systems for DES, RSA, and DSA cryptographic functions and sensitive custom applications. The PCI board incorporates specialized electronics to off-load your servers from time-consuming cryptographic functions while providing a tamper-responding, secure computing environment for the storage of keys and performing sensitive processing. Certification of the hardware under FIPS PUB 140-1 at levels 3 and 4 assures a high-integrity processing environment.
Extracting a 3DES key from an IBM 4758 The IBM 4758 is an extremely secure crytographic co-processor. It is used by banking systems and in other security conscious applications to hold keying material. It is designed to make it impossible to extract this keying material unless you have the correct permissions and can involve others in a conspiracy.
We are able, by a mixture of sleight-of-hand and raw processing power, to persuade an IBM 4758 running IBM's ATM (cash machine) support software called the "Common Cryptographic Architecture" (CCA) to export any and all its DES and 3DES keys to us.
We are able, by a mixture of sleight-of-hand and raw processing power, to persuade an IBM 4758 running IBM's ATM (cash machine) support software called the "Common Cryptographic Architecture" (CCA) to export any and all its DES and 3DES keys to us.
Thursday, November 08, 2001
Internet Security Systems, Inc.
AlertCON – Level 1:
AlertCon 1 reflects the malicious, determined, global, 24 x 7 attacks experienced by all networks
AlertCON – Level 2:
AlertCon 2 means increased vigilance/action required due to focused, patterned attacks.
AlertCON – Level 3:
AlertCon 3 means increased attacks against specific targets or vulnerabilities on a scale that is unusually high, immediate action required.
AlertCON – Level 4:
AlertCon 4 reflects a catastrophic problem for a network or group of networks whose survival depends on immediate, decisive action.
AlertCON – Level 1:
AlertCon 1 reflects the malicious, determined, global, 24 x 7 attacks experienced by all networks
AlertCON – Level 2:
AlertCon 2 means increased vigilance/action required due to focused, patterned attacks.
AlertCON – Level 3:
AlertCon 3 means increased attacks against specific targets or vulnerabilities on a scale that is unusually high, immediate action required.
AlertCON – Level 4:
AlertCon 4 reflects a catastrophic problem for a network or group of networks whose survival depends on immediate, decisive action.
The Packetfactory
The Packetfactory is a clearing house for cool-ass network and network security related endeavors. Here you’ll find all manner of useful security tools (firewalk, pandora), network tools (libnet, ngrep), etc... Feel free to peruse and download.
The Packetfactory is a clearing house for cool-ass network and network security related endeavors. Here you’ll find all manner of useful security tools (firewalk, pandora), network tools (libnet, ngrep), etc... Feel free to peruse and download.
C4I.org - Computer Security and Intelligence
Links to interesting sites. Some sites will soon feature on this Weblog as well.
Wednesday, November 07, 2001
GeoTrust: TrustWatch
TrustWatch is an identity solution for business Web sites. Site association with a business is checked, and site owners are provided with an active digital icon for their Web site. Consumers, seeking to know and trust the Web domains they visit, will know from the icon if the Web site owner is a TrustWatch member. And, if the site belongs to a TrustWatch member, consumers will have access to business information about that enterprise. It's a way to show legitimate sites and make eCommerce safer.
Tuesday, November 06, 2001
F2F FOR PALM
The built-in security of most Palm Pilots is easy to break as has been demonstrated recently. Our free program, F2F for Palm, offers strong cryptography using the newly selected AES algorithm. It is intended for storage of items like pin codes and passwords only (although the program could easily be extended into a more general service). It offers a fixed storage space, a safe area, which is only decrypted when the program is active and the correct key is entered. Sensitive information may be stored in this area.
Clean Drive: Protect Yourself and Your Life
Every move you make on your computer is being logged. From the Internet sites you visit, to the documents you open... you are being tracked. Even if you attempt to delete these tracks, Windows retains secret log files. Deleting Internet Caches and searching for history files would take hours of work manually. Clean Drive deletes all these items from your computer... automatically, as often as you like!
Monday, November 05, 2001
Default disclaimer
Not a link to an external site but the default disclaimer I use on my PC and laptop. It is a disclaimer used by the DoD but I can't seem to find the link to it anywhere. Anyway, replace [COMPANY] with ofcourse, your company name!
This is a [COMPANY] computer system. This computer system, including all related equipment, networks and network devices (specifically including Internet access), are provided only for authorized [COMPANY] use. [COMPANY] computer systems may be monitored for all lawful purposes, including to ensure that their use is authorized, for management of the system, to facilitate protection against unauthorized access, and to verify security procedures, survivability and operational security. Monitoring includes active attacks by authorized [COMPANY] entities to test or verify the security of this system. During monitoring, information may be examined, recorded, copied and used for authorized purposes. All information, including personal information, placed on or sent over this system may be monitored. Use of this [COMPANY] computer system, authorized or unauthorized, constitutes consent to monitoring of this system. Unauthorized use may subject you to criminal prosecution. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal or adverse action. Use of this system constitutes consent to monitoring for these purposes.
Not a link to an external site but the default disclaimer I use on my PC and laptop. It is a disclaimer used by the DoD but I can't seem to find the link to it anywhere. Anyway, replace [COMPANY] with ofcourse, your company name!
This is a [COMPANY] computer system. This computer system, including all related equipment, networks and network devices (specifically including Internet access), are provided only for authorized [COMPANY] use. [COMPANY] computer systems may be monitored for all lawful purposes, including to ensure that their use is authorized, for management of the system, to facilitate protection against unauthorized access, and to verify security procedures, survivability and operational security. Monitoring includes active attacks by authorized [COMPANY] entities to test or verify the security of this system. During monitoring, information may be examined, recorded, copied and used for authorized purposes. All information, including personal information, placed on or sent over this system may be monitored. Use of this [COMPANY] computer system, authorized or unauthorized, constitutes consent to monitoring of this system. Unauthorized use may subject you to criminal prosecution. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal or adverse action. Use of this system constitutes consent to monitoring for these purposes.
Protect your PDAs
When was the last time you left your PDA in the conference room or on your plane seat? Yesterday? Last month? Unless you plan to chain your PDA to your belt, the odds of losing your PDA are good. And if you're an IT manager, the whereabouts of corporate-supplied PDAs--and the sensitive information they contain--is now your problem.
According to Prakash Panjwani, senior vice president of business development for Certicom, which develops security software for PDAs, companies are now seeking the same level of security with PDAs that they once sought for laptops. "In the past," says Panjwani, "these were consumer devices that snuck into the enterprise. You got it as a gift, and then you started downloading corporate information and your IT managers didn't even know about it. Now that has changed because [companies] realize that the ultimate responsibility is the IT managers'."
Although the financial value of the hardware isn't devastating, the value of the information can be. The idea of a stranger having access to your personal data may be distressing, but the possibility that somebody could access presumably security corporate information is enough to give any CEO nightmares.
When was the last time you left your PDA in the conference room or on your plane seat? Yesterday? Last month? Unless you plan to chain your PDA to your belt, the odds of losing your PDA are good. And if you're an IT manager, the whereabouts of corporate-supplied PDAs--and the sensitive information they contain--is now your problem.
According to Prakash Panjwani, senior vice president of business development for Certicom, which develops security software for PDAs, companies are now seeking the same level of security with PDAs that they once sought for laptops. "In the past," says Panjwani, "these were consumer devices that snuck into the enterprise. You got it as a gift, and then you started downloading corporate information and your IT managers didn't even know about it. Now that has changed because [companies] realize that the ultimate responsibility is the IT managers'."
Although the financial value of the hardware isn't devastating, the value of the information can be. The idea of a stranger having access to your personal data may be distressing, but the possibility that somebody could access presumably security corporate information is enough to give any CEO nightmares.
Monday, October 29, 2001
Taxi flattened CIA's spy-cat project
The CIA trained 'spy-cats' to secretly gather information on suspects, declassified secret documents have revealed.
Project 'acoustic kitty' saw the pets fitted with hi-tech listening equipment and being trained to wander into secure areas.
But the project never went any further than the testing stage after the first spy-cat was run over by a taxi.
The CIA trained 'spy-cats' to secretly gather information on suspects, declassified secret documents have revealed.
Project 'acoustic kitty' saw the pets fitted with hi-tech listening equipment and being trained to wander into secure areas.
But the project never went any further than the testing stage after the first spy-cat was run over by a taxi.
SWS Security - Electronic Surveillance Equipment
Manufacturers of Audio, Video, and RF electronic surveillance, intelligence gathering and radio communications systems since 1972.
Friday, October 26, 2001
The SVR: Russia’s Intelligence Service (There are friendly states but there are no friendly intelligence services)
The collapse of the Soviet Union resulted in the disappearance of the most powerful security organisation ever created - the KGB. The KGB’s omnipresence in the USSR and its extensive network abroad was the result of the Soviet leadership's determination to control the population inside the USSR, and until the mid 1980s, in accordance with Marxist-Leninist principles, to propel its version of communism as far and as wide as was politically, militarily and financially feasible. The KGB was the sword and shield of the Communist Party of the Soviet Union, its occasional Ministry of Foreign Affairs and a research organisation forced sometimes to produce analysis which had nothing to do with its statutory mission and which appropriate institutes in Moscow could have done better. The political need to pamper the KGB translated well into almost unlimited funds, facilities, the ability to place KGB personnel in any Soviet organisation, inside or abroad and job offers no other organisation could match. Its foreign intelligence gathering and processing body was known as the PGU, the Russian acronym for the First Chief Directorate. Foreign Minister Boris Pankin said once that 50% of the Soviet staff in the US were working for the PGU. The unofficial FBI figure was 25%.
The collapse of the Soviet Union resulted in the disappearance of the most powerful security organisation ever created - the KGB. The KGB’s omnipresence in the USSR and its extensive network abroad was the result of the Soviet leadership's determination to control the population inside the USSR, and until the mid 1980s, in accordance with Marxist-Leninist principles, to propel its version of communism as far and as wide as was politically, militarily and financially feasible. The KGB was the sword and shield of the Communist Party of the Soviet Union, its occasional Ministry of Foreign Affairs and a research organisation forced sometimes to produce analysis which had nothing to do with its statutory mission and which appropriate institutes in Moscow could have done better. The political need to pamper the KGB translated well into almost unlimited funds, facilities, the ability to place KGB personnel in any Soviet organisation, inside or abroad and job offers no other organisation could match. Its foreign intelligence gathering and processing body was known as the PGU, the Russian acronym for the First Chief Directorate. Foreign Minister Boris Pankin said once that 50% of the Soviet staff in the US were working for the PGU. The unofficial FBI figure was 25%.
Microsoft's Really Hidden Files: A New Look At Forensics.
There are folders on your computer that Microsoft has tried hard to keep secret. Within these folders you will find two major things: Microsoft Internet Explorer has been logging all of the sites you have ever visited -- even after you've cleared your history, and Microsoft's Outlook Express has been logging all of your e-mail correspondence -- even after you've erased them from your Deleted Items bin. (This also includes all incoming and outgoing file attachments.) And believe me, that's not even the half of it.
There are folders on your computer that Microsoft has tried hard to keep secret. Within these folders you will find two major things: Microsoft Internet Explorer has been logging all of the sites you have ever visited -- even after you've cleared your history, and Microsoft's Outlook Express has been logging all of your e-mail correspondence -- even after you've erased them from your Deleted Items bin. (This also includes all incoming and outgoing file attachments.) And believe me, that's not even the half of it.
Cryptanalysis of MultiSwap
An anonymous security researcher working under the pseudonym "Beale Screamer" reverse engineered the Microsoft Digital Rights Management subsystem and, by October 18th, the results were available on cryptome.org. As part of the reverse engineering effort Screamer found an unpublished block cipher, which he dubbed MultiSwap, being used as part of DRM. Screamer did not need to break the MultiSwap cipher to break DRM, but we thought it would be a fun excercise, and summarize the results of our investigation below. The attacks described here show weaknesses in the MultiSwap encryption scheme, and could potentially contribute to an attack on DRM. However, the attack on DRM described by Beale Screamer would be much more practical, so we feel that these weaknesses in MultiSwap do not pose a significant threat to DRM at this time.
An anonymous security researcher working under the pseudonym "Beale Screamer" reverse engineered the Microsoft Digital Rights Management subsystem and, by October 18th, the results were available on cryptome.org. As part of the reverse engineering effort Screamer found an unpublished block cipher, which he dubbed MultiSwap, being used as part of DRM. Screamer did not need to break the MultiSwap cipher to break DRM, but we thought it would be a fun excercise, and summarize the results of our investigation below. The attacks described here show weaknesses in the MultiSwap encryption scheme, and could potentially contribute to an attack on DRM. However, the attack on DRM described by Beale Screamer would be much more practical, so we feel that these weaknesses in MultiSwap do not pose a significant threat to DRM at this time.
Thursday, October 25, 2001
Orbiscom
Orbiscom has created a global standard in secure and controlled online, offline and wireless card payment applications for financial institutions, online retailers, consumers and businesses. Partnering with brand leaders such as MBNA, Discover Financial Services, First Data Corporation, Allied Irish Banks and Microsoft, Orbiscom's secure online payment technology is now available to consumers in the United States and Europe.
Consumers shop safely when they use substitute credit and debit card numbers for online shopping. Orbiscom's technology enables financial institutions to provide their cardholders with the ability to generate a unique card number in place of their real card number for each purchase.
Orbiscom has created a global standard in secure and controlled online, offline and wireless card payment applications for financial institutions, online retailers, consumers and businesses. Partnering with brand leaders such as MBNA, Discover Financial Services, First Data Corporation, Allied Irish Banks and Microsoft, Orbiscom's secure online payment technology is now available to consumers in the United States and Europe.
Consumers shop safely when they use substitute credit and debit card numbers for online shopping. Orbiscom's technology enables financial institutions to provide their cardholders with the ability to generate a unique card number in place of their real card number for each purchase.
paybox - world's first mobile payment service
At last, mobile phones are wallets, and they're the newest, most secure way to shop online.
With paybox you can send money, receive money and pay with your mobile. It works with any bank account, any GSM mobile phone, across any mobile network. You don't need any special software. In five minutes you're ready to go!
All transactions are secure and no bank account numbers or credit card details are disclosed. All you need is a current account and a mobile phone!
Xine for Linux with DVD
Hi everyone, I'm Captain CSS,
bringing to you a css plugin for use with a linux dvd player called xine.
Using our software, you are able to view all of your encrypted and locked dvds without even noticing that someone tried real hard to keep you from doing so... finally dvd playback _REALLY_ comes to linux.
Hi everyone, I'm Captain CSS,
bringing to you a css plugin for use with a linux dvd player called xine.
Using our software, you are able to view all of your encrypted and locked dvds without even noticing that someone tried real hard to keep you from doing so... finally dvd playback _REALLY_ comes to linux.
THE BASTARD OPERATOR FROM HELL OFFICIAL ARCHIVE
It's backup day today so I'm pissed off. Being the BOFH, however, does have it's advantages. I reassign null to be the tape device - it's so much more economical on my time as I don't have to keep getting up to change tapes every 5 minutes. And it speeds up backups too, so it can't be all bad can it? Of course not.
A user rings
"Do you know why the system is slow?" they ask
"It's probably something to do with..." I look up today's excuse ".. clock speed"
"Oh" (Not knowing what I'm talking about, they're satisfied) "Do you know when it will be fixed?"
"Fixed? There's 275 users on your machine, and one of them is you. Don't be so selfish - logout now and give someone else a chance!"
"But my research results are due in tommorrow and all I need is one page of Laser Print.."
"SURE YOU DO. Well; You just keep telling yourself that buddy!" I hang up.
You'd really think people would learn not to call.
The New Hacker's Dictionary
This document is a collection of slang terms used by various subcultures of computer hackers. Though some technical material is included for background and flavor, it is not a technical dictionary; what we describe here is the language hackers use among themselves for fun, social communication, and technical debate.
This document is a collection of slang terms used by various subcultures of computer hackers. Though some technical material is included for background and flavor, it is not a technical dictionary; what we describe here is the language hackers use among themselves for fun, social communication, and technical debate.
Wednesday, October 24, 2001
Silent boots
When U.S. commandos sneak up on Osama bin Laden and put a cap in his turban, they may be wearing the fruits of the U.S. government's "Silent Boots" research project. Here are excerpts from a 1999 report prepared for the Department of State's Technical Support Working Group (whose mission is to "conduct rapid research, development, and prototyping of technologies in support of counterterrorism and antiterrorism"). We're pretty sure the last thing a Special Forces member needs is to have his boots squeak on a cave floor. (9 pages)
When U.S. commandos sneak up on Osama bin Laden and put a cap in his turban, they may be wearing the fruits of the U.S. government's "Silent Boots" research project. Here are excerpts from a 1999 report prepared for the Department of State's Technical Support Working Group (whose mission is to "conduct rapid research, development, and prototyping of technologies in support of counterterrorism and antiterrorism"). We're pretty sure the last thing a Special Forces member needs is to have his boots squeak on a cave floor. (9 pages)
Tuesday, October 23, 2001
FBI Programs and Initiatives - Carnivore Diagnostic Tool
In recent years, the FBI has encountered an increasing number of criminal investigations in which the criminal subjects use the Internet to communicate with each other or to communicate with their victims. Because many Internet Service Providers (ISP) lacked the ability to discriminate communications to identify a particular subject's messages to the exclusion of all others, the FBI designed and developed a diagnostic tool, called Carnivore.
"Real" Deal about Nuclear, Bio, and Chem Attacks
Since the media has decided to scare everyone with predictions of chemical, biological, or nuclear warfare on our turf I decided to write a paper and keep things in their proper perspective. I am a retired military weapons, munitions, and training expert.
Since the media has decided to scare everyone with predictions of chemical, biological, or nuclear warfare on our turf I decided to write a paper and keep things in their proper perspective. I am a retired military weapons, munitions, and training expert.
SecureMedia
SecureMedia is the leading provider of secure digital media distribution solutions that enable complete end-to-end protection of streamed and downloaded media, from source to point of rendering.
SecureMedia is the leading provider of secure digital media distribution solutions that enable complete end-to-end protection of streamed and downloaded media, from source to point of rendering.
Monday, October 22, 2001
Security-Enhanced Linux version 3
The third public release of the LSM-based SELinux prototype was made. This release contains several bug fixes and improvements to both LSM and SELinux and is based on the lsm-2001_10_11 patch against kernel 2.4.12.
The third public release of the LSM-based SELinux prototype was made. This release contains several bug fixes and improvements to both LSM and SELinux and is based on the lsm-2001_10_11 patch against kernel 2.4.12.
Friday, October 19, 2001
Mario's Cyberspace Station - The Global News Portal
This is USA mirror of the biggest one man's handmade website in Cyberspace with more than a thousand web pages and over 4.5 million hits so far.
This is USA mirror of the biggest one man's handmade website in Cyberspace with more than a thousand web pages and over 4.5 million hits so far.
Intelligence and Security Webring
Sites of intelligence, security, espionage, national security, computer security, competitive intelligence, economic intelligence and military intelligence. CIA, DIA, NSA, MI, NRO and others welcome. Knowledge Management and business intelligence.
Sites of intelligence, security, espionage, national security, computer security, competitive intelligence, economic intelligence and military intelligence. CIA, DIA, NSA, MI, NRO and others welcome. Knowledge Management and business intelligence.
National Security News
The Federation of American Scientists conducts analysis and advocacy on science, technology and public policy, including national security, nuclear weapons, arms sales, biological hazards, secrecy, education technology, information technology, energy and the environment. FAS is a privately-funded non-profit policy organization whose Board of Sponsors includes 58 of America's Nobel laureates in the sciences.
Advanced Electronic Security Company
Technical Surveillance Counter Measures (TSCM). Using The BEST Technology Available. Electronic Bug sweeps to detect and eliminate electronic eavesdropping and surveillance devices.
Technical Surveillance Counter Measures (TSCM) is our specialty. We eliminate telephone line bugs and wiretaps (using wiretap detection sweeps), computer data line taps and bugs (telecommunications security line sweeps), and bug sweep your conference rooms (using electronic room bug sweeping).
Tuesday, October 16, 2001
LANguard File Integrity Checker
LANguard File Integrity Checker is a utility that provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/NT system. If this happens it will alert the administrator by email. Since hackers need to change certain system files to gain access, this FREEWARE utility provides a great means to further secure any servers open to attack.
LANguard Network Scanner
LANguard Network Scanner is a freeware security & port scanner to audit your network security. It scans entire networks and provides NETBIOS information for each computer such as hostname, shares, logged on user name. It does OS detection, password strength testing, detects registry issues and more. Reports are outputted in HTML.
Monday, October 15, 2001
Meet the computer criminals: they'll see you in your office
It doesn't take technical wizardry or a cunning disguise to gain access to your confidential data, as Mark Halper discovers.
Visit the home of a computer security professional and you'd expect to see the usual trappings of the trade: a collection of keyboards, monitors, tangled phone wires and racks of anti-virus software.
But for one IBM security consultant called Paul, there's something a bit more curious. Hanging in Paul's ward-robe is a collection of tradesmen's outfits including hard hats, boiler suits, phone equipment belts and meter-reader shirts.
It doesn't take technical wizardry or a cunning disguise to gain access to your confidential data, as Mark Halper discovers.
Visit the home of a computer security professional and you'd expect to see the usual trappings of the trade: a collection of keyboards, monitors, tangled phone wires and racks of anti-virus software.
But for one IBM security consultant called Paul, there's something a bit more curious. Hanging in Paul's ward-robe is a collection of tradesmen's outfits including hard hats, boiler suits, phone equipment belts and meter-reader shirts.
John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well.
SAINT:: Vulnerability Tool
The Security Administrator's Integrated Network Tool (SAINT™), an updated and enhanced version of SATAN, is designed to assess the security of computer networks.
Gartner: Most IT security problems self-inflicted
About 90% of security breaches occur because attackers take advantage of software that IT staffers have either misconfigured or failed to patch, a Gartner Inc. analyst said.
About 90% of security breaches occur because attackers take advantage of software that IT staffers have either misconfigured or failed to patch, a Gartner Inc. analyst said.
Wednesday, October 10, 2001
UK Report on Responsibility for the September 11 Terrorist Attacks
This document does not purport to provide a prosecutable case against Usama Bin Laden in a court of law. Intelligence often cannot be used evidentially, due both to the strict rules of admissibility and to the need to protect the safety of sources. But on the basis of all the information available HMG is confident of its conclusions as expressed in this document.
This document does not purport to provide a prosecutable case against Usama Bin Laden in a court of law. Intelligence often cannot be used evidentially, due both to the strict rules of admissibility and to the need to protect the safety of sources. But on the basis of all the information available HMG is confident of its conclusions as expressed in this document.
Tuesday, October 09, 2001
Men & Mice - Domain Health Survey
Since 1998, Men & Mice has conducted numerous surveys on DNS (Domain Name System) "health" issues. The purpose of these surveys is to increase awareness of DNS security for organizations with on-line presence. The Domain Name System is the heartbeat of the Internet and every task performed using a web browser or email application relies on DNS. Numeous publications have cited our research.
Since 1998, Men & Mice has conducted numerous surveys on DNS (Domain Name System) "health" issues. The purpose of these surveys is to increase awareness of DNS security for organizations with on-line presence. The Domain Name System is the heartbeat of the Internet and every task performed using a web browser or email application relies on DNS. Numeous publications have cited our research.
Monday, October 08, 2001
Crypto Law Survey
This is a survey of existing and proposed laws and regulations on cryptography - systems used for protecting information against unauthorized access. Governments have long restricted export of cryptography for fear that their intelligence activities are hampered by the crypto use of foreign states and scoundrels. Since the rise of crypto use over the past decades, governments increasingly worry about criminals using cryptography to thwart law enforcement. Thus, many countries are considering laws focusing on maintaining law-enforcement and national-security capabilities through regulation of cryptography.
This survey gives an overview of the current state of affairs, with entries per country on import/export controls, domestic laws, developments to restrict cryptography, and developments favoring crypto use.
This is a survey of existing and proposed laws and regulations on cryptography - systems used for protecting information against unauthorized access. Governments have long restricted export of cryptography for fear that their intelligence activities are hampered by the crypto use of foreign states and scoundrels. Since the rise of crypto use over the past decades, governments increasingly worry about criminals using cryptography to thwart law enforcement. Thus, many countries are considering laws focusing on maintaining law-enforcement and national-security capabilities through regulation of cryptography.
This survey gives an overview of the current state of affairs, with entries per country on import/export controls, domestic laws, developments to restrict cryptography, and developments favoring crypto use.
Wednesday, October 03, 2001
Uncle Sam Should Learn to Hack
With the specter of the World Trade Center and Pentagon disasters looming large in the minds of lawmakers, the cry to ban U.S. exports of sophisticated encryption software has risen anew. Encryption, or cryptography [crypto for short], is the science of devising codes that cloak messages in secret language. It involves using complex algorithms to mix characters of a message with other characters or values in a seemingly nonsensical way. The result is gibberish that even the biggest supercomputers struggle to decode.
In 1998, the U.S. government removed a ban on the production and export for sale of advanced cryptographic software and equipment. That raised the ire of law-enforcement officials and national-security hawks. But the hubbub quickly died down thanks to the glowing aura of the boom economy. Now, it appears that encryption exports may be in jeopardy again as the U.S. scours the globe for Osama bin Laden and his Al Qaeda cohorts.
With the specter of the World Trade Center and Pentagon disasters looming large in the minds of lawmakers, the cry to ban U.S. exports of sophisticated encryption software has risen anew. Encryption, or cryptography [crypto for short], is the science of devising codes that cloak messages in secret language. It involves using complex algorithms to mix characters of a message with other characters or values in a seemingly nonsensical way. The result is gibberish that even the biggest supercomputers struggle to decode.
In 1998, the U.S. government removed a ban on the production and export for sale of advanced cryptographic software and equipment. That raised the ire of law-enforcement officials and national-security hawks. But the hubbub quickly died down thanks to the glowing aura of the boom economy. Now, it appears that encryption exports may be in jeopardy again as the U.S. scours the globe for Osama bin Laden and his Al Qaeda cohorts.
Subscribe to:
Posts (Atom)
