The IBM Tivoli Privacy Wizard
The pressure for comprehensive, effective privacy policies are rising every day. Creating your written policy is only the first step in this increasingly vital process. To be useful, your policy must then be translated into an electronic language that can be applied across your IT infrastructure. But how do you translate a human-language policy into an electronic format that applications can actually understand and use?
With the IBM Tivoli Privacy Wizard, it's easy and available to you for no charge!
The downloadable IBM Tivoli Privacy Wizard lets you define your privacy policies and translate them into an electronic language that many applications can understand and apply. Your IT department can then use that information to implement and maintain the new privacy policies. Policies created by the Wizard can be exported to P3P format, the current industry standard.
Friday, April 05, 2002
How To Give Network Security Administrators a Tremendous Headache
When I first plunged into the internals of HTTPS proxies, the idea on how to abuse these for unlimited Internet access immediately came to me. It dawned on me that, in essence, an HTTPS web proxy is a sort of tunnel into the Internet for everyone who is willing to speak the HTTP's protocol CONNECT command. And since all the traffic that passed through the tunnel is supposed to be SSL encrypted (so as to form an unhindered SSL session between the browser and the HTTPS server), there are little or no access controls possible on such a tunnel. I filed these ideas under the section "Interesting; must do something with this later"...
When "later" came, it turned out that the realisation described above could have very interesting security repercussions.....
When I first plunged into the internals of HTTPS proxies, the idea on how to abuse these for unlimited Internet access immediately came to me. It dawned on me that, in essence, an HTTPS web proxy is a sort of tunnel into the Internet for everyone who is willing to speak the HTTP's protocol CONNECT command. And since all the traffic that passed through the tunnel is supposed to be SSL encrypted (so as to form an unhindered SSL session between the browser and the HTTPS server), there are little or no access controls possible on such a tunnel. I filed these ideas under the section "Interesting; must do something with this later"...
When "later" came, it turned out that the realisation described above could have very interesting security repercussions.....
SAFE ROOMS COME OUT OF HIDING
It would be easy to think that the safe room starring in Jodie Foster's new film, "Panic Room," is merely the product of a screenwriter's imagination.
Most people haven't heard of these hidden spaces that provide safe havens for homeowners in the tense minutes between a break-in and the arrival of the police.
Well, safe rooms are out there, and not just in the homes of California celebrities and corporate heads in New York, where "Panic Room" takes place. A trio of them are currently being constructed inside a downtown Boston condominium near the Four Seasons Hotel.
Often brushed aside as an urban myth or a plaything for the paranoid, safe rooms have been around for centuries. They're the modern-day equivalent of castle keeps and bomb shelters that can be found in high-end homes, corporate offices, and even health clinics. Nobody has statistics on just how many are out there, since their effectiveness depends on the silence of their owners and the people who build them. The $ 30 million opening weekend of "Panic Room" drags what was once secret into the public lexicon.
Suddenly, safe-room designers are using the film as an excuse to speak very carefully about the rooms they outfit with bulletproof doors, surveillance cameras, ventilation systems, and tamper-proof communication equipment. Cynics may say they are motivated by a desire to generate new business, but the designers are unveiling an industry that has been quietly thriving for decades.
It would be easy to think that the safe room starring in Jodie Foster's new film, "Panic Room," is merely the product of a screenwriter's imagination.
Most people haven't heard of these hidden spaces that provide safe havens for homeowners in the tense minutes between a break-in and the arrival of the police.
Well, safe rooms are out there, and not just in the homes of California celebrities and corporate heads in New York, where "Panic Room" takes place. A trio of them are currently being constructed inside a downtown Boston condominium near the Four Seasons Hotel.
Often brushed aside as an urban myth or a plaything for the paranoid, safe rooms have been around for centuries. They're the modern-day equivalent of castle keeps and bomb shelters that can be found in high-end homes, corporate offices, and even health clinics. Nobody has statistics on just how many are out there, since their effectiveness depends on the silence of their owners and the people who build them. The $ 30 million opening weekend of "Panic Room" drags what was once secret into the public lexicon.
Suddenly, safe-room designers are using the film as an excuse to speak very carefully about the rooms they outfit with bulletproof doors, surveillance cameras, ventilation systems, and tamper-proof communication equipment. Cynics may say they are motivated by a desire to generate new business, but the designers are unveiling an industry that has been quietly thriving for decades.
Thursday, April 04, 2002
Freeware downloads: Security
- Access Control
Restrict and monitor Internet usage, this includes keystroke monitoring, Internet usage etc. - Anti-Virus (Specialized)
Anti-Virus tools, specialized for individual viruses, trojans or worms. These tools are usually released quickly after a new, fast spreading virus is discovered. - Anti-Virus Tools
Virus protection is a "must have" when you are using the Internet. - Cache and Cookie
Clean your browser cache, securely delete files and/or cookies. - E-mail Security & Encryption
Protect the privacy of your email communications. - File Encryption Tools
These tools can be used to encrypt email messages or files on your computer. - Password Manager
Manage and store your passwords, generate random passwords and more. - Personal Firewalls
Protect your computer from intruders. - Secure File Deletion
Digital File Shredders - Permanently delete files beyond recovery... - Security Tools
These tools are intended to monitor your Internet or network connection and alert you of potential intruders. They are NOT firewalls!
SpyBlocker Software
This site is dedicated to help secure your communications and files from third parties, as well as several other important security aspects that may arise when you are connected to the Internet.
Wednesday, April 03, 2002
Kernel Based Keylogger
There is a wide variety of keyloggers for Windows and only a few crippled ones for Linux. This paper describes some basic concepts, used techniqes and hits. I've also included proof of concept LKM code which was tested "in the wild". A must read for every pen tester, system administrator and honeypot freak :)
There is a wide variety of keyloggers for Windows and only a few crippled ones for Linux. This paper describes some basic concepts, used techniqes and hits. I've also included proof of concept LKM code which was tested "in the wild". A must read for every pen tester, system administrator and honeypot freak :)
socklog
Socklog in cooperation with djb's daemontools is a small and secure replacement for syslogd.
Socklog in cooperation with djb's daemontools is a small and secure replacement for syslogd.
syslog-ng
syslog-ng, as the name shows, is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pairs; syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful. Forwarding logs over TCP and remembering all forwarding hops makes it ideal for firewalled environments.
syslog-ng is in use primarily on Linux, Solaris and FreeBSD, and should be quite easily ported to other BSD-like Unixes.
syslog-ng, as the name shows, is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pairs; syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful. Forwarding logs over TCP and remembering all forwarding hops makes it ideal for firewalled environments.
syslog-ng is in use primarily on Linux, Solaris and FreeBSD, and should be quite easily ported to other BSD-like Unixes.
The Distributed Honeypot Project
Imagine having the ability to deploy an entire honeynet system on a single machine, complete with data control and data capture. The focus of this paper outlines a proof of concept that such a system is possible. Originally intended to be showcased using open source operating system technologies, the solution was completed via mainstream consumer products. Design and configuration of the system will be provided, along with discussion of other potential solutions. Although to my knowledge this is the first published example of this type of technology, it is completely possible that someone else has already implemented such a system. Think Alexander Graham Bell.
Imagine having the ability to deploy an entire honeynet system on a single machine, complete with data control and data capture. The focus of this paper outlines a proof of concept that such a system is possible. Originally intended to be showcased using open source operating system technologies, the solution was completed via mainstream consumer products. Design and configuration of the system will be provided, along with discussion of other potential solutions. Although to my knowledge this is the first published example of this type of technology, it is completely possible that someone else has already implemented such a system. Think Alexander Graham Bell.
Modular Syslog
A replacement to traditional syslog daemons. Including cryptographic log protection, mysql, postgresql. Supported on Linux, BSD, Irix, Solaris and AIX.
A replacement to traditional syslog daemons. Including cryptographic log protection, mysql, postgresql. Supported on Linux, BSD, Irix, Solaris and AIX.
Tuesday, April 02, 2002
R.U.N.S.A.F.E.
The information and associated steps listed on this page are key components to everyone's online security. Everyone should understand them and be able to take the actions described. R.U.N.S.A.F.E. workshops are offered once per semester that describe the incidents we've seen at JMU, the threats we're exposed to, and that teach the defensive concepts and procedures described here.
The information and associated steps listed on this page are key components to everyone's online security. Everyone should understand them and be able to take the actions described. R.U.N.S.A.F.E. workshops are offered once per semester that describe the incidents we've seen at JMU, the threats we're exposed to, and that teach the defensive concepts and procedures described here.
TUCOFS - The Ultimate Collection of Forensic Software
TUCOFS, or T.U.C.O.F.S., stands for The Ultimate Collection of Forensic Software. This site places all Law Enforcement Personnel in touch with the latest and greatest Internet based resources for High Tech Law Enforcement purposes. Resource types include files, sofware, websites and documentation.
TUCOFS, or T.U.C.O.F.S., stands for The Ultimate Collection of Forensic Software. This site places all Law Enforcement Personnel in touch with the latest and greatest Internet based resources for High Tech Law Enforcement purposes. Resource types include files, sofware, websites and documentation.
Wednesday, March 27, 2002
Trinux: A Linux Security Toolkit
Trinux is a ramdisk-based Linux distribution that boots from a single floppy or CD-ROM, loads it packages from an HTTP/FTP server, a FAT/NTFS/ISO filesystem, or additional floppies. Trinux contains the latest versions of popular Open Source network security tools for port scanning, packet sniffing, vulnerability scanning, sniffer detection, packet construction, active/passive OS fingerprinting, network monitoring, session-hijacking, backup/recovery, computer forensics, intrusion detection, and more. Trinux also provides support for Perl, PHP, and Python scripting languages. Remote Trinux boxes can be managed securely with OpenSSH.
Trinux is a ramdisk-based Linux distribution that boots from a single floppy or CD-ROM, loads it packages from an HTTP/FTP server, a FAT/NTFS/ISO filesystem, or additional floppies. Trinux contains the latest versions of popular Open Source network security tools for port scanning, packet sniffing, vulnerability scanning, sniffer detection, packet construction, active/passive OS fingerprinting, network monitoring, session-hijacking, backup/recovery, computer forensics, intrusion detection, and more. Trinux also provides support for Perl, PHP, and Python scripting languages. Remote Trinux boxes can be managed securely with OpenSSH.
Open Source Security Tools
• Host Security Scanners
• Intrusion Detection
• VPN Tools
• Reporting Tools
• Secure Applications
• Host Security Scanners
• Intrusion Detection
• VPN Tools
• Reporting Tools
• Secure Applications
Analyzer Switch
The Net Optics' Analyzer Switch / Matrix Switch maximizes your monitoring effectivness while minimizing incremental spending. The passive, 1xN SpyderSwitch enables a single protocol analyzer to perform real-time monitoring and analysis on your choice of up to 32 networks.
The Net Optics' Analyzer Switch / Matrix Switch maximizes your monitoring effectivness while minimizing incremental spending. The passive, 1xN SpyderSwitch enables a single protocol analyzer to perform real-time monitoring and analysis on your choice of up to 32 networks.
Monday, March 25, 2002
TCPDUMP public repository
This page was started to collect various patches that have been floating around for LBL's tcpdump and libpcap programs, and to continue the work needed on both projects.
This page was started to collect various patches that have been floating around for LBL's tcpdump and libpcap programs, and to continue the work needed on both projects.
lcrzoex
lcrzo is a toolbox containing over 300 functionnalities to test an Ethernet/IP network (sniff, spoof, configuration, clients, servers, etc.).
lcrzo is a toolbox containing over 300 functionnalities to test an Ethernet/IP network (sniff, spoof, configuration, clients, servers, etc.).
USERS NOTICE
To be used on your workstations and servers:
------
This computer system is for authorized use only. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized site and law enforcement personnel. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of authorized site personnel. Unauthorized or improper use of this system may result in administrative disciplinary action or civil or criminal penalties. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.
------
To be used on your workstations and servers:
------
This computer system is for authorized use only. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized site and law enforcement personnel. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of authorized site personnel. Unauthorized or improper use of this system may result in administrative disciplinary action or civil or criminal penalties. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.
------
Responding to Problems
CIO worked with the Secret Service, the FBI and industry leaders to create guidelines for reporting security incidents — what to report, who to report it to, and how.
CIO worked with the Secret Service, the FBI and industry leaders to create guidelines for reporting security incidents — what to report, who to report it to, and how.
Information Security Congress at UniNet - InfoSec 2002
As a way to share with the community valuable information, UniNet, the Virtual Network of Telematic Resources, is glad to present, THE INFORMATION SECURITY CONGRESS AT UNINET from April 15th to 19th.
As a way to share with the community valuable information, UniNet, the Virtual Network of Telematic Resources, is glad to present, THE INFORMATION SECURITY CONGRESS AT UNINET from April 15th to 19th.
Saturday, March 23, 2002
Miniature digital voice recorder Edic-Mini
The digital voice recorder Edic-Mini is intended to record the voice messages to the built-in FLASH memory. It can play back the stored messages using the earphone or download the messages to the personal computer. Besides it can operate as a "digital diskette" to store and carry over any digital data of up to 16-1024 MB.
Edic-mini is an extremely small (17x57x10 mm) and light (8 g) device. It can store up to 4480 min of voice (much more with Voice Activation System (VAS) enabled), has a high-sensitive built-in microphone (range up to 8 m) and a wide dynamic range. It can continuously record for up to 80 hours or keep the date/time for up to 2 years from a single battery.
Since Edic-Mini has no moving parts it can safely operate in a wide environmental range and without being detected by the special equipment.
The digital voice recorder Edic-Mini is intended to record the voice messages to the built-in FLASH memory. It can play back the stored messages using the earphone or download the messages to the personal computer. Besides it can operate as a "digital diskette" to store and carry over any digital data of up to 16-1024 MB.
Edic-mini is an extremely small (17x57x10 mm) and light (8 g) device. It can store up to 4480 min of voice (much more with Voice Activation System (VAS) enabled), has a high-sensitive built-in microphone (range up to 8 m) and a wide dynamic range. It can continuously record for up to 80 hours or keep the date/time for up to 2 years from a single battery.
Since Edic-Mini has no moving parts it can safely operate in a wide environmental range and without being detected by the special equipment.
Friday, March 22, 2002
Center for Internet Security
The Center for Internet Security (CIS) is a not-for-profit cooperative enterprise that helps organizations reduce the risk of business and e-commerce disruptions resulting from inadequate security configurations.
CIS members are developing and propagating the widespread application of Security Benchmarks through a global consensus process that brings together industry, government, academia and consultants. CIS Benchmarks enumerate the "When, Why, and How" aspects of technical security configurations across a wide range of operating system platforms and Internet software applications.
The benchmarks are available free of charge to the Internet community via this web site.
The Center for Internet Security (CIS) is a not-for-profit cooperative enterprise that helps organizations reduce the risk of business and e-commerce disruptions resulting from inadequate security configurations.
CIS members are developing and propagating the widespread application of Security Benchmarks through a global consensus process that brings together industry, government, academia and consultants. CIS Benchmarks enumerate the "When, Why, and How" aspects of technical security configurations across a wide range of operating system platforms and Internet software applications.
The benchmarks are available free of charge to the Internet community via this web site.
Wednesday, March 20, 2002
Honeypotting with VMware
Honeypots are becoming more common as security professionals attempt to conduct more detailed research on current "state of the art" practices among attackers. Honeypots are also invaluable for learning about an attackers motivations, their habits and patterns of behavior. Unfortunately setting up a proper honeypot is a non-trivial task, and correctly configuring network sensors to capture all data, as well as the resulting forensics tasks can be rather daunting. The good news is that there are a number of tools and techniques that can make life much easier for some honeypot administrators.
Honeypots are becoming more common as security professionals attempt to conduct more detailed research on current "state of the art" practices among attackers. Honeypots are also invaluable for learning about an attackers motivations, their habits and patterns of behavior. Unfortunately setting up a proper honeypot is a non-trivial task, and correctly configuring network sensors to capture all data, as well as the resulting forensics tasks can be rather daunting. The good news is that there are a number of tools and techniques that can make life much easier for some honeypot administrators.
Tuesday, March 19, 2002
Department of Defense Computer Forensics Laboratory
The Department of Defense Computer Forensics Laboratory (DCFL) provides the community with timely, unbiased evidence examination, analysis and operational support. Teamed with the Department of Defense Law Enforcement and Counterintelligence Community our unique technical expertise and computer solutions ensure information superiority for the War fighter.
The Department of Defense Computer Forensics Laboratory (DCFL) provides the community with timely, unbiased evidence examination, analysis and operational support. Teamed with the Department of Defense Law Enforcement and Counterintelligence Community our unique technical expertise and computer solutions ensure information superiority for the War fighter.
The Digital Offense
- FTP passive connection hijacker
- RFP's Whisker with SSL support
- Retrieves the system load from a XDMCP daemon
- Linux LKM that changes uname() results
- A chroot jail wrapper for ordinary shells
- SSL and Proxy enabled IIS 4/5 Unicode Exploit
- Relays a SQL query through IIS's RDS component
- Unix command line MS-SQL client
- Checks for the IIS 4.0/5.0 .ida/.idq heap overflow
- Determines if a DNS service is available.
- Upload files via PUT requests.
- Extremely fast nfs scanner (raw udp)
- Crashes the Windows 2000 SMTP service.
- Crashes the Microsoft FTP service.
thc - the hacker's choice
Welcome to the official THC website. THC is a short form for "The Hacker's Choice". THC was founded in 1995 in Germany by a group of people involved in hacking, phreaking and anarchy. Through the years THC was joined by other experts and grew to probably Germany's best hacking group.
The intention of THC is to demonstrate weaknesses in common security solutions that can be found in telecommunication and network services.
On this site you will find software and papers that were released by THC members. They should provide you with knowledge and the ability to check for security problems. We also want to advice you not to use any information or software provided on this site for illegal purposes. Respect the law as we do.
THC is a non-commercial group, every line of code, of text and of this site has been written in our free time. So please excuse any uncomfort, we are trying to give our best every single day.
Forensic Software Sources
This page is a compilation of sites that have been supplied to me, and ones I have found to contain useful sources of forensic software. No endorsement of any kind is made for any of the products found in these sites. These sites are merely compiled here for easy quick reference for those wishing to obtain forensic tools.
This page is a compilation of sites that have been supplied to me, and ones I have found to contain useful sources of forensic software. No endorsement of any kind is made for any of the products found in these sites. These sites are merely compiled here for easy quick reference for those wishing to obtain forensic tools.
Monday, March 18, 2002
Peter Gutmann's Home Page
My research interests cover the design and analysis of security techniques and systems, with a sideline in various obscure security-related areas such as the recovery of deleted data from magnetic media, and whatever else happens to catch my interest.
My research interests cover the design and analysis of security techniques and systems, with a sideline in various obscure security-related areas such as the recovery of deleted data from magnetic media, and whatever else happens to catch my interest.
Security and Encryption Links
Encryption and Security-related Resources. The following are security-related resources (aka "the crypto link farm") that I've found on the net.
Encryption and Security-related Resources. The following are security-related resources (aka "the crypto link farm") that I've found on the net.
Thursday, March 14, 2002
How codebreakers cracked the secrets of the smart card
The process was complex, time-consuming, and very expensive. This was not about a lone hacker sitting at a computer screen trying to guess passwords. Instead, it was an attempt to split the foundation stone supporting an entire industry - the technology protecting pay TV.
The challenge handed in the autumn of 1997 to a team of scientists working quietly at a laboratory in Haifa, northern Israel, was to crack the encryption technique used to unscramble TV signals delivered to many paying customers through cable and satellite across Europe and the US.
The process was complex, time-consuming, and very expensive. This was not about a lone hacker sitting at a computer screen trying to guess passwords. Instead, it was an attempt to split the foundation stone supporting an entire industry - the technology protecting pay TV.
The challenge handed in the autumn of 1997 to a team of scientists working quietly at a laboratory in Haifa, northern Israel, was to crack the encryption technique used to unscramble TV signals delivered to many paying customers through cable and satellite across Europe and the US.
Wednesday, March 13, 2002
FAQ: Network Intrusion Detection Systems
This FAQ answers simple questions related to detecting intruders who attack systems through the network, especially how such intrusions can be detected.
This FAQ answers simple questions related to detecting intruders who attack systems through the network, especially how such intrusions can be detected.
MRTG: The Multi Router Traffic Grapher
The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing graphical images which provide a LIVE visual representation of this traffic. MRTG is based on Perl and C and works under UNIX and Windows NT.
The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing graphical images which provide a LIVE visual representation of this traffic. MRTG is based on Perl and C and works under UNIX and Windows NT.
Tuesday, March 12, 2002
Laptop Computer Security
This paper discusses the issues surrounding laptop computer security and offers some basic approaches to securing laptops.
This paper discusses the issues surrounding laptop computer security and offers some basic approaches to securing laptops.
Hammer of God Utilities
Here are just a few of the utilities we have designed to enhance your pen-testing sessions. Go nuts.
Here are just a few of the utilities we have designed to enhance your pen-testing sessions. Go nuts.
Security Toolbox
The Security Toolbox is a collection of freeware tools related to Windows security. The tools are not based on anybody elses source code, and we will not give away the code or give explainations of how the tools are built, so please don't send any mails asking for either - we will ignore all such mails. Also, please note that using some of these tools against systems without permission from the system owner(s) may be illegal in your country! Although some of these tools can be used by unethical attackers we hope that these tools will do more good than bad overall.
The Security Toolbox is a collection of freeware tools related to Windows security. The tools are not based on anybody elses source code, and we will not give away the code or give explainations of how the tools are built, so please don't send any mails asking for either - we will ignore all such mails. Also, please note that using some of these tools against systems without permission from the system owner(s) may be illegal in your country! Although some of these tools can be used by unethical attackers we hope that these tools will do more good than bad overall.
Monday, March 11, 2002
Thursday, March 07, 2002
Optical Tempest from LED's
A previously unknown form of compromising emanations has been discovered. LED status indicators on data communication equipment, under certain conditions, are shown to carry a modulated optical signal that is significantly correlated with information being processed by the device. Physical access is not required; the attacker gains access to all data going through the device, including plaintext in the case of data
encryption systems. Experiments show that it is possible to intercept data under realistic conditions at a considerable distance. Many di®erent sorts of devices, including modems and Internet Protocol routers, were found to be vulnerable. A taxonomy of compromising optical emanations is developed, and design changes are described that will successfully block this kind of “Optical Tempest” attack.
A previously unknown form of compromising emanations has been discovered. LED status indicators on data communication equipment, under certain conditions, are shown to carry a modulated optical signal that is significantly correlated with information being processed by the device. Physical access is not required; the attacker gains access to all data going through the device, including plaintext in the case of data
encryption systems. Experiments show that it is possible to intercept data under realistic conditions at a considerable distance. Many di®erent sorts of devices, including modems and Internet Protocol routers, were found to be vulnerable. A taxonomy of compromising optical emanations is developed, and design changes are described that will successfully block this kind of “Optical Tempest” attack.
Optical Time-Domain Evesdropping Risk op CRT Displays
Tempest (in PDF format) with an extensive scientific explanation.
Tempest (in PDF format) with an extensive scientific explanation.
Wednesday, March 06, 2002
Opentap
Opentap plans to release free software that will be a minimalistic implementation of the Dutch (and soon European) tapping requirements, in so far they make sense and have been defined in current law and policies so that the ISP's costs and risks are limited to a minimum, and the citizen's tapped data is better protected against the unknowns of overspecified black boxes that ISP's would otherwise need to buy.
We are further redistributing and organizing all information regarding lawful interception for public access on this site, so people can find their way through the trememdous bureaucratic heap of papers that are and have been produced.
Opentap plans to release free software that will be a minimalistic implementation of the Dutch (and soon European) tapping requirements, in so far they make sense and have been defined in current law and policies so that the ISP's costs and risks are limited to a minimum, and the citizen's tapped data is better protected against the unknowns of overspecified black boxes that ISP's would otherwise need to buy.
We are further redistributing and organizing all information regarding lawful interception for public access on this site, so people can find their way through the trememdous bureaucratic heap of papers that are and have been produced.
iPod at core of 'virtual shoplifting' case
According to a report in Wired, a youth armed with only an iPod walked into a US computer store and walked out with hundreds of pounds worth of Mac software.
By plugging the iPod into a display Mac using a FireWire cable, the virtual thief was able to simply drag and drop applications from the Mac to the iPod. The iPod wouldn't even have had to leave the thief's pocket.
Network scanners pinpoint problems
In the past, there hasn't been much good news about the state of vulnerability-assessment scanners. Their reputation has been plagued with false positive reports, lack of scalability, lagging updates and inadequate reporting tools.
While some areas still need a bit of improvement, vulnerability scanners have useful tools for helping network professionals identify potential vulnerabilities and security. However, we also found that many of these products may have trouble scaling to fit the requirements of enterprise networks.
In the past, there hasn't been much good news about the state of vulnerability-assessment scanners. Their reputation has been plagued with false positive reports, lack of scalability, lagging updates and inadequate reporting tools.
While some areas still need a bit of improvement, vulnerability scanners have useful tools for helping network professionals identify potential vulnerabilities and security. However, we also found that many of these products may have trouble scaling to fit the requirements of enterprise networks.
Tuesday, March 05, 2002
K12LTSP - K12 Linux Terminal Server Project
K12LTSP is based on RedHat Linux and the LTSP terminal server packages. It's easy to install and configure. It's distributed under the GNU General Public License . That means it's free and it's based on Open Source software.
Once installed K12LTSP lets you boot diskless workstations from an applications server. You can use old PC's as diskless clients or buy new ones for under $200 each.
All applications run on the terminal server. Workstations are "thin." They have no software or hard drives. Thin-clients are perfect for schools because they are easy to install and require little maintenance. They are reliable and immune to malicious tampering and viruses.
K12LTSP is based on RedHat Linux and the LTSP terminal server packages. It's easy to install and configure. It's distributed under the GNU General Public License . That means it's free and it's based on Open Source software.
Once installed K12LTSP lets you boot diskless workstations from an applications server. You can use old PC's as diskless clients or buy new ones for under $200 each.
All applications run on the terminal server. Workstations are "thin." They have no software or hard drives. Thin-clients are perfect for schools because they are easy to install and require little maintenance. They are reliable and immune to malicious tampering and viruses.
Monday, March 04, 2002
Sandtrap
Sandtrap is the FIRST commercially available, multi-line wardialer detector. It makes an excellent add-on to Phonesweep or use it on its own.
Sandtrap is the FIRST commercially available, multi-line wardialer detector. It makes an excellent add-on to Phonesweep or use it on its own.
Sunday, March 03, 2002
Free online network utilities - traceroute, nslookup, smart whois, ping, finger - each utility with source code
- Domain Dossier
- Email Dossier
- Browser Mirror
- Traceroute
- NsLookup
- AutoWhois
- TcpQuery
- AnalyzePath
Excel password remover
Have you ever forgotten your Excel workbook or sheet password?
Here you can download an almost FREE (Postcard ware) Excel add-in that removes/cracks sheet and workbook password protection in Excel® upto XP version.
Have you ever forgotten your Excel workbook or sheet password?
Here you can download an almost FREE (Postcard ware) Excel add-in that removes/cracks sheet and workbook password protection in Excel® upto XP version.
Thursday, February 28, 2002
munitions - cryptographic software for linux
This is one of the several public mirrors of the linux cryptography archives known as munitions.
Wednesday, February 27, 2002
Security and Encryption FAQ-Revision 15
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."
Article 12 Universal Declaration of Human Rights
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."
Article 12 Universal Declaration of Human Rights
BRIK
BRIK Asset Control provides the company administrator with the necessary tools to track the location and usage of company computer assets. If the computer is stolen or lost, BRIK Asset Control will assist in determining the location of the stolen equipment such that the proper authorities may retrieve the stolen property.
BRIK Asset Control provides the company administrator with the necessary tools to track the location and usage of company computer assets. If the computer is stolen or lost, BRIK Asset Control will assist in determining the location of the stolen equipment such that the proper authorities may retrieve the stolen property.
S/MIME Freeware Library (SFL)
The S/MIME Freeware Library (SFL) implements the IETF S/MIME v3 RFC 2630 Cryptographic Message Syntax (CMS) and RFC 2634 Enhanced Security Services (ESS) specifications. It supports all of the optional ESS security features such as signed receipts, security labels, secure mail list information, and signing certificate attributes. It also implements portions of the RFC 2633 Message Specification and RFC 2632 Certificate Handling document. When used in conjunction with the Crypto freeware library, the SFL implements the RFC 2631 Diffie-Hellman (D-H) Key Agreement Method specification.
The S/MIME Freeware Library (SFL) implements the IETF S/MIME v3 RFC 2630 Cryptographic Message Syntax (CMS) and RFC 2634 Enhanced Security Services (ESS) specifications. It supports all of the optional ESS security features such as signed receipts, security labels, secure mail list information, and signing certificate attributes. It also implements portions of the RFC 2633 Message Specification and RFC 2632 Certificate Handling document. When used in conjunction with the Crypto freeware library, the SFL implements the RFC 2631 Diffie-Hellman (D-H) Key Agreement Method specification.
Security Testing
This document describes a methodology for using network-based tools for testing systems for vulnerabilities. The primary aim of the document is to help administrators and managers get started with a program for testing on a routine basis. The methodology recommends focusing first on those systems that are accessible externally, e.g., firewalls, web servers, etc., and then moving on to other systems as resources permit. The document includes many pointers to various testing applications and contains more detailed descriptions of several of the more popular test tools.
This document describes a methodology for using network-based tools for testing systems for vulnerabilities. The primary aim of the document is to help administrators and managers get started with a program for testing on a routine basis. The methodology recommends focusing first on those systems that are accessible externally, e.g., firewalls, web servers, etc., and then moving on to other systems as resources permit. The document includes many pointers to various testing applications and contains more detailed descriptions of several of the more popular test tools.
Tuesday, February 26, 2002
APTools - Detect Wireless Access Points over the wire
APTools is a utility that queries ARP Tables and Content-Addressable Memory (CAM) for MAC Address ranges associated with 802.11b Access Points. It will also utilize Cisco Discovery Protocol (CDP) if available. If a Cisco Aironet MAC Address is identified, the security configuration of the Access Point is audited via HTML parsing.
APTools is a utility that queries ARP Tables and Content-Addressable Memory (CAM) for MAC Address ranges associated with 802.11b Access Points. It will also utilize Cisco Discovery Protocol (CDP) if available. If a Cisco Aironet MAC Address is identified, the security configuration of the Access Point is audited via HTML parsing.
Storage Media Archival and Recovery Toolkit
SMART can perform a complete backup / restore of numerous systems including DOS, Macintosh, Windows 9x, WindowsNT, Windows2000, WindowsME, HPFS, OS/2, Linux, many flavors of Unix, Solaris and more... all from one application on one platform!
SMART is the perfect tool for backing up, upgrading or cloning hard drives, deploying site licensed software updates and distributing "baseline" software configurations across multiple platforms.
SMART allows you to quickly partition, repartition, format, initialize, backup, restore, explore and search virtually any hard disk drive.
SMART provides fast and powerful features for finding files based on multiple criteria (including contents), file compare, graphic file preview mode and many more useful tools for file management and system administration.
SMART allows you to look inside many types of compressed files, so if the file or data you are looking for is in a zip (or tar or gzip) file, you can still find it.
SMART allows you to copy files to and from DOS, FAT, VFAT, HFS, NTFS, HPFS, OS2, Linux EXT2, EXT3, Reiser, NFS, ISO9660, CDFS and UFS volumes with a simple drag and drop interface.
SMART supports disk images (with compression and segmentation options), and allows you to mount numerous file systems together on one common desktop.
SMART supports files over 2 gigabytes, allowing you to copy a 60 gigabyte hard drive as a single file... no voodoo, just poi
SMART can perform a complete backup / restore of numerous systems including DOS, Macintosh, Windows 9x, WindowsNT, Windows2000, WindowsME, HPFS, OS/2, Linux, many flavors of Unix, Solaris and more... all from one application on one platform!
SMART is the perfect tool for backing up, upgrading or cloning hard drives, deploying site licensed software updates and distributing "baseline" software configurations across multiple platforms.
SMART allows you to quickly partition, repartition, format, initialize, backup, restore, explore and search virtually any hard disk drive.
SMART provides fast and powerful features for finding files based on multiple criteria (including contents), file compare, graphic file preview mode and many more useful tools for file management and system administration.
SMART allows you to look inside many types of compressed files, so if the file or data you are looking for is in a zip (or tar or gzip) file, you can still find it.
SMART allows you to copy files to and from DOS, FAT, VFAT, HFS, NTFS, HPFS, OS2, Linux EXT2, EXT3, Reiser, NFS, ISO9660, CDFS and UFS volumes with a simple drag and drop interface.
SMART supports disk images (with compression and segmentation options), and allows you to mount numerous file systems together on one common desktop.
SMART supports files over 2 gigabytes, allowing you to copy a 60 gigabyte hard drive as a single file... no voodoo, just poi
Dave Dittrich
I'm a Senior Security Engineer and Consultant for the University of Washington's Computing & Communications Client Services group, dealing primarily with security incident response and system security. My background is in programming and UNIX system administration on several platforms.
I'm a Senior Security Engineer and Consultant for the University of Washington's Computing & Communications Client Services group, dealing primarily with security incident response and system security. My background is in programming and UNIX system administration on several platforms.
Computer Security
This paper is a discussion of computer security. Rather than detailing the standard weaknesses in computer security (which have been detailed many times in the past), this paper discusses a few recent vulnerabilities and details of where further information on computer security can be found. This information includes a large number of papers and books where more general discussions on computer security can be found.
This paper is a discussion of computer security. Rather than detailing the standard weaknesses in computer security (which have been detailed many times in the past), this paper discusses a few recent vulnerabilities and details of where further information on computer security can be found. This information includes a large number of papers and books where more general discussions on computer security can be found.
Improving Computer Security through Network Design The concept of a security domain that is introduced in this paper is not new. Many computer security practitioners have been (either explicitly or implicitly) using the ideas presented here for many years in protecting their networks.
What is required by all organisations is a more formal approach to the definition and protection of the various security domains. Failure to do this leaves an organisation open to attack and abuse. The purpose of this paper is to introduce the reader to a more formal concept of a security domain, how to recognise one, the dangers of sharing two domains of differing security requirements, and how to design a network to use and protect security domains.
A brief introduction to the three security requirements is used to provide a better understanding of the risk assessment process. This process helps to identify the differing security requirements for different parts of the information processing infrastructure, and hence to define the security domains.
What is required by all organisations is a more formal approach to the definition and protection of the various security domains. Failure to do this leaves an organisation open to attack and abuse. The purpose of this paper is to introduce the reader to a more formal concept of a security domain, how to recognise one, the dangers of sharing two domains of differing security requirements, and how to design a network to use and protect security domains.
A brief introduction to the three security requirements is used to provide a better understanding of the risk assessment process. This process helps to identify the differing security requirements for different parts of the information processing infrastructure, and hence to define the security domains.
Site Security Handbook
This handbook is a guide to setting computer security policies and procedures for sites that have systems on the Internet (however, the information provided should also be useful to sites not yet connected to the Internet). This guide lists issues and factors that a site must consider when setting their own policies. It makes a number of recommendations and provides discussions of relevant areas.
This handbook is a guide to setting computer security policies and procedures for sites that have systems on the Internet (however, the information provided should also be useful to sites not yet connected to the Internet). This guide lists issues and factors that a site must consider when setting their own policies. It makes a number of recommendations and provides discussions of relevant areas.
Collecting Electronic Evidence After a System Compromise
Collecting forensic evidence for the purposes of investigation and/or prosecution is difficult at the best of times, but when that evidence is electronic an investigator faces extra complexities. Generally, electronic evidence has none of the permanence that conventional evidence has, and is more difficult to present in a way that can be readily understood. The purpose of this paper is to highlight these difficulties and to suggest strategies to overcome them. Note that no legal advice is given here – different regions have different legislation. This paper will not address everything you need to know for your particular circumstances – it is a guide only. Always seek further information, including legal advice, for your specific circumstances.
Collecting forensic evidence for the purposes of investigation and/or prosecution is difficult at the best of times, but when that evidence is electronic an investigator faces extra complexities. Generally, electronic evidence has none of the permanence that conventional evidence has, and is more difficult to present in a way that can be readily understood. The purpose of this paper is to highlight these difficulties and to suggest strategies to overcome them. Note that no legal advice is given here – different regions have different legislation. This paper will not address everything you need to know for your particular circumstances – it is a guide only. Always seek further information, including legal advice, for your specific circumstances.
Windows NT Intruder Detection Checklist
This document outlines suggested steps for determining whether or not your system has been compromised. System administrators can use this information to look for several types of break-ins.
This document outlines suggested steps for determining whether or not your system has been compromised. System administrators can use this information to look for several types of break-ins.
CERT®/CC Steps for Recovering from a UNIX or NT System Compromise
This document sets out suggested steps for responding to a UNIX or NT system compromise.
This document sets out suggested steps for responding to a UNIX or NT system compromise.
Monday, February 25, 2002
chkrootkit -- locally checks for signs of a rootkit
chkrootkit: shell script that checks system binaries for rootkit modification.
chkrootkit: shell script that checks system binaries for rootkit modification.
Ettercap
Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
It's possible to sniff in four modes.
IP Based, the packets are filtered on IP source and dest
MAC Based, packets filtered on mac address, useful to sniff connections through gateway
ARP based, uses arp poisoning to sniff in switched lan between two hosts (full-duplex).
PublicARP based, uses arp poisoning to sniff in switched lan from a victim host to all other hosts (half-duplex).
Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
It's possible to sniff in four modes.
IP Based, the packets are filtered on IP source and dest
MAC Based, packets filtered on mac address, useful to sniff connections through gateway
ARP based, uses arp poisoning to sniff in switched lan between two hosts (full-duplex).
PublicARP based, uses arp poisoning to sniff in switched lan from a victim host to all other hosts (half-duplex).
Foundstone Ultimate Web Hacking
course
You can’t forget the Web when it comes to your network’s security. This course focuses on techniques to exploit and defend your Web-based applications. See if you’re up to the challenge of 3 instructors using everything in their arsenal to penetrate your e-commerce liabilities. Collectively, your instructors have performed hundreds of Web and e-commerce security assessments, managing security programs at 3 of the Big 5 consulting firms, the United States Air Force, and on Wall Street.
Malicious hackers can be waiting to attack the minute your Web applications come online and e-businesses go live. To secure and monitor your Web-enabled enterprise, you need to know every vulnerability that can be exploited internally and externally. Attackers no longer need back doors or sophisticated tools to compromise a system. In the Web era, the way into a network is often right through the lobby.
This ultimate Web security class from Global Knowledge and Foundstone provides students with the knowledge and tools to recognize present vulnerabilities and perform ongoing assessments. Unique in the security-training industry, Ultimate Web Hacking demonstrates the latest techniques for exploiting Web-based applications, as well as defenses for these weaknesses. Explore CGI, ASP, and Cold Fusion vulnerabilities and exploits such as buffer and input-field overflows.
course
You can’t forget the Web when it comes to your network’s security. This course focuses on techniques to exploit and defend your Web-based applications. See if you’re up to the challenge of 3 instructors using everything in their arsenal to penetrate your e-commerce liabilities. Collectively, your instructors have performed hundreds of Web and e-commerce security assessments, managing security programs at 3 of the Big 5 consulting firms, the United States Air Force, and on Wall Street.
Malicious hackers can be waiting to attack the minute your Web applications come online and e-businesses go live. To secure and monitor your Web-enabled enterprise, you need to know every vulnerability that can be exploited internally and externally. Attackers no longer need back doors or sophisticated tools to compromise a system. In the Web era, the way into a network is often right through the lobby.
This ultimate Web security class from Global Knowledge and Foundstone provides students with the knowledge and tools to recognize present vulnerabilities and perform ongoing assessments. Unique in the security-training industry, Ultimate Web Hacking demonstrates the latest techniques for exploiting Web-based applications, as well as defenses for these weaknesses. Explore CGI, ASP, and Cold Fusion vulnerabilities and exploits such as buffer and input-field overflows.
Foundstone Ultimate Hacking
course
Powerful 4-day course from the experts who wrote the book "Hacking Exposed" - offered exclusively by Global Knowledge.
Learn to defend your systems, networks, and applications. Over the course of 4 days, Global Knowledge and Foundstone will walk you through dozens of attacks, exploits, and other hacker techniques. We will show you the tools and methods to defend against these attempts. More importantly, you will exercise techniques in non-stop, hands-on labs so that you can protect your networks in the real world.
Expert instructors will walk you through "footprinting" your organization’s Internet presence, and then show you how to identify, exploit, and secure well-known and little-known vulnerabilities in Windows NT, Windows 2000, and UNIX systems.
You will explore common weaknesses in router and firewall installations, learning ways to circumvent traditional and "hardened" security filters or firewalls. In the final exercise, you will assess and attempt to exploit a simulated "secure" network with multiple operating systems and security mechanisms.
course
Powerful 4-day course from the experts who wrote the book "Hacking Exposed" - offered exclusively by Global Knowledge.
Learn to defend your systems, networks, and applications. Over the course of 4 days, Global Knowledge and Foundstone will walk you through dozens of attacks, exploits, and other hacker techniques. We will show you the tools and methods to defend against these attempts. More importantly, you will exercise techniques in non-stop, hands-on labs so that you can protect your networks in the real world.
Expert instructors will walk you through "footprinting" your organization’s Internet presence, and then show you how to identify, exploit, and secure well-known and little-known vulnerabilities in Windows NT, Windows 2000, and UNIX systems.
You will explore common weaknesses in router and firewall installations, learning ways to circumvent traditional and "hardened" security filters or firewalls. In the final exercise, you will assess and attempt to exploit a simulated "secure" network with multiple operating systems and security mechanisms.
C S R C - Guidance Publications Library
Organizations in all sectors of the economy depend upon information systems and communications networks, and share common requirements to protect sensitive information. ITL works with industry and government to establish secure information technology systems for protecting the integrity, confidentiality, reliability, and availability of information.
Under the Computer Security Act of 1987 (P.L. 100-235), the Computer Security Division of the Information Technology Laboratory (ITL) develops computer security prototypes, tests, standards, and procedures to protect sensitive information from unauthorized access or modification. Focus areas include cryptographic technology and applications, advanced authentication, public key infrastructure, internetworking security, criteria and assurance, and security management and support.
These publications present the results of NIST studies, investigations, and research on information technology security issues.
Organizations in all sectors of the economy depend upon information systems and communications networks, and share common requirements to protect sensitive information. ITL works with industry and government to establish secure information technology systems for protecting the integrity, confidentiality, reliability, and availability of information.
Under the Computer Security Act of 1987 (P.L. 100-235), the Computer Security Division of the Information Technology Laboratory (ITL) develops computer security prototypes, tests, standards, and procedures to protect sensitive information from unauthorized access or modification. Focus areas include cryptographic technology and applications, advanced authentication, public key infrastructure, internetworking security, criteria and assurance, and security management and support.
These publications present the results of NIST studies, investigations, and research on information technology security issues.
Friday, February 22, 2002
Network forensics analysis tools (NFATs) reveal insecurities, turn sysadmins into systems detectives.
Surgeon Michael Nusbaum knows a thing or two about hacking. Many years after reaching the "mandatory retirement age of 13" as a computer hacker, he commands the infosec defenses as COO at Hamilton Scientific Ltd., an ASP that provides Web-based medical software.
Atop Hamilton's multilayered defense system sits one of a new class of network forensics analysis tools (NFATs): Niksun's NetDetector (www.niksun.com). These products--which include SilentRunner (www.silentrunner.com ) and Sandstorm's NetIntercept (www.sandstorm.com )--combine robust network traffic capture with sophisticated analysis and forensics capabilities.
Surgeon Michael Nusbaum knows a thing or two about hacking. Many years after reaching the "mandatory retirement age of 13" as a computer hacker, he commands the infosec defenses as COO at Hamilton Scientific Ltd., an ASP that provides Web-based medical software.
Atop Hamilton's multilayered defense system sits one of a new class of network forensics analysis tools (NFATs): Niksun's NetDetector (www.niksun.com). These products--which include SilentRunner (www.silentrunner.com ) and Sandstorm's NetIntercept (www.sandstorm.com )--combine robust network traffic capture with sophisticated analysis and forensics capabilities.
Securing Your Enterprise Email with Digital IDs
There are actually two different encryption standards that are widely used to protect email messages—S/MIME (Secure/Multipurpose Internet Mail Extensions) and PGP (Pretty Good Privacy). While both standards both use the public key encryption scheme and ultimately perform the same job, they work differently, and are represented in different types of products.
In this article, I’ll take a closer look at these two public key encryption standards and explain how they work. I’ll then take a look at two examples of enterprise email encryption products—one that uses S/MIME and another that uses PGP. As I do, I’ll pass along links that you can use to get more specific information about these encryption standards and the products that use them.
There are actually two different encryption standards that are widely used to protect email messages—S/MIME (Secure/Multipurpose Internet Mail Extensions) and PGP (Pretty Good Privacy). While both standards both use the public key encryption scheme and ultimately perform the same job, they work differently, and are represented in different types of products.
In this article, I’ll take a closer look at these two public key encryption standards and explain how they work. I’ll then take a look at two examples of enterprise email encryption products—one that uses S/MIME and another that uses PGP. As I do, I’ll pass along links that you can use to get more specific information about these encryption standards and the products that use them.
Password Corral
Password Corral is our popular freeware password manager. With a clean, easy to use interface, strong encryption and all the features you would expect from a program you'd have to pay for, it's no wonder thousands of people have made it their choice for password management!
Password Corral is our popular freeware password manager. With a clean, easy to use interface, strong encryption and all the features you would expect from a program you'd have to pay for, it's no wonder thousands of people have made it their choice for password management!
The Trojan List
The table shows examples of existing trojans and ports being used. The lower ports are often used by trojans that steals password and either mail the passwords to attackers or hide them in FTP-directories. The higher ports are often used by Remote Access trojans that can be reached over the network. If you find probes directed against ports normally not used, it may be someone trying to connect to a trojan inside your network. I hope this list will be of some help for you.
The table shows examples of existing trojans and ports being used. The lower ports are often used by trojans that steals password and either mail the passwords to attackers or hide them in FTP-directories. The higher ports are often used by Remote Access trojans that can be reached over the network. If you find probes directed against ports normally not used, it may be someone trying to connect to a trojan inside your network. I hope this list will be of some help for you.
Thursday, February 21, 2002
Hacking Lexicon
This document explains what people may mean by words. This does not attempt to define how words should be used.
This document explains what people may mean by words. This does not attempt to define how words should be used.
FAQ: Network Intrusion Detection Systems
This FAQ answers simple questions related to detecting intruders who attack systems through the network, especially how such intrusions can be detected.
This FAQ answers simple questions related to detecting intruders who attack systems through the network, especially how such intrusions can be detected.
Sniffing (network wiretap, sniffer) FAQ
This document answers questions about eavesdropping on computer networks (a.k.a. "sniffing").
This document answers questions about eavesdropping on computer networks (a.k.a. "sniffing").
PhoneBoy's FireWall-1 FAQ
This site has links, downloads, documents, and over 400 FAQs relating to Check Point FireWall-1.
This site has links, downloads, documents, and over 400 FAQs relating to Check Point FireWall-1.
Change Your Identity without fake ID
Now Ariza Research has created a new report written by an experienced attorney that provides an extremely detailed step-by-step system that will walk you through the entire process of creating a clean, fully documented new identity - not one built on flimsy fake ID or dead infants. It's a master guide to identity changing for the new millenium!
Now Ariza Research has created a new report written by an experienced attorney that provides an extremely detailed step-by-step system that will walk you through the entire process of creating a clean, fully documented new identity - not one built on flimsy fake ID or dead infants. It's a master guide to identity changing for the new millenium!
Build a poor man's firewall with the Cisco IOS
Today, network security has become a top priority for every organization connected to the Internet, and firewalls have come to serve as the main security mechanism. While vendors have been pushing toward dedicated “firewall appliances”—and I don’t argue that these are excellent solutions—such appliances can also be very costly for small to medium-size businesses. For example, a Cisco PIX Firewall can cost thousands of dollars.
However, there is an inexpensive and effective firewall solution that you may have overlooked. Most companies that connect to the Internet use a standard router to do so. If you use a Cisco router, you should know that the Cisco IOS has a built-in feature set for creating a firewall and intrusion detection system. Using this solution, you don’t need a separate firewall box—it can all be done inside your current Cisco router. I like to call this a "poor man’s firewall.”
Today, network security has become a top priority for every organization connected to the Internet, and firewalls have come to serve as the main security mechanism. While vendors have been pushing toward dedicated “firewall appliances”—and I don’t argue that these are excellent solutions—such appliances can also be very costly for small to medium-size businesses. For example, a Cisco PIX Firewall can cost thousands of dollars.
However, there is an inexpensive and effective firewall solution that you may have overlooked. Most companies that connect to the Internet use a standard router to do so. If you use a Cisco router, you should know that the Cisco IOS has a built-in feature set for creating a firewall and intrusion detection system. Using this solution, you don’t need a separate firewall box—it can all be done inside your current Cisco router. I like to call this a "poor man’s firewall.”
The Open Source Security Testing Methodology Manual
This manual is to set forth a standard for Internet security testing. Disregarding the credentials of many a security tester and focusing on the how, I present a solution to a problem that exists currently. Regardless of firm size, finance capital, and vendor backing, any network or security expert who meets the outline requirements in this manual is said to have completed a successful security snapshot. Not to say one cannot perform a test faster, more in depth, or of a different flavor. No, the tester following the methodology herein is said to have followed the standard model and therefore if nothing else, has been thorough.
This manual is to set forth a standard for Internet security testing. Disregarding the credentials of many a security tester and focusing on the how, I present a solution to a problem that exists currently. Regardless of firm size, finance capital, and vendor backing, any network or security expert who meets the outline requirements in this manual is said to have completed a successful security snapshot. Not to say one cannot perform a test faster, more in depth, or of a different flavor. No, the tester following the methodology herein is said to have followed the standard model and therefore if nothing else, has been thorough.
Wednesday, February 20, 2002
Tempest for Eliza
I wrote this program because it was fun and because it teaches in an amusing way that tempest really exists. I want people to understand that their computers can be observed.
I wrote this program because it was fun and because it teaches in an amusing way that tempest really exists. I want people to understand that their computers can be observed.
Tinfoil Hat Linux
It started as a secure, single floppy, bootable Linux distribution for storing PGP keys and then encrypting, signing and wiping files. At some point it became an exercise in over-engineering.
Tinfoil hat is useful if:
You're using a computer that could have a keystroke logger installed. http://www.keyghost.com is an example of a tiny & cheap hardware logger.
You need to use your personal GPG keys at work, school or a web hosting facility where you don't trust or own the equipment.
If you maintain a PGP Certificate Authority or signing key and have to have a safe place to use the CA key.
If you simply don't want to risk putting a PGP key on a hard drive where someone else might have access to it.
The Illuminati are watching your computer, and you need to use morse code to blink out your PGP messages on the numlock key.
It started as a secure, single floppy, bootable Linux distribution for storing PGP keys and then encrypting, signing and wiping files. At some point it became an exercise in over-engineering.
Tinfoil hat is useful if:
You're using a computer that could have a keystroke logger installed. http://www.keyghost.com is an example of a tiny & cheap hardware logger.
You need to use your personal GPG keys at work, school or a web hosting facility where you don't trust or own the equipment.
If you maintain a PGP Certificate Authority or signing key and have to have a safe place to use the CA key.
If you simply don't want to risk putting a PGP key on a hard drive where someone else might have access to it.
The Illuminati are watching your computer, and you need to use morse code to blink out your PGP messages on the numlock key.
WebAgain
WebAgain version 2.5 is the only software utility that concentrates on fixing and repairing the web site damage a hacker can create - and even sends an email alert to inform you of the repair. Use WebAgain to complete your web site security and disaster recovery plan!
WebAgain version 2.5 is the only software utility that concentrates on fixing and repairing the web site damage a hacker can create - and even sends an email alert to inform you of the repair. Use WebAgain to complete your web site security and disaster recovery plan!
Monday, February 18, 2002
CIA Showcases Array of Spy Gadgets
For the first time, the public is getting a large scale view of the CIA's and KGB's real-life James Bond gadgets, from a replica of the Russians' deadly poison-dart umbrella to some of the Amercians' most ingeniously concealed cameras.
The exhibit, which opened to the public Sunday at the Ronald Reagan Presidential Library, includes dozens of items borrowed from the CIA's collection in Langley, Va., many of them never before shown to the public.
For the first time, the public is getting a large scale view of the CIA's and KGB's real-life James Bond gadgets, from a replica of the Russians' deadly poison-dart umbrella to some of the Amercians' most ingeniously concealed cameras.
The exhibit, which opened to the public Sunday at the Ronald Reagan Presidential Library, includes dozens of items borrowed from the CIA's collection in Langley, Va., many of them never before shown to the public.
Thursday, February 14, 2002
Guidelines for Evidence Collection and Archiving A "security incident" as defined in the "Internet Security Glossary", RFC 2828, is a security-relevant system event in which the system's security policy is disobeyed or otherwise breached. The purpose of this document is to provide System Administrators with guidelines on the collection and archiving of evidence relevant to such a security incident.
If evidence collection is done correctly, it is much more useful in apprehending the attacker, and stands a much greater chance of being admissible in the event of a prosecution.
If evidence collection is done correctly, it is much more useful in apprehending the attacker, and stands a much greater chance of being admissible in the event of a prosecution.
Wednesday, February 13, 2002
ZGram
The ZGram is an electronic newsletter containing news, resources, products, symposia, employment, and business opportunities regarding the United States Defense and Law Enforcement Communities.
The ZGram is an electronic newsletter containing news, resources, products, symposia, employment, and business opportunities regarding the United States Defense and Law Enforcement Communities.
Tuesday, February 12, 2002
Night Vision Equipment Company
Night Vision Equipment Company (NVEC),
a privately held company, has been a leader in the development of specialized night vision devices for over two decades. Our specialty products enjoy wide acceptance in numerous special operations organizations in the United States and abroad
Night Vision Equipment Company (NVEC),
a privately held company, has been a leader in the development of specialized night vision devices for over two decades. Our specialty products enjoy wide acceptance in numerous special operations organizations in the United States and abroad
BXDR
A DOS based application that simply lists the Geometry of any attached hard disk drives using standard BIOS calls, Extended BIOS calls and Direct Disk access (ATA) calls.
One of the more interesting features of BXDR and Direct Access calls is that it is possible to set the maximum addressable sector to an arbitary value. Future reads of the disk will then report the maximum sector to be the new value. This command can be (and via BXDR is) non-volatile - i.e. the limit will remain until reset with a subsequent command.
From a forensic viewpoint this command can defeat most modern imaging systems. To test it I performed the following test.
I took an 80GB hard disk drive and using BXDR set the max addressable sector to 999999 (1,000,000 sectors) approx 5GB. (BXDR 128 /s999999)
Removed the hard disk drive and placed it into a second machine
Attempted to image with SafeBack (using BIOS, XBIOS and Direct Access) and with Encase (DOS and FastBloc).
Both SafeBack and Encase reported the drive as a 5GB device.
I then ran BXDR to reset the max addressible sector to the maximum native addressable sector (BXDR 128 /r)
SafeBack and Encase could subsequently see the full drive.
A DOS based application that simply lists the Geometry of any attached hard disk drives using standard BIOS calls, Extended BIOS calls and Direct Disk access (ATA) calls.
One of the more interesting features of BXDR and Direct Access calls is that it is possible to set the maximum addressable sector to an arbitary value. Future reads of the disk will then report the maximum sector to be the new value. This command can be (and via BXDR is) non-volatile - i.e. the limit will remain until reset with a subsequent command.
From a forensic viewpoint this command can defeat most modern imaging systems. To test it I performed the following test.
I took an 80GB hard disk drive and using BXDR set the max addressable sector to 999999 (1,000,000 sectors) approx 5GB. (BXDR 128 /s999999)
Removed the hard disk drive and placed it into a second machine
Attempted to image with SafeBack (using BIOS, XBIOS and Direct Access) and with Encase (DOS and FastBloc).
Both SafeBack and Encase reported the drive as a 5GB device.
I then ran BXDR to reset the max addressible sector to the maximum native addressable sector (BXDR 128 /r)
SafeBack and Encase could subsequently see the full drive.
Monday, February 11, 2002
Introduction to Computer and Network Security
This page contains the table of contents for a book I'm working on, to be published by Prentice Hall. It also contains links to draft versions of several chapters and to lectures (foils) from courses I gave based on the draft book in Tel Aviv University and in the Interdisciplinary Center. The material is copyrighted, but you are encouraged to use it for personal or educational purposes (if you plan to give a course using this material, please let me know). My goal is to create a textbook which can be used for introductory courses in cryptography, secure communication and secure commerce.
This page contains the table of contents for a book I'm working on, to be published by Prentice Hall. It also contains links to draft versions of several chapters and to lectures (foils) from courses I gave based on the draft book in Tel Aviv University and in the Interdisciplinary Center. The material is copyrighted, but you are encouraged to use it for personal or educational purposes (if you plan to give a course using this material, please let me know). My goal is to create a textbook which can be used for introductory courses in cryptography, secure communication and secure commerce.
Networks and Netwars: The Future of Terror, Crime, and Militancy
The fight for the future is not between the armies of leading states, nor are its weapons those of traditional armed forces. Rather, the combatants come from bomb-making terrorist groups like Osama bin Laden's al-Qaeda, or drug smuggling cartels like those in Colombia and Mexico. On the positive side are civil-society activists fighting for the environment, democracy and human rights. What all have in common is that they operate in small, dispersed units that can deploy anywhere, anytime to penetrate and disrupt. They all feature network forms of organization, doctrine, strategy, and technology attuned to the information age. And, from the Intifadah to the drug war, they are proving very hard to beat.
Friday, February 08, 2002
ABI- CODER
This free file encryption software uses a 448 bit Blowfish and 168 bit 3DES encryption algorithms. ABI- CODER allows you to encrypt files and folders with just a click of the mouse. ABI- CODER also allows you to create self-decrypting files that allow you to send or transfer encrypted files to people that do not have our software installed on their computers. ABI- CODER is extremely easy to use. It even changes the icons of encrypted files allowing you to easily see which files are secured. The best part is that ABI- CODER is FREE- No Cost, No Nags, No Limits.
This free file encryption software uses a 448 bit Blowfish and 168 bit 3DES encryption algorithms. ABI- CODER allows you to encrypt files and folders with just a click of the mouse. ABI- CODER also allows you to create self-decrypting files that allow you to send or transfer encrypted files to people that do not have our software installed on their computers. ABI- CODER is extremely easy to use. It even changes the icons of encrypted files allowing you to easily see which files are secured. The best part is that ABI- CODER is FREE- No Cost, No Nags, No Limits.
Internet anonymity for Windows power users Our previous article, "Do-it-yourself Internet anonymity" was targeted towards average Windows users. It generated a startling number of e-mail requests for some advanced tactics, which I'm happy to supply. However, power user or not, I'd recommend at least skimming the earlier article if you haven't read it, just to ensure that you're not forgetting something obvious and useful. I'm not going to re-cap much of it here.
Thursday, February 07, 2002
Microsoft's Really Hidden Files: A New Look At Forensics
There are folders on your computer that Microsoft has tried hard to keep secret. Within these folders you will find two major things: Microsoft Internet Explorer has not been clearing your browsing history after you have instructed it to do so, and Microsoft's Outlook Express has not been deleting your e-mail correspondence after you've erased them from your Deleted Items bin. (This also includes all incoming and outgoing file attachments) And believe me, that's not even the half of it.
When I say these files are hidden well, I really mean it. If you don't have any knowledge of DOS then don't plan on finding these files on your own. I say this because these files/folders won't be displayed in Windows Explorer at all -- only DOS. (Even after you have enabled Windows Explorer to "show all files.") And to top it off, the only way to find them in DOS is if you knew the exact location of them. Basically, what I'm saying is if you didn't know the files existed then the chances of you running across them is slim to slimmer.
It's interesting to note that Microsoft does not explain this behavior
adequately at all. Just try searching on microsoft.com.
There are folders on your computer that Microsoft has tried hard to keep secret. Within these folders you will find two major things: Microsoft Internet Explorer has not been clearing your browsing history after you have instructed it to do so, and Microsoft's Outlook Express has not been deleting your e-mail correspondence after you've erased them from your Deleted Items bin. (This also includes all incoming and outgoing file attachments) And believe me, that's not even the half of it.
When I say these files are hidden well, I really mean it. If you don't have any knowledge of DOS then don't plan on finding these files on your own. I say this because these files/folders won't be displayed in Windows Explorer at all -- only DOS. (Even after you have enabled Windows Explorer to "show all files.") And to top it off, the only way to find them in DOS is if you knew the exact location of them. Basically, what I'm saying is if you didn't know the files existed then the chances of you running across them is slim to slimmer.
It's interesting to note that Microsoft does not explain this behavior
adequately at all. Just try searching on microsoft.com.
Wednesday, February 06, 2002
Australasian Information Security Evaluation Program
The products in the following section have been accepted into the Australasian Information Security Evaluation Program (AISEP) run by the Defence Signals Directorate. The AISEP is a commercial program in which evaluations are performed by licensed commercial facilities, known as AISEFs (Australasian Information Security Evaluation Facilities).
While there is no guarantee that products in the following section will complete evaluation successfully, acceptance into the program indicates that both the AISEF performing the evaluation and DSD believe that the product has a reasonable likelihood of meeting the requirements of the target evaluation level.
Monday, February 04, 2002
Wednesday, January 30, 2002
The Computer Security Institute
Computer Security Institute (CSI) is the world's leading membership organization specifically dedicated to serving and training the information, computer and network security professional.
Computer Security Institute (CSI) is the world's leading membership organization specifically dedicated to serving and training the information, computer and network security professional.
Explosive Possibilities for Silicon
Still, the most intriguing aspect of the research is the ability to blow up the same material that powers computers and other devices using a small electrical charge. "Now, you can program a chip to self-destruct," Sailor said. "There's no firing pin, just a little current that runs through the part of the chip that has the explosive in it."
Still, the most intriguing aspect of the research is the ability to blow up the same material that powers computers and other devices using a small electrical charge. "Now, you can program a chip to self-destruct," Sailor said. "There's no firing pin, just a little current that runs through the part of the chip that has the explosive in it."
Tuesday, January 29, 2002
Biological Network Security
A recent article on securityfocus.com discusses the future of Intrusion detection, and how it may include a central management center where intrusion alerts are reported for greater analysis. This is the first step towards a biological network. What better way to handle security on a living-breathing and highly complex network than by modeling it after the evolution of biological systems?
A recent article on securityfocus.com discusses the future of Intrusion detection, and how it may include a central management center where intrusion alerts are reported for greater analysis. This is the first step towards a biological network. What better way to handle security on a living-breathing and highly complex network than by modeling it after the evolution of biological systems?
Subscribe to:
Posts (Atom)
