Security pointers

Tom Dunigan's UTK/CS security course

Security pointers

NIST computer security and resources/conferences

Yahoo Security and Encryption and hacker news

security mailing lists and infosec news

newgroups: sci.crypt    comp.security.unix    comp.security.misc    comp.risks

cryptography archives

IACR J. of Cryptology including Cryptoxx and "Fast Software Encryption" conferences proceedings

Cryptologia

Cryptosystems Journal and the American Cryptogram Association ACA

Cryptography-related Journals

Information security magazine

UNIX security USENIX see conf. proceeding for security '99 and conference papers

National Information Systems Security Conference and '97 proceedings and '96 proceedings and '98 papers

conferences and call for papers CFP

ACM SIGASC

Annual Computer Security Applications Conference

Popular Cryptography journal of Internet privacy

Internet Security Review and SANS

Schneier's cryptogram

security-forums.com

opensec open security solutions

DigiCrime decrypting service

PGP

gnupg GNU and openpgp

MIT's pgp distribution

the PGP documentation pgpdoc1.txt and pgpdoc2.txt or html/postscript versions

beginner's guide and pgp4dummies and tip sheet

PGP 2.6.2 docs vol 1 essential topics, vol 2 special topics, vol 3 file formats

GNU's gnupg no RSA/IDEA

another PGP page and different version interoperability

BAL's PGP Public Key Server

alt.security.pgp news a FAQ

ESnet PGP key server and ESnet PGP key ring

Yahoo PGP page

MIT PGP Release

PGP 2.6.2 FAQ, Buglist, Fixes, and Improvements

PGP attack FAQ or PGP attack FAQ

PGPfone and time stamp service and pgptalk

web of trust analysis and The PGP Trust Model

SLED/Four11 key CA, for public key issues see Verisign FAQ

PGP Distribution Authorization Form

Pretty Good Privacy - in UK

Jeff Schiller's Home Page

BAL's WWW Home Page -- HTTP Version

passphrase usage and passphrase faq

diceware.com pass phrase info

how PGP works

PGP Inc and and PGP International

randomness of IDEA keys in PGP

smime info s/mime

skey

opie tutorial and opie paper

S/key ISOC paper (postscript, 74K) and RFC1760 and S/Key docs

skey paper

skey help page

logdaemon and wrappers includes BSD UNIX skey stuff or was here

winkey windows client

opie/skey ftp probably most portable implementation (linux, sunos, hp, irix, aix)

S/key ftp archive Sys V UNIX, PC, MAC, skey and skey archives (Bellcore)

skey vulnerabilities (there is also an skey crack program MONKEY, dictionary brute force) and maybe try here or here

SecurID ... Axent Securenet SNK ... Enigma Logic ... CRYPTOCard ... ActivCard

white paper on vulnerabilities of SecurID and a rebuttal

CERT's info on one-time passwords

CSI's single sign-on products

Xskey and a more secure keyinit ftp

java skey

SPEKE Strong Password Authentication and Bellovin's EKE

or consider these secure session services ssh or SecureCRT or srp or kerberos or stel or SRA telnet or SSL telnet or SPX or deslogin

Kerberos

Kerberos info and a nice paper

CMU Kerberos page and MIT's Kerberos page and ISI's Kerberos page

Athena Kerberos docs and papers (ftp) and USENIX Kerberos paper (html)

RFC 1510 kerberos v5

cygnus KerbNet includes NT support

newsgroup comp.protocols.kerberos and a FAQ and a Mailing List

Kerberos in windows 2000 or here

Sesame

Crypto API's ETF CAPI info

eSS (Generic Security Service API) RFC's RFC2078 v2 and SPKM or older RFC1508 and RFC1509 and IETF CAPI info

GSS api v2 C bindings

U of Il's Java GSS API

CDSA Common Data Security Architecture

TIS info on Crypto API's and ICE

SSL Secure Socket Layer from Netscape and SSL specs and SSL FAQ and a protocol overview

ftps ssl ftp and here

openssl and openssl api tutorial

Eric Young's crypto page and

SSLeay ftp and FAQ and programmer ref

SSL performance

sslwrap wrap services in ssl

Terisa

https and http performance and see Infosecurity mag. 10/99 and ipivot ssl front end

Java's JSSE secure sockets extension (SSL)

TLS ssl, the next generation, transport layer security

FGInt rsa, elgamal, dsa, source

pct private communication technology protocol

cross-site scripting

stronghold secure server and apache

ssh has a nice API

RSAREF 2.0 info

NSA API recommendations

Crypto Systems Toolkit

CryptoLib info from Bell Labs

RSA's BSAFE toolkit

PGP SDK

crypl110.zip Peter Gutmann's SFS cryptolib BLOWFISH, DES/3DES, IDEA, RC4, SAFER, MDC/SHS

windows crypto and wincrdll

Microsoft's CryptoAPI

pegwit uses square

Rivest's RC6

Eric Young's libdes or here

TEA Tiny Encryption Algorithm and key shedule weakness leading to XTEA

BICOM bijective compression with rijndael encryption

CAST or RFC2144 and cast-256 and crypto algorithms and CAST S box design bent functions

cryptix java crypto lib

another java crypto lib iaik

PKCS Public-Key Cryptography Standards, #11 is crypto-token API (cryptoki) also here

crypto software good stuff

crypto algorithms and crypto crypto performance ciphers, hashes, CRCs

Wei Dai's Crypto++ C++ API cryptlib, including AES candidates and panama

java 1.2 crypto architecture API and specs examples

java 1.2 java.security or java.security tree and java.security.interfaces and the jce cryptography extension and jce api and cryptix crypto lib

Java's JSSE secure sockets extension (SSL)

signing java code from Securing Java book

Gutmann's cryptlib and PRNG's for various OS's

Crypto Kong win95/nt

comparison of crypto libs

RPK

classical crypto routines and a vigenere applet

big integer software

gnu's GMP multiprecision arithmetic and also C++ Integer class Integer.h or Java's BigInteger or BSD's mp library mp.h or perl Math::BigInt

GNU's Multiple Precision Library software and gmp manual and speed tables

lidia C++ library for computational number theory and source and ntl number theory library

elliptic curve cryptography

Certicoms excellent tutorial

ecc '99 conference

RSA's elliptic curves cryptosystems and what are elliptic curves

elliptic curves bibilography and RSA's Elliptic Curve Cryptosystems (pdf) Key exchange with elliptic curves and elliptic curve software

ECC tutorial

menezes's page ECC and CACR and tech reports

Certicom ECC standards and X9.62 and X9.63 and a FAQ

ECC challenge ECC2K-108 broken

Rosing's book Implementing Elliptic Curve Cryptography sources

elliptic curve cryptography software or here

INRIA's break of 97 bit ecc

random numbers

random numbers and P1363 info and P1363 ftp and random number conditioning

RFC1750 random numbers

random numbers resources or here

Ritter's randomness links and randomness tests

Wagner's randomness links

/dev/random and random.c info also see Gutmann

Maurer's Universal Statistical Test for Random Bit Generators MUST and C source

Wagner's page or netscape randomness

PGP 5.0 weakness in random number generation

attacks on random number generators and yarrow

HAVEGE HArdware Volatile Entropy Generator

prng info R250

cryptographic noise Noiz and friends

Strange Attractors and TCP/IP Sequence Number Analysis 3-d rendering, PRNG analysis '01

havege hardware random numbers

Gutmann's software generation of practically strong random numbers pgp and /dev/random

Intel papers and RNG FAQ and stat tests for RNG on Pentium III 802 chipset and a white paper and inteface specs

review of intel RNG on i810 chipset (i82802 is the firmware hub with the RNG) linux 2.4 has /dev/intel_rng that can read it (8 bits/4 ms ?)

test code for 82802 rng

AMD AMD-760 MPX Chipset random number generator, linux support

via processor random number generator hardware and via nehemiah secure processor

RSA paper Hardware based random number generation

hardware RNG or here and newbridge or here or SG100

hifn's hifn.com PKI board and hardware RNG

using lava lamps for random numbers, lavarand (BBS, sha) see lavarnd.org

paper on testing pseudo random number generators and other info

prngd pseudo random number generator daemon and egd entropy gathering daemon

diehard test PRGs

ent entropy tester source

selecting a random number generator

FIPS 140-1 has some rng tests too

monte carlo estimation of pi applet

prime numbers

prime number page and largest primes and Mersenne Primes

prime number info and more and a history

more prime number links

meganumbers large primes and integers

Rivest's Finding Four Million Large Random Primes (dvi)

Carmichael numbers

galois fields

secure applications

cryptography.org crypto software

Secure telnet stuff includes deslogin or ftp which requires a DES key data base at the server and STEL which uses skey, DES/IDEA, and Diffie-Hellman. STEL source

Taiwan's secure telnet/rlogin/ftp uses key server, des

SRA telnet/ftp uses Secure RPC's D-H code to encrypt authentication

hushmail

Secure Shell ssh and a FAQ and ssh-1.2.26 and ssh for PC

getting started with ssh or guide for using ssh on pc

Ylonen's ssh paper

openssh and ssh.com ssh2

free pc ssh or another or another or one with source or another

free teraterm windows/ssh client or SecureCRT or putty

windows scp

windows/mac ssh clients or here

java ssh applet or mindterm java ssh client or appgate.com mindterm

java telnet ssh applet

more ssh links clients and such

ssh and Kerberos

ppp over ssh vpn

ssh2 free development psst

nautilus secure net phone

Stanford's SRP Authentication and Key Exchange (EKE)

secure FTP or safetp

webmail secure email or certifiedmail.com

CFS and ESM Cryptographic File System (CFS) and Encrypting Session Manager (ESM) and cfs mailing list and swIPe

lightweight crypto tunnel for linux CIPE also see vpnd and pipsec

http tunnel pass thru firewalls

keynoteTrust Management Toolkit

Sun's secure RPC

TCFS Transparent Cryptographic File System

DOS/Windows SFS Secure File System

linux file encryption or here PPDD or linux disk encryption summary '99

linux encryption howto api, disk, network

bestcrypt windows/linux disk encryption or at www.jetico.com

various windows disk and file encryption products/shareware and Cryptosystem ME6

Window's 2000 EFS encrypting file system or here or EFS resources

security of EFS

MAC disk encryption or here or filevault

RASP secure media

ide disk encryption

sigaba secure email

PEM Privacy Enhanced Mail and PEM rfc1421 and RIPEM info

MOSS MIME Object Security Services

links electronic commerce

electronic cash paypal or ecash and cybercash and First Virtual and millicent and iKP and digital money tutorial

bigvine, lassobucks, confinity, flooz.com, beenz.com

MasterCard's Secure Electronic Transactions SET

ietf's internet open trading protocol and iotp draft

FSTC Financial Services Technology Consortium (electronic commerce, checking, fraud prevention)

SFNB's security CMW+

SecureWare CMW's and Trusted MACH TMACH and ORA's THETA

dtos NSA secure os or here or here

NSA/VMware's Nettop mls os

secure linux bastille and NSA's security enhanced linux and Flask: Flux Advanced Security Kernel

secure bsd

Argus PitBull trusted OS, also see HP's Virtual Vault or Trusted Solaris

eros capabilities-based secure OS

info on openbsd security

Jim Rome's CMW slides (pdf) and NIST CMW info

commercial providers

watch out for snake oil and a snake oil FAQ

meganet virtual matrix encryption vme (see snake oil above)

Jetico linux/windows disk encryption and Cryptext or F-Secure Desktop or SecureWin or NT SHADE or scramdisk

syncrypt or certicom

other PC security

Sword & Shield

RSA and Secure Computer Corp

okiok.com security services

CriticalSecurity.com security planning, risk analysis '03

compaq's group atalla.com

TIS key escrow, moss, firewalls, fortezza, Trusted MACH

Secure Networks Ballista security scanner

crypto products and icsa

SecurityMetrics or SecureSoft USA

CSI Computer Security Institute (conference) and Trusted Systems and SANS network security

eracom and Information Resource Engineering (IRE) link encryptors (used by banks)

airdefense wireless protection

x-formation.com software copyright protection

Schumann Security Software single sign-on, role based access (rbac)

COMSEC Solutions and premonition role-based access

Motorola NES and INES and Xerox XEU and Wang TIU or here and DEC's old DESNC zergo link encryptors

hifn hardware encryptors 7751 and compression or Rainbow's crypto accelerators or ncipher or chrysalis-its

eyenetwatch.com biometric fingerprint and digitalpersona.com XP authentication

3com's 3XP NIC IPsec acceleration 3cr990 (lpz gets 92 mbs w/ 3des)

ISI GRIP high speed IPsec

HP's ICF international cryptography framework

cryptoheaven Secure Email and Online Storage

Ritter's ciphers dynamic substitution

OSF DCE security and IntelliSoft's DCE/Snare and DASCOM DCE

Intellisoft's DCE/snare vpn

Bellcore's VRA exportable file encryption

CORBA security and spec

UniShield and MITRE and Motorola

Elementrix POTP and Paralon LanKey

high speed security MCNC ATM and GTE's ATM FASTLANE encryptor KG-75 or Secant's CellCase and not so high-speed InfoGuard also Cylink's ATM OC3 encryptor and celotek oc12 atm ecnryptor

frame relay encryption

StorgeTek's ATLAS OC3 ATM security

cryptek B2 NIC and secure fax

Aladdin's hasp4 dongle against software piracy or hardlock or marx

securikey laptop dongle or everbee

Microsoft's Proxy Server

ISS and their links , includes a FAQ whitepaper

Safetynet Security and AntiVirus - Free Evals

CyberSafe and MOBIUS encryption tech and Hughes NetLOCK

cylink and AT&T hardware and software

network security scanners and scanner summary and Livingston's RADIUS

Nmap scanner or here

hping scanner

nessus security scanner

GFI LANguard Network Security Scanner

penetration testing or application testing

isolation.com 3DES encryptors

utimaco hardware disk encryption

SecureOffice 3DES for office

firewalls

firewall wizards archives and faq and links

YaHoo's firewall systems and firewall faq

network firewall notebook

The Firewall Report and a firewall products and review

NCSA Certified Firewall Products and ICSA's certified products

Ranum's why i no longer believe in firewalls

TIS firewalls ftp/fwtk and Gauntlet and Secure Computing's sidewinder and axent/raptor and firewall vendors

free t.rex and fwtk firewall toolkit

firewall appliances

CheckPoint FireWall-1 and VPN and NSC's NetSentry and DPF

DataComm's firewall performance and CMP's review of 6 firewalls and another comparison

CSI's firewall product analysis

a firewall FAQ

ultimately secure firewall and other firewall info

Ranum's Thinking about Firewalls and a firewall tutorial

DOMUS Firewall Penetration Testing and Haeni paper

firewalk filter probes or firewalk and IP filter

firewalking probing firewalls

Ugate's firewall nat box or sonicwall or gnat box or SOHO2000 or macsense xrouter

linksys router/firewall box for cable modems etc. masquerade

linux firewall/nat clarkconnect.org, there's also IP masquerade HOWTO

review of personal firewalls

signal9 personal firewalls conseal or zonealarm and trojan's to deactivate personal firewalls

outpost personal firewall

Norton's personal firewall or blackice defender or sygate personal firewall

trendmicro's gatelock personal firewall nat dhcp

Win* ids/firewall network ICE or infoexpress or IFW2000

MAC OS X firewall ipfw others: brickhouse firewalkX Norton Personal firewall (NPW)

shields up firewall tester

linux ipchains/ipfwadm firewall and firewalls paper

NIST site security and more firewall info and more info

SURF firewall paper and source

NEC's paper on firewalls and virtual private networks

comp.security.firewalls

wingate or here or socks proxy servers info on proxy servers

virtual private network encrypted IP tunnels / VPN

ORNL's virtual private network page (VPN) and tunnel performance data (PIX, PPTP, ipv6,netfortress)

Jain's vpn links papers, books

3com's 3XP NIC IPsec acceleration

more general VPN info and links/FAQ and more vpn links

Internet Week's vpn page

Network Computing's VPN review

Cisco's IOS security architecture and Cisco's PIX info and PIX's page encrypted links

Cisco's encrypting routers and TACACS info and spec

Gong's enclave paper. and TIS's DTE firewalls

Point to Point Tunneling Protocol (PPTP) and microsoft pptp info and here or here win95

PPTP specs

pptp for unix linux

PPTP for linux and archives

l2tp is combo of pptp and l2f layer-2 forwarding

Microsoft's Windows 2000 VPN

CHAP and PAP (PAP sends passwords in clear) MS-CHAP

ppp over ssh vpn

PPTP vulnerabilities and update and evaluation

Cisco's L2F tunneling protocol, combined with PPTP gives you L2TP.

NetFortress and DEC's altavista tunnel and network-alchemy.com

InfoExpress VTCP/Secure and UUNET's LanGuardian

DIGEX Virtual Private Networks and Hughes NetLOCK

IBM's SecureWay and Internet Security and IBM network security group

firstvpn.com

Datamation's VPN article

c2.org's SafePassage Secure Tunnel

smart cards

smart card security page

datakey des/rsa smart cards (specs), STU-III and info on smart tokens and telequip

smart card intro

USB crypto token crypto card or spyrus usb crypto token

Bellcore smartcard and Litronics

smartcard interface defn

smartdisk or RSA's info or safeboot or SmartDisk Security Corporation

IBM's cryptocards

FORTEZZA

June 1998 KEA and SKIPJACK declassified KEA and SKIPJACK specs (pdf, 819K) and annex (pdf, 411K) test vectors

Clapp's stream cipher similar to SKIPJACK?

SKIPJACK analysis

FORTEZZA approach and LOCKout and Spyrus FORTEZZA hardware

FORTEZZA developers info

lots of FORTEZZA and capstone info Rainbow's FORTEZZA Kocher's FORTEZZA info

SecretAgent AT&T FORTEZZA

Skipjack review

FORTEZZA and Mosaic and MISSI info

NIST's clipper chip info

FORTEZZA and Netscape and Clipper chip info

Denning's KEY ESCROWING TODAY

FORTEZZA documentation

Message Security Protocol (MSP) spec and use with FORTEZZA (WORD docs ) and Xerox SDNS MSP info

Certification Authorities CA and PKI

Nortel's ENTRUST and VeriSign

vasco roaming certificate

Eurosign CA and another CA GTE's CA or CyberTrust COST CA Xcert CA Thawte CA RSA's keon or wildid

OpenCA

certification authority (CA) info and more info and IETF X.509 pkix, public key infrastructure (PKI) and RFC1422 and RFC1487 LDAP

LDAP tutorial

NIST's PKI info

IEEE P1363 PKI standard

Gutmann's X509 style guide

SPKI and Rivest's SDSI 1.0 and S-expressions

Public Key Cryptography based on Braid Groups

OSF DCE and public keys and DCE and Fortezza

Sesame and SecuDE or here

BBN SafeKeeper in RSA's certificate signing unit CSU

Trusted Third Parties in Electronic Commerce

xcert

13 reasons to say no to PKI or looking for alternatives to PKI

government services and projects

FIRST and CERT and its ftp archive

FBI's national infrastructure protection center cybernotes NIPC

CIAC and bulletins

ESnet auth/security

ESnet key dn

DoD's disa Multilevel Security program

dragonfly in-line encryption

DoD's Orange Book or here or rainbow series and a summary and Trusted Product evaluation lists and an A1 system Gemini

UK's itsec certification e0-e6

NIST's latest common criteria product certifcation

echelon

Multics page or here and info on timing channels

Red Book NCSC's trusted networks

NRC's Cryptography's Role in Securing the Information Society and full report

NACIC national counter intelligence

Network Encryption history and patents

FIPS 140-1 SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES and testing

FIPS 186 DSS and FIPS 46-2 DES or FIPS 46-3 DES and FIPS 180 SHS SHA

Coopersmith DES design

FIPS 191 LAN security

security standards X9* and info on crypto standards or here like iso ietf

ISO17799 security standard

cipher standards

s/mime pkcs ssl standards

security protocols overview IPsec, ssl, tls, s/mime

GSA public key project

Federal Internet Security Framework draft document by the FNC's Security working group Collaborations in Internet Security

NIST Advanced Encryption Standard (AES) and winner is rijndael and rijndael page and source code round 2

rijndael page with diagram

square cipher forerunner to rijndael

AES proposals and performance and source code and round1 comments

AES final report why they chose rijndael

other AES finalists serpent and twofish and rc6 and mars

US Crypto Policy EES, ACM 1994

European's AES follow on nessie

Manhattan Cyber project

IP security

IETF Internet drafts or here or Internet drafts (UK)

IETF security info and IPsec info including Oakley, SKIP, Photuris, ISAKMP, HMAC and ipsec archives

Timestep's IPsec whitepaper

ipsec/ipv6 implementations 10/97 or here

NIST's Linux ipsec and JI's LIPsec

companies implementing IPsec

Bellovin's IP security shortcomings and Plaintext Cryptanalysis paper and MS-DOS implementation paper

NRL's PF_KEY raw socket key mgt.

key mgt for IP: SKIP and ISAKMP and Photuris and SKEME

S/WAN secure IP consortium or RSA's S/WAN page and cygnus swan

linux swan implementation

linux/bsd pipsec kernel free ipsec

OpenVPN

skip.org SKIP implementations

internet authentication rfc1704

IP Authentication header RFC1826 and IP Encapsulating Security Payload RFC1827

also see IP security architecture RFC1825 IP authentication with MD5 RFC1828 DES-CBC for IP RFC1829 keyed SHA RFC1852

NRL implementation of IPv6 security or here

Japan's IPv6 KAME project

DESX Kilian/Rogaway protecting DES against exhaustive key search DESX

DNS security and Internet draft

secure DNS ISC bind

dnssec.net DNSSEC (DNS Security Extensions)

SNMP v3 security and Stalling's article and keychange

historical: SDNS OSI NLSP TLSP sp3 sp4

key escrow

Clipper key escrow, and Fortezza (Denning)

key escrow

FIPS 185 Escrowed Encryption Standard (EES) and Clipper pointers

encryption policy and NRC's recommendations

US crypto policy

The Risks of Key Recovery

TIS's RecoverKey and Commercial Key Escrow CKE

Cylink's CyKey (pdf) key recovery

Denning's A Taxonomy for Key Escrow Encryption Systems and Descriptions of Key Escrow Systems

European govt's and key escrow

PGP's ADK's bug, key escrow

intrusion detection

Sobirey's list of IDS systems

ICSA's ids buyer's guide

SANS IDS tools and faq

NIDS faq

SNORT

instrusion.com UT's favorite

Data Comm's ids comparison slides and infoworld's review

intrusion detection made simple

dragon sensor

silentrunner insider threat

network forensics netdetector and netintercept

UC Davis and their CIDF and Frank's feature selection or artificial intelligence and intrusion detection

UNM security group

James Madison infosec

annotated bibliography and ids bibliography

emerald's live traffic analysis

MCNC and SRI

Coast projects and their autonomous agents and their ids page

SDSC's security projects PICS

metanetworks hi speed IDS and presentation

saint jude kernel-level IDS to protect a host

neural IDS

Deception Toolkit honeypot or honeypot or honeypot or touches

honeynet and why you should fear baby hackers

honeypots.net Intrusion Detection Systems, Honeypots & Incident Handling

honeyd

DARPA IDS Evaluation

Defending a Computer System using Autonomous Agents

Forrest's computer immune systems for IDS

SAIC CMDS projects Ranum's network flight recorder nfr and paper

Wietse's tools and papers and his new site and CIAC's tools and CERT tools

info on and archives of ids news group, majordomo@uow.edu.au

Performance Benchmarking of UNIX System Auditing and Coast's unix tools swatch...

bb4.com big brother, service monitoring unix

Ptacek's eluding network intrusion detection and vulnerabilities of IDS's

intrusion detection misc and shootout and tcpdump use

ids using tcpdump and shadow

snort for unix and windows, ids

ntop network monitor

LBL's Paxson's bro and paper

LLNL has NID LANL/Sun has NERD and LANL's NADIR other DOE tools and there is an AIS alarm system

SRI's NIDES or another NIDES or EMERALD or SRI intrusion detection

CMU's ids info and statistical-based ids

using cisco's netflow data for intrusion detection host profiles and here

rowland's abacus project and portsentry or ngrep or tcpshow

windows inzider port to process association

USAF's DIDS or Navy/Marine ICE-PICK

ISS's RealSecure or Wheelgroup's NetRanger

TIS's stalker

ProWatch Secure or abirnet's sessionwall

network general's cybercop and cybercop FAQ

En Garde's T-sight manual intrusion detection

monitoring tools Argus     tcpdump or tcpdump.org     and tcpdpriv wash tcpdump data

ethereal or ethereal.com and for windows tcpdump windump     netlog     INTOUCH INSA

etherape viewer

libnet raw packet lib, use with libpcap

Axent's Intruder Alert or MimeStar

AbirNet

IDS tester replay tcpdump's

DARPA intrusion detection evaluation

mjr's host burglar alarms

whitehats.com

CERT's intrusion detection check list and recovering from a root compromise

vulnerabilities

CERT advisories and CIAC bulletins and ISS xforce alerts and NIPC's warnings

CERT incident stats and a paper

Mitre's cve common vulnerabilities

securitytracker vulnerabilities list

Top 10 security stories of 2000

Yahoo's hacker news and SANS newsbites and securityfocus news

Microsoft vulnerabilities and patches

leaky ethernet broadcasts '03

master key vulnerabilities

information warfare and another and another and another and another and another and a bibliography

iwar.org.uk information warfare

info war IASIW and Libicki's What is information warfare?

TIME's ONWARD CYBER SOLDIERS ( or local copy) and Commando Solo and America Under Attack

12/26/00 info warfare

6/19/01 cyber warfare

NSA's cyber-attack and moonlight maze

CNN's cyber terror or here or here

DARPA's information survivability

Wired's cyberwar 2002 feb '98 issue

infowar.com or NSA's operation Eligible Receiver

PC week's hack invitation 10/99 and here

emp and herf

threat info CNN's internet insurgency includes a timeline

insider threat another insider threat story

Open Computing cover story(s) and a Security Timeline and a survey

Threat Assessment of Malicious Code and Human Threats

risk management software review or risk assessment

caspr commonly accepted security practices or cobit and CERT's octave threat/asset and vulnerability evaluation

ranum's risk assessment walkthrough

Winkler's USENIX '95 social engineering and industrial espionage social engineering

dsniff man-in-the-middle attacks against ssl/ssh

The Internet Threat

information survivability

I-way security

war dialer's hammer.com or Sandstorm PhoneSweep or telesweep or THC-SCAN

ISS's vulnerability database

info from Berkeley on ip spoofing and endpoint/nfs vulnerabilities (10/11/95)

IP spoofing

ftp bounce attack

stack attacks buffer overflows and on DEC unix and a paper

sql injection exploits

phrack bypassing stackguard stackshield

how to write secure code

testing for buffer overflows

idle scan stealth

tempest electromagnetic emissions and tempest links and van Eck radiation and here

takedown Mitnick/Shimomura, also TIME's article and details on attack

satan FAQ and satan info and SATAN tool page and courtney

saint network scanner

NT/win95 satan-like tool ogre scanner

nmap port scanner and OS profiler queso

p0f pof OS profiler and siphon

Network Computing's review of security scanners 7/15/98

IIS rds exploit

Ranum's Taxonomy of Network Attacks slides (also here) or here or pdf

session hijacking

Strange Attractors and TCP/IP Sequence Number Analysis 3-d rendering, PRNG analysis '01

SYN flooding panix and technical details and Sun patch info and Cisco TCP intercept and syn cookies

info on smurf attacks and land attack

naptha various TCP denial of service attacks

countermeasure backtracking DoS (denial of service) dostracker or dostrack or centertrack or pdf

paper on dos attacks '03

Cisco's tracking packet floods using cisco routers

win* patch for teardrop attack linux teardrop

distributed denial of service stacheldraht or trinoo or tfn tribe flood network or tfn2k or Cert's denial of service tools

CERT's denial of service workshop pdf

ICSA's info on ddos

hackernews article on denial of service attacks

Cisco info on distributed denial of service attacks

hwa-security hack codes

email anti-relay or here forwarder, mail relay

anti-spam

mimesweeper content security and malicious data

MCI's TCP/IP security checklist

clickkiddie.net point and click attacks

Stoll's Stalking the Wily Hacker

L0pht computer underground

US News hacker article June 97

stack attacks

common network ports used by hackers, or trojan ports

net attack survey

denial of service attacks RFC1636 and doshelp.com ports and exploits

Wietse's guide-to-cracking and cracking software

Muffets crack Unix password cracker

password crackers john the ripper and password tools

NT password cracker l0phtcrack and re-setting NT passwords

BIOS passwords -- many vendors have backdoor passwords in their BIOS, visit here or here or PC hacking faq or here

AccessData cryptography and password recovery and more password recovery

sniffer faq

trinux bootable sniffers

sniffers and a sniffer FAQ or here and sniffit

sniffer detector antisniff and sniffer bait

UC berkeley sniffer detection paper and a sniffer detect faq

dsniff aritcle sniffing on switched net (also read about hunt) and dsniff

etterccap switch sniffer

cold sniffer

solaris sniffer on unplumbed interface

raw IP FAQ and bpf libpcap

unix exploits and script kiddies

En Garde's IP-watcher

windows 2000 sniffer natas sources

keyboard sniffers and revelation display password behind asterisks on win* or hardware or hardware or keyghost or here

keystroke loggers and detectors spycop or spydetect

keyboard sniff fbi legal case privacy

Internet security diary

Muffet's WANhack doc and slides

X security and Unix security software (rootkit,xkey.c), links, and here (info on xauth and mxconns)

SyMark Unix security packages

linux ramen worm

How to 0wn the Internet in Your Spare Time '02 worms and viruses stats, paxson

labrea worm trap, labrea source

vulnerability tester

MIME dangers

white paper on vulnerabilities of SecurID

8lgm adivsories and Secure networks papers and advisories

alt.2600 FAQ or ftp or www.2600.com and PHRACK or www.phrack.com or www.phrack.org

security/hacking software packetstorm or rootshell or hackernet or elitehackers or undernut or anticode by OS or bugware or here or unix exploits or ADM exploits adm

top 50 hack tools

antionline and or hacker news a hacker faq or self-evident and exploits

antionline's hacker profiling hacker profiles

exploits shokdial unix war dialer

shadowpenguin

lsd-pl.net

hacked pages archive

hack FAQs NT, web, netware

bnc irc proxy

nt root kit keyboard sniffer

rootkit and more hacker files and here and here and here

list of rootkits suckit

anatomy of breakin

Phrack loadable kernel modules

chkrootkit detect rootkit

appcap capture application output/input

A Portrait of J. Random Hacker

Hacker'z Blood and underground archive and hacker's tools

Yahoo's hacker page

software bugs/reliablity fuzz testing

First Virtual's keyboard sniffer attack

security of cable modems

viruses

history of viruses and more virus info

Win95/CIH virus

viruses and more virus info including newsgroup FAQs

Symantec vbsim virus simulator

McAfee info or F-Prot info or Norton AntiVirus or Dr Solomon or NIST virus info or IBM's antivirus or avertlabs

Sophos anti virus

TrendMicro's antivirus.com email scanner

SANS incident.org internet storm center, alerts, worms, DDOS, viruses

NH&A anti-virus, security and network management software

CIAC's virus database

UNIX viruses and Bliss and scanner

netbus trojan horse like back orifice BO2K

brownorifice

worm construction kit

good times virus hoax and other computer virus myths and internet hoaxes and urban legends and urban legends

cryptanalysis

becoming a cryptographer

cryptography.com

Timing attack or Kocher's page and RSA's response

Bellcore's stress attacks on tamper proof devices and DES

DVD cracker 11/99

Intel's HDCP high bandwidth data copy protection

EFF's DES cracker or Shamir's twinkle sieve or here or twinkle paper or FPGA DES

Extracting a 3DES key from an IBM 4758

Weaknesses in the Key Scheduling Algorithm of RC4 WEP vulnerability and RC4 analyses

PKZIP attack

unicity and DES

RC5-56 brute force

Differential Cryptanalysis of Madryga

Differential Cryptanalysis of REDOC III and see Shirriff

breaking DES or Wiener's other cryptanalysis files

DES and DFA differential fault analysis (smart cards) or Design Principles for Tamper-Resistant Smartcard Processors

Kocher's differential power analysis (smart cards)

Breaking DES Using a Molecular Computer and Adelman's seminal paper Molecular Computation of Solutions to Combinatorial Problems

Entrust quantum computing and cryptography 9/03

Shor's Algorithms for Quantum Computation discrete logs and factoring

Bernstein's NFS factoring optimization

MIT/Stanford quantum computing or qubit.org

quantum computing or here or here

quantum computing

MD5 collisions

RSA's info on attack on hash functions

RC4 weak keys

Architectural considerations for cryptanalytic hardware

Allies' decryption efforts during World War II and enigma/purple bibliography

PBS's decoding nazi secrets

Java/WWW

Netscape's security overview and data security

www security faq

Mosaic's user authentication tutorial .htpasswd .htaccess and setting up htpasswd and apache user authentication and FAQ

apache server security tips and secure server tutorials and setting up apache ssl server or apache ssl

www authentication

What's a cookie or cookie info or rfc 2109 cookie rfc or cookies and privacy a cookie example

WWW security and a FAQ and NCSA's web security

Internet Explorer Bug 2/27/97

NT IIS exploit 6/99

CGI security and a tutorial and another tutorial

cgii security

Java applet security and a FAQ or security faq

More Java Security: Low Level Security in Java and bugs

java security fundamentals

Datamation article: Yes, Java's Secure. Here's Why

hostile applets

Princeton's Secure Internet Programming: News and web spoofing

Princeton's description of Java security problems

Sun's response to recent security problem: DNS Spoofing and Java

Netscape/Java security patch: Applet Security Manager patch

Second Java security bug: Digital Espresso (extract):

All reported bugs (above) fixed by Netscape: SECURITY ENHANCEMENTS IN NETSCAPE NAVIGATOR 2.01:

A new security bug: c/net Article:

Sun's response: Security Update:

applet net vulnerable and java security news release

Java security or Securing Java

Java encryption or at systemics or at phaos

Java security book or Security in Java 2 SDK 1.2

JavaScript security problem: RISKS Digest (extract)

ActiveX Exploder signed applet ( authenticode )

malicious mobile code consortium

ActiveX workshop mobile code risks

NT security

NT security and ntsecurity.com and ntsecurity.net

online book Internet Security with Windows NT

Sheldon's NT security

Microsoft security and another and an NT security FAQ and NT password recovery

ISS' NT security or NT Security Risks and article

trusted systems nt security

auditing NT for a break-in

NT exploits

NT security white paper and ntbugtraq

netbios CIFS whitepaper SMB vulnerabilities and rfc1001 and rfc1002

Windows 2000 security

UNIX security

RFC2196 Site Security Handbook

COAST Unix security and Spafford's hotlist

tripwire '02 and fsdb file signature database

Improving the security of your Unix system

Secure UNIX programming FAQ

A taxonomy of security faults in the Unix operating system (thesis)

Reliability of UNIX utilities or newer version fuzz

An Architectural Overview of UNIX Network Security

bugtraq archives or securityfocus.com bugtraq and bugtraq stats graphs

Wagner's computer security

computer security info

setting up anon ftp and FAQ

Sun's BSM basic security module audit or in answerbook

sun solaris security binary fingerprints, acls, rbacs security bulletins

education

Tom Dunigan's UTK/CS security course CS594 and Fall '96

Vaudenay's communication security plus book

NYU security course and MIT/Rivest's '95 course and '96 course

list of online crypto courses and Rubin's list and Schneier's list

Stinson's Cryptography and Computer Security

Wagner's course with links to papers

CCNY's course good links

Popyack's course

oregon state's course

uppala's course

ADFA's course

LANAKI's classical crypto course

Gutmann's encryption and security tutorial

Oberlin's CS115 Cryptology classical cryptology

UC Davis: Modern Cryptography (Phil Rogaway)

MIT: Network and Computer Security

MIT: Intro to Cryptography and Cryptanalysis

Applied cryptography seminar held last year at Princeton University

Maryland's Neumann's course on information systems survivability

Delp's cryptography and secure communications

Koc's Security and Cryptography

Cryptology course at UMBC

Cryptography and Data Security Worcester Polytechnic Institute

Schaefer's crypto courses

John Hopkins

UCSD: Modern Cryptography (Mihir Bellare)

Kevin McCurley's course on Cryptology

Charles Blair '94 class notes

CSU Hayward and Duke

Sandia's college cyber defenders

Crypto course for 8-12 year olds

Communications Security and Vulnerability

Schneier's cyrptanlysis self-study

Computer and Network Security

Spillman's class page

TAMU's hack lab

intro to crypto

people and papers

good collection of first papers

Denning's page and her paper on Future of Cryptography

Rivest's page and his papers

Ellis's early reports on non-secret encryption pre-RSA and story of non-secret encryption

Eli Biham page

Wagner's page and Ross Anderson

menezes's page ECC

marcus ranum or here

security researchers and Kevin's pages on Protecting Privacy and Information Integrity

Thompson's Reflections on trusting trust or here

Peter Neumana's page info survivability, risks, emerald

Stinson's page

Jenkin's page hash evaluation and avalanche

Schneier's papers and counterpane's extensive online crypto papers and Rogaway's papers

Guntmann's page and slides and links

Chaum's Security without Identification

Shoup's papers

Ritter's page

multiparty D-H

security papers and crypto bibliography and links

key length paper and NSA's (?) response

NSA's inevitability of failure need for secure os

NIST's early computer security papers trusted systems and such

Intel/Verisign more secure chip 9/02

fast software encryption bibliography fast software encryption for pentium

acm crossroads security papers

Cryptographic Algorithms

hashes and compression FAQ and compression and encryption

CRC links and CRC intro and performance of checksums and crc's over real data

ISI MD5 performance

tiger hash function and RIPEMD-160 or RIPEMD-160 and source

keyed hash functions RFC 2104

Rogaway's umac message authentication and an authentication codes bibliography and hash summary

MD5 message authentication and RC5 and RC6 and RC4 ?

SHA SHS, Secure Hash Standard

RSA papers on block ciphers and stream ciphers

panama hashing and stream cipher and source

hashing function lounge and hash functions and more hash function references

hash functions message digests

calyptrix speed, haval, random

IBM's paper on public key cryppto based on shortest nonzero vector in an n dimensional lattice

Gathen's Exponentiation in finite fields: theory and practice

white papers on email security, spam and intrusion prevention

Ballardie's multicast security and Scalable Multicast Key Distribution RFC1949

GKMP architecture and specs also see internet drafts

Dunigan's page and report on group key management

secure multicast and UCSB's secure multicast and Pessi's secure multicast

Erbele's high-speed DES implementation

Mittra's Iolus scalable secure multicasting

Bellovin's papers and Blaze;s papers and other research.att papers

applied crypto online readings

online books A Hacker's Guide to Protecting Your Internet Site and Network

Shor's page AT&T

MITRE's Security Publications

RSA's CryptoBytes technical newsletter and IEEE's Cipher newsletter

Crypto paper archive and Irvine's crypto abstracts

Rogaway's publications and UC Davis papers and more crypto papers/books and Bellare's papers and IBM's papers or IBM's CyberDigest and COSIC's publications

SAFER paper

paper Rubin's remote executables

Savard's cryptographic compendium crypto systems or here

security library pointers to papers online (including worm, berferd, tripwire)

books

Prentice Hall books and Wiley books and Addison Wesley books

CRC and O'Reilly security books

Schneier's Applied Cryptography and source

Handbook of Applied Cryptography and on line version and ICSA Guide To Cryptography

Stalling's Cryptography and Network Security and links

National Research Council's Cryptography's Role in Securing the Information Society

Birman's Building Secure and Reliable Network Applications

Aegean Park Press military

US Army's Field Manual on Basic Cryptanalysis FM 34-40-2

Navy's CSP-845 cipher and M-209 and CSP-488 or M-94 and ECM Mark II

first published book on cryptology 1518

Kahn's classic the codebreakers

other

secure processors via nehemiah or DS5001FP

NIH's security links

security reference

cryptographyworld.com

stealth computing over the Internet, and parasitic computing

infosyssec computer and network security resource

UCB's ISAAC project and hack page or its US mirror

crypto page and another and a good page and another

cipher taxonomy

self-protecting code ? cloakware.com trusted software

network security links

Whither cryptography?

ACA 's classical crypto resources more classical crypto

classical crypto cipher machines and such rotor machines

enigma page and another and another and another

enigma applet and java version

enigma applet

Japan's purple cipher machine

field ciphers and civil war ciphers

NIST's Security in Open Systems and Introduction to computer security

NIST RBAC role based access control and RBAC web access and TrustedWeb RBAC for the Web demo and another and another and premonition role-based access and ckm 2000 split keys

quadralay's page and lots of links

security and hackerscene

voting or electronic polling sensus more sensus info or campus voting and votehere.net

internet voting and remotevote and critical study of SERVE

bit commitment

Fred Cohen & Associates

The Five Great Inventions of Twentieth Century Cryptography

ISRC info security research and teaching (au)

Pointers to Cryptographic Software

The Cryptographers Home Page DES, authentication, C source

ORNL's network security and DOE's info security

DOE's security site

ANL's Zipper Secure Communications for High-Performance Computing

Biham's SIMD parallel DES

Intelligence Newsletter

RSA's Security Solutions catalog

authentication: hand geometry and '96 Olympics security and biometrics and other access controls

IETF's common authentication technology kerberos with pki, spkm, gss

German security page or crypto page or UCSD page or Henry's page

RISKS digests

cypherpunks

EINet Galaxy security info

Cryptolog internet guide to cryptography

encryption with cellular automata

cryptography timeline

UWM's Center for cryptography, computer, and network security

Microsoft security

Lucent's Inferno network OS with security

FAQs

RSA's cryptography FAQ

Usenet security FAQ

One-Time-Pad FAQ or here

sci.crypt FAQ and ISS's FAQs and RSA FAQ and Verisign's digital certificate FAQ

USENET security FAQs and other FAQs

wireless

Privacy and Authentication for Wireless Local Area Networks and other papers

wireless application protocol wap and wtls spec pdf and wap forum

wap security and columbitech.com

IEEE 802.11 WEP wired equivalency privacy another 802.11 info

war driving and wardriving.com and wardrive.net wireless security

wireless visualization project and wireless map

directional antenna with a pringles can and coffee can

WEP security flaws

WEP sniffer airsnort and airsnort home page and netstumbler and wepcrack useful for war driving

security aspects of wireless LANs

lucent/wavelan 128 bit RC4 also see cisco/aironet

GSM cell phone encryption and breaking GSM and '98 A5 attack and more GSM info and here PCS 1900 and GSM World and shamir paper

A5 study '03 and GSM interceptions

GSM security

GSM security study

GSM security architectur

AT&T/cycomm

cell phone encryption CMEA

Qualcomm CDMA digital wireless communication

spread spectrum

VCR plus

bluetooth and E0 algorithm

bluetooth security and security weaknesses in bluetooth

bluetooth vs 802.11

privacy

is strong crypto a human right '98

privacyrights.org

legislation and privacy and anonymity and privacy

Bacard's privacy page and Robert's anonymity links

Electronic Frontier Foundation and echelon/privacy

anonymous remailer FAQ or list

mixmaster remailers and list and essay

hushmail and mutemail

anonymous browsing anonymizer or safeweb

identity theft or here or here or here

US govt FTC identity theft page

legal

crypto law survey (laws for various countries) and legal issues

Cryptography Export Control Archives and export control policies and Wassenaar Arrangement

export restrictions relaxed january 2000

ITAR exemption for foreign travel

washington post article encryption export

international survey and foreign encryption products

PECSENC subcommittee on encryption

VPN legal issues and links

Surety's record authentication service and info on time-stamping and legal precedents and firstuse service

rfc 3161 time stamp protocol x.509

legal aspects of digital signature

certified time and of course NTP

forensics

internet forensic resources

summary of forensics books

TCTCoroner's Toolkit or here unix forensics, post morten

sleuthkit or FIRE bootable CD

forensic toolkit NT/windows hidden files etc.

black ops of tcp/ip forensics and reciprocal ids 11/25/02

Purdue cyber forensics

NY Times article

infoworld's computer forensics

computer forensics ltd or electronic discovery

computer forensics online and icsc

NTI

forensics problems 7/02

training and comuforensics more training and tools

unix forensics

consultant and berryhill and network international

network forensics netdetector and netintercept

wipe wiping magnetic media and Gutmann's Secure Deletion of Data from Magnetic and Solid-State Memory

windows window washer

steganography

steganography mailing list and software index

steganography overview

tools

Neil Johnson's stego page and steganography paper

detect stego on the internet '02

bin laden using steganography ?

gray-world.net stego and covert channels

more steganography

steganography info and here

anagrams

steganography information hiding home page

steganography and tempest paper

the rise of steganography

EzStego and other software stools and such from sevenlocks

weaknesses in some stego software

outguess stego software

whitespace steganography

wrapster hide documents in mp3 for use with napster

NTI's data hiding unformatted floppy, unused tracks, etc.

semantic-preserving steganography

StirMark Image Watermarking Robustness Test

Phrack 52's steganography thumbprinting

Rowland's covert TCP channels or here and related Phrack article and covert OSI channels

ackcmd remote shell using ACK's

A Guide to Understanding Covert Channel Analysis of Trusted Systems

Navy's covert channel guidelines and DoD's Orange Book section 8

DNS tunneling or http tunnel

steganographic file system

LANL's data embedding

Invisible communication

secret language

Workshop on Information Hiding

On the limits of steganography

Wayner's book Disappearing Cryptography

digital watermarks and another

copy detection and Doneh's Collusion Secure Fingerprinting of Digital Data

DICE and Digimarc and a report

ciphile.com stego software

Rivest's confidentiality without encryption chaffing and winnowing