Security vs. (In)Security
CGIWrap Error: Execution of this script not permitted
CGIWrap Error: Execution of this script not permitted
Execution of (loger.pl) is not permitted
for the following reason:
- Script does not have same GID
- Local Information and Documentation:
Contact EMail: webmaster@soe.ucsc.edu
- Server Data:
- Server Administrator/Contact: webmaster@soe.ucsc.edu
- Server Name: users.soe.ucsc.edu
- Server Port: 80
- Server Protocol: INCLUDED
- Virtual Host: users.soe.ucsc.edu
- Request Data:
- User Agent/Browser: CCBot/1.0 (+http://www.commoncrawl.org/bot.html)
- Request Method: GET
- Remote Address: 38.107.191.103
- Remote Port: 42058
DISCLAIMER: I am not responsible in any way for the use or misuse
of the following information. Some of the links presented here can
be hazardous under certain conditions. The reason that I have included
them here is purely educational. It is not my fault if you use them
for "other" purposes. If you don't agree with the above please leave
this section now.
Most of the links presented here are changing frequently. I do have
a script that checks for their validity and I try to use as much
as possible in order to keep up to date. Please feel free to let me
know if some of the links are not accurate any more or if you know
of any other more interesting places to add. Thanks.
General tips
In this section I am just trying to give some general guidelines
about things that could make your system safer and your life easier.
In today's internet there are numerous ways that somebody can harm
your business. Using the following is NOT a guarantee that your
system will be safe ever after from all malicious users out there.
Computers
Use as much logging as possible.
Don't use conventional passwords.
Some versions of rlogind and rshd ignore the .rhosts file.
Backup your work in a regular basis.
Be aware of the group of users that can access the console
of certain critical machines.
Routers
Use logging for all packet filtering.
Try to keep your configuration moderate.
Distinct between incoming and outgoing TCP calls.
Filter packets on input as well as output.
Protocols
In a server-client environment it is advisable that the protocols
used involve only outbound calls from the client.
Sequence numbers should be at least 32 bits, and chosen with
a crypto random generator.
Protocols without fixed port numbers are potential security problems.
Firewalls
Use long reports for logging.
Use multiple styles for authentication.
Administrators should have an easy and straight forward way
to add new services in the firewall policy.
Tunneling should be supported.
Firewalls are not impotent against any attack. Be on alert and
use the patches as soon as they come out.
Potential security holes
Guessing a password will always be a problem.
Sequence number attacks are very usual.
Spoofing UDP packets is easy.
ICMP redirect messages can cause problems to the routing tables.
IP source routing should be used only for experimental purposes.
Generating false RIP messages is easy.
The inverse DNS tree can be used for name-spoofing.
One can change the DNS cache.
Never trust return addresses in mail.
Sendmail is a very complicated package famous for various
security holes.
MIME messages can be dangerous.
telnet sessions are directly available for anybody that can
put a tap at the wires.
finger gives away too much useful information.
Don't trust RPC's machine name field.
The portmapper can call RPC services for its caller.
NIS can give out password files.
NFS is known for big security holes.
ftp's home directory should not be writable.
WWW servers have many problems with file pointers.
Many perl scripts can give root access if used at a WWW server.
MBone can route through some firewalls.
Most firewalls can't block attacks at the higher layers
of the protocol stack.
Hacking Links
yahoo - the yahoo search engine links for security and
encryption
panik - a good
collection of links and programs
shadow
- lots of hacks
Anarchist - some
documents and lots of hacks
2600 Magazine- the hackers magazine
8LGM- many different ways to be
a hacker
Brian's Hacking Links
and Files- many links and programs
Bronc Buster's
Hideout!!!- a rich cite
Computer Underground
Society- you should know this place
DEF CON- cute
DigiCrime, Inc.- chasing
hackers
Ernie
and MaryJean's Files, etc.- hacks and cracks here
Evisance
University- a db for hacking information
Fravia's
Page of Reverse Engineering- nice approach to hacking
Genocide 2600's
Hacking Page-another 2600 link
Hacker's Haven BBS-many things
that a hacker dreams for
HSI NET- lots
Information Warfare- some
goods links and general information warfare info
kLoN's
Underground Page- lots of programs to cause trouble
Kludge's
Hack Links- many links here
KnIgHt
FlYeRs UlTImaTe CrAsH- this is a nice cite
KwAnTAM_PoZeEtroN's
Hacking Pages
Legion of the
Apocolypse- plenty of stuff
Linux
Security WWW- linux related stuff here
L0pht Heavy Industries- this
is a huge resource of hacking information
Black
Crawling Systems Archives- more hacking archives
Materva's
Hideout!!- interesting cite
Nate The
Great's Home Page- general purpose links
Ye Olde Paranoia Home
Page- a very good hacking source
H/P/A Links at Paranoia
- more hacking links
Ice-9's 3l33t L1nkZ
- even more...
AntiOnline- another huge
hacking cite
Hackers.com- lots of stuff here
Phrack Magazine- the phrack
magazine
Matt's Unix Security Page- a
very good source mainly for security links and documentation
Line Noise- lots of good links
and files
Archive of Hacked
Webpages- a big index with all hacking triumphs
Groupbell- need permission for
this
The Phantasy
World- cracks, hacks, phracks, security, ...
Daemon9- some stuff
here
Hacker's Catalog- a big
catalog with mostly hack products
Fuxor- a very interesting cite
Forever Knight- expolits,
links and much more
X- a good collection of exploits
FreeWorld
BBS- very useful
Swedish Underground- swedish
hackers
Cramer's
Phreak House- hacks, backdoors, other
IRC script and bots
information page- special interest hacking info
Ag Hacks - many
links
Lump- a few links here
Guide To
Lock Picking- lots of good things here
Portrait of J. Random Hacker- general info about hackers
The DataHaven Project- security
info and links
EFF
Archive- lots of info with hacking, cracking, phreaking content
CypherPunks
Home Page- something from berkeley
-|-|-|-|-|-|- No More Secrets!
-|-|-|-|-|-|-- you have to visit this cite
The GodZ of CyberSpacE
Archives- few links here
Computer UnderGround
Digest - lots stuff here
The Delphi Hackers'
Corner- a very useful cite
UK
Hacking Arena- hacks from UK
The Bishop- for hackers and
phreaks
Hackers
Jargon- learn the hackers dialect
Clipper
Chip Discussion- interesting links
Lucifer.com- a very good place
to visit
The Kevin Mitnick Saga- a
famous hacker
Underground Magazine
Archives- more phracks
HackWatch News- hacks,
cryptography
Kmartind - PC
Hacks - lots of hacks here
Netscapes Security
Problems- netscape stuff
PC Virus
Protection- viruses from COAST
Tarc
Meridian's Underground- more stuff
IHTFP Online Hack
Archive- the famous MIT collection
Security
Pages... Top Level- plenty of security info plus links
HaVock Alley
(Mac)- if you like havoc come here
Mack Hac 95 - mack
anyone ???
Usenet Links
alt.2600
alt.2600.hackerz
alt.2600.hope.announce
alt.2600.hope.d
alt.2600.hope.tech
alt.2600.moderated
alt.2600.QnA
alt.binaries.cracks.encrypted
alt.bio.hackers
alt.crackers
alt.hackers
alt.security
alt.security.pgp
alt.security.ripem
comp.security.misc
comp.security.announce
comp.security.firewalls
comp.security.pgp.announce
comp.security.pgp.discuss
comp.security.pgp.resources
comp.security.pgp.tech
comp.security.ssh
comp.security.unix
sci.crypt
sci.crypt.research
talk.politics.crypto
Security Information Centers
NJH
CERT
AUSCERT
CIAC
FIRST
Telstra
COAST
ISS
CSTS
FedCIRC
ICSA
ISC
NCSA
Central Intelligence Agency (CIA) Home
Page
NIST
IASE
L0pht
ASSIST
SANS
Seven Locks Software
WWW security FAQ
Firewalls FAQs
Security Mailing lists
Bugtraq
Rootshell
NTBugtraq
Firewalls Digest
AFT
The Alert
Best of Security
Borderware
CERT Advisories
Drawbridge
Firewall-1
Firewalls Mailing List
Firewalls Performance
Firewall Toolkit Users
Firewall Standards
Firewall Wizards
Freefire-l
Freestone
Freestone Announcements
IP Filter
Raptor
SecurID Admin
Encryption & Cryptography
Crypto
RSA FAQ
Electronic Privacy Information Center
Cryptology Unit
CryptoWeb
Crypto in Europe
IACR
PGP and what it does
PGP home site
Counterpane Systems
Bennet Yee's Security-Related Net Pointers
Crypto and Security Courses
Cryptography, PGP, and Your Privacy
Crypto-Log: The Internet Guide to Cryptography
EINet Galaxy's Security Page
Electronic Money and Money in History
Home Pages of Cryptography Researchers (Kevin McCurley)
International Cryptography
Oded Goldreich's Theory of Cryptography Library
Quadralay's Cryptography Archive
Richard Pinch's compilation
Security Resource Net
Sirene's Security and Cryptography page (IBM Zurich).
Spaf's Hotlist on Computer Security, Law, Privacy
Vinnie's Cryptography Resources
World Wide Web Consortium Payments Overview
World Wide Web Consortium Security Overview
ftp://fractal.mta.ca
ftp://ftp.darmstadt.gmd.de
ftp://ftp.funet.fi/pub/crypt
ftp://ftp.kfki.hu/pub/packages/security
ftp://ftp.kiae.su/pub/unix/crypto
ftp://ftp.ox.ac.uk/pub/crypto
ftp://ftp.psy.uq.oz.au/pub/Crypto (DES and SSL)
ftp://ftp.sunet.se/pub/security/tools/crypt
ftp://ftp.uni-mainz.de/pub/internet/security/SSL/ (SSL site)
ftp://ftp.unit.no/pub/unix/security
ftp://garbo.uwasa.fi/pc/crypt
ftp://gwynne.cs.ualberta.ca/pub/Crypto/ (SSL and DES)
ftp://pgp.rasip.fer.hr/pub/crypt
ftp://utopia.hacktic.nl/pub/replay/pub/disk
Michael Johnson's strong crypto library
Mindlink cryptography archive (formerly at Wimsey)
rschp2.anu.edu.au (Australian site for crypto software)
DES (Eric Young's implementation)
HAVAL hash function
MD5 (RFC1321)
MD5 (in C, as distributed by RSA DSI)
MD5 (in C++, prepared by Mordechai T. Abzug, mabzug1@umbc.edu)
RC4 Revealed
RC4 test
Crack (CERT)
Cryptext
COPS (CERT; unix security toolkit)
Cryptix-Java and Cryptix-Perl
Elliptic Curve cryptosystem in C++
Elliptic Curve cryptosystem in C
PGP
International PGP Home Page
MIT PGP key-server
PGPFone
RIPEM
RS Cryptography Development Kit
SATAN (Security Administrator's Tool for Analyzing Networks)
SSH (Secure Shell)
Crypto++ by Wei Dai
libch (C++/Assembly library for fast hashing on the Pentium)
LiDIA (number-theory package).
RSAEuro cryptographic toolkit
Security Indices
COAST Laboratory/Spaf's Hotlist comprehensive security hotlist
Computer Security Information
No More Secrets!
Anonymity and Privacy on the Internet
Bennet Yee's Security Related Net-pointers
Computer (In)Security Version 2.0 broad coverage of security and computing
Computer and Network Security Reference Index
Computer Security and Privacy
Cryptography and Computer Security
Cryptography Resources
Cryptography, PGP, and Your Privacy - WWW Virtual Library
Rutgers WWW-Security Index
SecureZone
Security Companies and Patches
HomePage: http://www.3com.com/
Patches: http://infodeli.3com.com/infodeli/swlib/index.htm
HomePage: http://www.adaptec.com/
Patches: http://www.adaptec.com/support/
HomePage: http://www.alliedtelesyn.com/
Patches: http://www.alliedtelesyn.com/library.htm
HomePage: http://www.amdahl.com/
Patches: http://www.amdahl.com/doc/support/ftpsite.html
HomePage: http://www.apache.org/
Patches: http://www.apache.org/dist/patches/
HomePage: http://www.apple.com/
Patches: http://support.info.apple.com/ftp/swhome.html
HomePage: http://www.ascend.com/
Patches: http://www.ascend.com/622.html
HomePage: http://www.axent.com/
Patches: http://www.axent.com/product/products.htm
HomePage: http://www.bsdi.com/
Patches: http://www.bsdi.com/support/patches/
HomePage: http://www.cabletron.com/home.html
Patches: ftp://ftp.ctron.com/pub/
HomePage: http://www.checkpoint.com/
Patches: http://www.checkpoint.com/techsupport/downloads/
HomePage: http://www.cisco.com/
Patches: http://www.cisco.com/public/sw-center/index.shtml
HomePage: http://www.cygnus.com/
Patches: http://www.cygnus.com/product/
HomePage: http://www.service.digital.com/
Patches: http://www.service.digital.com/html/patch_service.html
HomePage: http://www.fore.com/
Patches: http://www.fore.com/products/index.html
HomePage: http://www.freebsd.org/
Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/
HomePage: http://www.ftp.com/
Patches: http://www.ftp.com/techsup/patches
HomePage: http://www.hp.com/
Patches: http://us-support.external.hp.com/
HomePage: http://www.ibm.com/
Patches: http://www.ibm.com/security/
HomePage: http://www.intergraph.com/
Patches: http://www.intergraph.com/cust/ssupp.stm
HomePage: http://www.iphase.com/
Patches: ftp://ftp.iphase.com/pub/
Security: http://www.aoy.com/Linux/Security/
Patches: http://www.linuxhq.com
HomePage: http://www.lotus.com/
Patches: http://www.lotus.com/home.nsf/tabs/downloads2
HomePage: http://www.microsoft.com/
Patches: http://www.microsoft.com/msdownload/
HomePage: http://www.mot.com
Patches: http://www.mot.com/GSS/MCG/support/soft/index.html
HomePage: http://www.ncr.com/
Patches: http://www.ncr.com/product/integrated/software/
HomePage: http://www.netbsd.org/
Patches: http://www.netbsd.org/Sites/index.html
HomePage: http://www.netmanage.com/
Patches: http://supportweb.netmanage.com/patches/
HomePage: http://www.netscape.com/
Patches: http://www.netscape.com/download/
HomePage: http://www.newbridge.com/
Patches: http://www.newbridge.com/updates/
HomePage: http://www.novell.com/
Support: http://support.novell.com/
Patches: http://support.novell.com/misc/patlst.htm
HomePage: http://www.openbsd.org/
Patches: http://www.openbsd.org/errata.html
HomePage: http://www.osf.org/
Patches: http://www.osf.org/mall/others.html
HomePage: http://www.pilot.net/
Patches: http://www.pilot.net/services/serv-secure.html
HomePage: http://www.pyramid.com/
Patches: http://www.siemens-pyramid.com/products/software/index.html
HomePage: http://www.qualcomm.com/
Patches: http://www.eudora.com/eudorapro/updaters.html
HomePage: http://www.raptor.com/
Patches: http://www.raptor.com/products/datasheets/prodsheet.html
HomePage: http://www.redhat.com/
Patches: http://www.redhat.com/errata/
HomePage: http://www.sco.com/
Patches: http://www.sco.com/support/
HomePage: http://www.securecomputing.com
Patches: http://www.securecomputing.com/P_FWall_SWF_Docs.html
HomePage: http://www.sequent.com/
Patches: http://www.sequent.com/offerings/services/ao/fp/fptop.html
HomePage: http://www.sgi.com/
Patches: http://www.sgi.com/support/patch_intro.html
HomePage: http://www.sony.com/
Patches: http://www.ita.sel.sony.com/support/pc/softupdates.html
HomePage: http://www.sun.com/
Patches: http://sunsolve.sun.com/sunsolve/pubpatches/patches.html
HomePage: http://www.tenon.com/
Patches: ftp://ftp.tenon.com/pub/
HomePage: http://www.ub.com/
Patches: http://www.ub.com/general/support.html
HomePage: http://www.washington.edu/tech_home/
Patches: http://www.washington.edu/tech_home/software/
HomePage: http://www.starnine.com/webstar/webstar.html
Patches: http://www.starnine.com/software/software.html
HomePage: http://www.wordperfect.com/
Patches: https://206.116.221.21/Revisions/