 |  | | /etc/security patch | My /etc/security patch for FreeBSD. So failed sshd logins show up in the nightly audit. | | body checks | A postfix body_checks file to filter out potentially dangerous email attachments. I've used it on my system for quite sometime and it seems reasonably effective and safe. I've recently updated this to include a few more unsafe executable types. | | CIA Network | A security firm Matta Security in London has mapped the CIA non-classified network. Using only legal and open sources, the company mapped topology of machines and even found networks otherwise closed to the public. The company never port scanned or probed the network directly. Among items they found were emails and phone numbers of sys admins and other employees. Amazingly, they did all this in two days. | | Cryptography | I've moved the cryptography related items to their own page. This page will contain links to cryptography related programs and websites. I believe in our post sept 11 world, cryptography will becoming an increasing important tool in protecting our privacy. | | encrypted fs script | My SYSV script which I used to mount my encrypted file system. | | encrypted swap script | I keep getting asked for this, so I'm posting my very simple SYSV script that allows randomized encrypted swap. You dont even need to enter a passphrase, so this can be done totally headless without any operator interaction at all. | | FreeBSD Security Howto | Chapter 1 of my FreeBSD security howto. While it is available on alot of the other freebsd websites, the Daemon News one is the most up to date. Expect Chapter 2 sometime in the distance future. | | Gentoo encrypted swap script | My encryptedswap script rewritten as a gentoo /etc/init.d service script. Provides a cryptographic swap space initialized by a complete random key at boot time. | | Gentoo Security Handbook | This handbook is intended for people who are using Gentoo Linux in a server based environment or just feel the need for better security. | | header checks | As of postfix feature 20020527, MIME headers are processed by header checks rather then body checks. With older Postfix versions, MIME and attached message headers were treated
as body text. This particular filter will reject messages containing potential dangerous file attachments. So if you're using a newer version of postfix, you will want to use header checks rather then body checks to protect ms email clients. You can safely enable filtering with BOTH header_checks and body_checks if you wish however. | | ipfilter rules | My ipfilters rule set, that I use at home. Feel free to read it and make comment/suggestions. | | ipfw rules | My ipfw rule set, I use this in combination with ipfilter. I'll get around to posting a complete ipfw rule set at some point as well. | | iptables ruleset | My newly updated iptables ruleset. Includes much stricter checking on forwarded traffic, better use of rate limiting for services and a reverse nat (connection forwarding) for my bit torrent client. This is the ruleset I use for my firewall at home. | | loginfail patch | In the more recent versions of FreeBSD, /etc/security has been moved
into /etc/periodic/security and is now a collection of smaller scripts. This patch fixes the 800.loginfail script to report not only failed logins, but failed ssh logins in the nightly audit. | | mime header checks | My latest and greatest version of the mime header checks I use with postfix. Faster then checking the entire email header or body, simply applying a standard regex to the mime headers only. The regex has been refined to reduce potential false positives and speed up matching. | | openssh patch | A patch for openssh in FreeBSD, that allows openssh to use the freebsd security logging facility. | | Password Generator | A fancy javascript based password generator, incase you can't come up with a random string of characters and numbers on your own. | | Security Tools | I've moved all of the security tools to their own seperate webpage since it was getting to be a rather long list. This list contains links to many of the security tools that I use for penetrating testing, as well as protecting my own systems. | | You Are | A little php script that spits that the http headers you're sending out to everyone. It's useless if you're testing your squid anonymizing features like I was. It however demostrates your browser is sending out more information to the web then you probably want it to. I'm going to add a few more features to this, and really drive the point home when I do a netbios connect back to your machine to pull out your netbios information. I can also read cookies off your machine as well. For now, it's pretty simple, but I'm sure you get the point. | | Last Modified : July 26, 2005 |
Security News | | Cryptome | Cryptome welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance -- open, secret and classified documents -- but not limited to those. | | IRIA - Security in the News | Security in the News provides security professionals, and government and law enforcement officials with timely and salient information on cybercrime, cyberterrorism, malware and other information-security issues at the strategic level. | | Packet Storm | Packet Storm is the largest and most up to date library of information security information in the world. Whether your interest is in building a secure network, penetration testing, vulnerability analysis, or simply learning about computer security, Packet Storm has all the information you need. Understanding that there is no way we can begin to design and develop stronger systems and defenses unless we know what vulnerabilities exist, Packet Storm follows a strict policy of full-disclosure, publishing all pertinent information that we receive on security related materials. About half of our content is submitted to us. If you have security related information that is not on our site, do not hesitate to send it in. We will add anything that is well written to the Packet Storm archives. If it contains new or very interesting information it will appear in the newfiles as well. | | Security Focus | SecurityFocus.com is designed to facilitate discussion on security related topics, create security awareness, and to provide one of the Internet's largest and most comprehensive database of security knowledge and resources to the public. | | Last Modified : August 01, 2005 |
Security Sites | | Anti-Phishing Working Group | A website working to record, explain and reverse engineer phishing schemes on the internet. A very informative website. Beware those who render html email. | | Attrition | Attrition.org is a computer security Web site dedicated to the collection, disemination and distribution of information about the industry for anyone interested in the subject. They maintain one of the largest catalogs of security advisories, cryptography, text files, and denial of service attack information. They are also known for the largest mirror of Web site defacements and their crusade to expose industry frauds and inform the public about incorrect information in computer security articles. | | COAST | COAST-- Computer Operations, Audit, and Security Technology -- is a multiple project, multiple investigator laboratory in computer security research in the Computer Sciences Department at Purdue University. It functions with close ties to researchers and engineers in major companies and government agencies. We focus our research on real-world needs and limitations, with a special focus on security for legacy computing systems. | | DDoS Attacks/tools | If you've never been to Dave Dittrich's page, you're in for a treat. This is a definitely bookmarkable site with tons of valuable information, and is the resource for DDoS information on the Internet. | | DShield | DShield.org is an attempt to collect data about cracker activity from all over the internet. This data will be cataloged and summarized. It can be used to discover trends in activity and prepare better firewall rules. Right now, the system is tailored to simple packet filters. As firewall systems that produce easy to parse packet filter logs are now available for most operating systems, this data can be submitted and used without much effort. More complex patterns, such as are used by application level firewalls may be handled in the future. | | Fringe of the Web | The Fringe of the Web has returned again. Started in 1994 by Bronc Buster and Silicon Toad, as a ring of only the best, or 'fringe,' underground and computer security sites. Users may vote on which site is the best, bringing the quality sites to the top and slowly eliminating the lacking sites. The Fringe is run by the community, for the community. | | Gibson Research Corporation | For the longest time I wasn't going to add this site. I think Gibson does little more then spread snakeoil and fear. However, his site does have a number of interesting tools for the entry level novice user. If you're still getting windows messenger popups (from the messenger service), or getting owned through open smb shares you might want to take a look at this page. Just be warned though, to anyone with any real background in security, what he talks about is dumbed down soo painfully it is actually difficult to read. Sometimes you have no idea whether or not he's actually on to some new unheard of vulnerability, just because of the unusually idiot-level way he goes about explaining things. | | Hideaway.Net | Hideaway.Net is an Internet security portal that covers the latest developments in PC & server security, virus protection, and privacy on-line. Our site features up-to-the minute news and alerts, free software archives, e-text & whitepaper libraries, feature content, and other resources. We also offer business to business security analysis services and free anonymous & encrypted e-mail. There is content on the site for users of all levels, from system administrators to home users. | | Internet Storm Center | Internet Storm Center gathers more than 3,000,000 intrusion detection log entries every day. It is rapidly expanding in a quest to do a better job of finding new storms faster, isolating the sites that are used for attacks, and providing authoritative data on the types of attacks that are being mounted against computers in various industries and regions around the globe. Internet Storm Center is a free service to the Internet community. The work is supported by the SANS Institute from tuition paid by students attending SANS security education programs. | | Rexploit | The writers of many wireless hacking tools. Definitely a must read site if you run your own AP. | | Secunia | Stay Secure, Vulnerability and Virus Information. Up to date information on patched/unpatched vulnerabilities in a wide range of commerical/opensource software. | | Seifried Security Site | Kurt Seifried's security page. One of the best technical writers in the security community. | | SPF: Sender Policy Framework | Finally some information about SPF that isn't corporate marketing propaganda. This website contains actual technical information about this new standard and how to implement it on your site. | | Spyware Guide | The Spyware Guide was created to provide an all inclusive and updated resource on spy ware applications, what they do and how they're used. These resources include: which software applications can detect and defeat spyware, an extensive database of all known spy software and adware applications and contact information as well as other privacy related products. As the spy versus spy battle rages on we have decided to document this fascinating battlefield. | | Wiretrip | A compilation of security related information and tools as presented by Rain Forest Puppy. | | Last Modified : November 29, 2005 |
Privacy Sites | | Abika | Background Check, Criminal Records, Reverse Phone lookup, Driving Records, People Search, Marriage Records, Verify College Degrees Employment Check. If anything an anti-privacy website where you can find out information on just about anyone. | | Docusearch | DOCUSEARCH is the America's premier provider of on-line investigative solutions. All functions are available with a simple point and click. | | Don't Spy on .US | A pro privacy site, warning about the dangers of the CAPPS II. Which is an air passenger profiling system. | | Dummy files for neutering spyware | These dummy files are drop-in replacements for unwanted spyware modules that may be violating your privacy. These allow you to continue using a spyware-dependent program (e.g. Drug Dealer Ware) without worrying about unwanted connections being made behind your back. The dummy files can also be used without ad-supported software, to prevent such spyware files from being installed in the future. | | EPIC | EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values. EPIC is a project of the Fund for Constitutional Government. EPIC works in association with Privacy International, an international human rights group based in London, UK and is also a member of the Global Internet Liberty Campaign, the Internet Free Expression Alliance, the Internet Privacy Coalition, and the Trans Atlantic Consumer Dialogue (TACD). | | EPIC's Practical Privacy Tools | Information on how to get PGP and other encryption programs, anonymous remailers and other privacy enhancing technologies. Also links to anonymous surfing redirectors. | | Erehwon's Crypto Links | This is compilation of cryptography related sites. It includes links to Commercial Organizations, University Computer Sites, Cryptography & Security Newsgroups, Cryptography Books & Publications, Number Theory, Cryptographic Algorithms & Protocols, Cryptographers Home Pages, Cryptographic Software & Security Tools, ECC Elliptic Curve Cryptosystems, STU-III (Secure Telephone III), and a variety of other related topics. | | Onion Routing | The Onion Routing project researches, designs, builds, and analyzes anonymous communications systems. The focus is on systems for Internet-based connections that resist traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routers themselves). Onion Routing prevents the transport medium from knowing who is communicating with whom -- the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network. | | Privacy International | Privacy International (PI) is a human rights group formed in 1990 as a watchdog on surveillance by governments and corporations. PI is based in London, England, and has an office in Washington, D.C. PI has conducted campaigns throughout the world on issues ranging from wiretapping and national security activities, to ID cards, video surveillance, data matching, police information systems, and medical privacy. | | Privacy Times | Privacy Times is designed for professionals and attorneys who need to follow the legislation, court rulings, industry developments and horror stories that frame the ongoing debate about information privacy. We cover such issues as the FTC's developing policy for the Internet, credit reports, Caller ID, medical records, "identity theft," the Freedom of Information Act, direct marketing and the European Union's Directive On Data Protection. | | Privacy.Org | Privacy.Org is the site for daily news, information, and initiatives on privacy. This web page is a joint project of the Electronic Privacy Information Center (EPIC) and Privacy International. | | Riot Anonymous Remailer | An anonymous remailer is a computer which has been configured to run remailer software. This software is a specialized kind of email server software. Unlike average email server which goes to great lengths to log all incoming/outgoing traffic and add identifying and traceable info to its outgoing mail (in the form of headers) remailer software ensures that outgoing mail has been STRIPPED CLEAN of any identifying information! Thus the name 'anonymous' remailer. The remailer performs certain automated tasks which include retrieving mail, decrypting/processing that mail (only mail that is properly encrypted and formatted), obeying the directives within the message and, finally, delivering - remailing - the finished product to a second party in anonymized form. When received by that second party it will reveal only that it was sent from an anonymous source (usually the remailer's name and email address). The IP address shown will be the IP address of the remailer machine. | | Sex Offenders database | Free PublicData.com SexOffender Search. You may wanna look here before you hire your next baby sitter. | | Stay Invisible | StayInvisible.com is a daily updated list of really functioning free public proxy servers plus proxy related information and tools. | | The Electronic Frontier Foundation | The Electronic Frontier Foundation (EFF) is a non-profit organization working in the public interest to protect fundamental civil liberties, including privacy and freedom of expression in the arena of computers and the Internet. EFF was founded in 1990, and is based in San Francisco, California. | | Last Modified : March 31, 2005 |
Commerical Security Vendors | | Check Point Software | Makers of firewalls, VPN and network management solutions. One of the biggest names in the commerical network security world, their software based firewall solution is one of the most used firewalls for the corporate environment. | | CRYPTOCard | Established in 1989, CRYPTOCard provides cost-effective Secure Password Technology to leading enterprises worldwide in the government, technology, aerospace, telecommunications, financial, and healthcare sectors. The CRYPTOCard system positively authenticates a network user's identity by coupling something in the user's possession (a smart card, hardware token, or software token), with something the user knows (a PIN). CRYPTOCard's versatile two-factor authentication technology provides centralized authentication for all network access regardless of network infrastructure or user location, and eliminates the need for complicated passwords greatly reducing Help-Desk costs associated with resetting. | | eEye Digital Security | eEye Digital Security is poised to be a leader in the emerging security software market, and is one of the fastest growing companies in the industry. Founded over three years ago, eEye released its flagship product - Retina, the Network Security Scanner - in 2000 and has steadily grown its market share in the scanner market. Since then, eEye has released two more products: Iris, the Network Traffic Analyzer and SecureIIS, Application Firewall. Many more are in the pipeline. | | F-Secure Corporation | A very well known and well respected organization, they produce personal to enterprise level antivirus software, as well as encryption software such as SSH, and VPN. They also produce policy management software that can manage all of those pieces from a central location. | | McAfee | Makers Personal Firewall and AntiVirus software. Their website has free downloads for your evaluation. | | PentaSafe | Developer of enterprise IT risk management, auditing, security, and intrusion detection software. They produce software for Linux, UNIX, AS400 and Windows®. | | Symantec | Traditionally an anti virus software manufacturer for desktop pc's. They've expanded and now have a wide range of software such as enterprise level anti virus software, email content filtering and internet content filter. They also produce the most widely used commerical virus scanner for the Windows® platform. | | Last Modified : June 03, 2002 |
Telephoney Related Sites | | Phreak.org | Phreak.org also offers a wide variety of files, links, and data in relation to accessing phone systems. | | Last Modified : April 11, 2002 |
Government Sites | | CIAC | CIAC provides on-call technical assistance and information to Department of Energy (DOE) sites faced with computer security incidents. This central incident handling capability is one component of all encompassing service provided to the DOE community. The other services CIAC provides are: awareness, training, and education; trend, threat, vulnerability data collection and analysis; and technology watch. This comprehensive service is made possible by a motivated staff with outstanding technical skills and a customer service orientation. CIAC is an element of the Computer Security Technology Center (CSTC) which supports the Lawrence Livermore National Laboratory (LLNL). | | Computer Emergency Response Team | The CERT Coordination Center is part of the Survivable Systems Initiative at the Software Engineering Institute, a federally funded research and development center at Carnegie Mellon University. We were started by DARPA (the Defense Applied Research Projects Agency, part of the U.S. Department of Defense) in December 1988 after the Morris Worm incident crippled approximately 10% of all computers connected to the Internet. Originally, our work was almost exclusively incident response. Since then, we have worked to help start other incident response teams, coordinate the efforts of teams when responding to large-scale incidents, provide training to incident response professionals, and research the causes of security vulnerabilities, prevention of vulnerabilities, system security improvement, and survivability of large-scale networks. | | Last Modified : April 11, 2002 |
| |
