Welcome to My Hotlist
Table of Contents:
- Azure
- Unix Resources
- Cryptography,
Firewalls,
and Computer Security
Unix Resources
Cryptography,
Firewalls, and Computer Security
- Fortify for Netscape
is a
program
that provides world-wide, unconditional, full strength 128-bit
cryptography
to users of Netscape Navigator (v3) and Communicator (v4)
- iNFOSYSSEC
Cryptography,
Encryption and Stenography
- COAST
Computer
Security
Archive has a great selection of security
tools.
- NIST Computer Security
Resource
Clearing
House
- CIAC
- Netcraft
Internet
Security
Diary is useful if you have trouble keeping up with all of
the security mailing lists
- Stack
Smashing collects information on an important class of
security
vunerabilities
and how to exploit them - i.e. buffer overflows
- DISN
computer
security
bulletins
- Network
security by CNS has information about firewalls, FAQs,
tools,
documents,
and more links.
- Linux
Security
- 8lgm
- rootshell.com
- CERT FTP archive
- SUNET security
FTP
archive
- NRL (link now
restricted to
.gov
and .mil) has an extensive computer
security library (link now restricted to .gov and .mil)
and the
one-time
password system OPIE
(unrestricted).
- SKEY is an
older
one-time
password system.
- SPAWAR
infosec
program
- Johnson's
network
security
page
- Gateway to
Information
Security
- NIH
computer security
information
- Telstra
Corporation:
Computer
and Network Security Reference Index
- Huge collection
of word
lists
for password checking, etc.
- Underground
- DEFCON
- anonftpd
is a secure FTP server which only supports read-only anonymous
FTP.
- System
and
network
security links
- Cisco
password
decrypter
- NT Security
FAQ
- NT Security Risks
- Microsoft Windows NT
Security
and
Administration
- A
document on the security of software licence control systems.
If
you're
interested in software licence control systems, you might also
look at Software
Protection
in the UNIX Environment which is a more general
discussion
of licence management under UNIX.
- ypghost
demonstrates NIS/YP spoofing.
- Wietse
Venema's
tools
and papers
- MLD's UNIX security page
has papers,
software, and more links. Very useful.
- RAPTOR has a security
library with interesting papers.
- Silicon
Toad's
page
has computer security and hacking related resources
- The
University
of
Cambridge Computer Lab has a very nice collection of
computer
security
related links
- X's hacking
page
- STDS
-
Hack/Crypto/Virii
- Index of
/pub/hacker/unix
- Hacks
and
Cracks
- Security
and
Hackerscene
- The Ping o'
Death
Page
- HP bug of the
week
- Information
on
IP spoofing and more
- PHRACK is the legendary
hacker's e-zine.
- Irish hacking
homepage
- Irish
Computer
Security
Archives
- daemon9's
security/hacking
FTP site
- Generate ICMP
redirects
for testing
- C source for Solaris 2.5/FreeBSD
- ipsend
allows sending of many types of IP packets for network/security
testing
- arnudp.c
sends a
single
udp datagram with the source/destination address/port set to
whatever
you
want. In particular, this illustrates a danger of having UDP
echo
service
turned on in /etc/inetd.conf on many versions of UNIX. Consider
the
result
if source address and port are set to localhost and 7
respectively -
the
inetd in FreeBSD 2.2 seems to detect this denial of service
attack, but
many UNIX variants do not
- T.I.S. has a free
firewall toolkit that can serve as a component of a
firewall. Some
other firewall toolkit related information:
- An
MBone
Proxy for an Application Gateway Firewall
-
Interested in Java and WWW security? Check out
- X
windows
security
links
- Crash
Course
in
X Windows Security
- SOS Corporation has a free
firewall package
with source code called Freestone.
-
Some information on and implementations of SKIP - IP level
cryptography
and key management
- IP
Filter
is a TCP/IP packet filter and NAT for Solaris, SunOS, NetBSD,
FreeBSD,
BSDI
- Filter
Language Compiler
generates filter rules for various packages including IP
Filter and Cisco
routers
- SOCKS is a generic
circuit-level
proxy that is useful for building firewalls. There is also a SOCKS
ftp site.
- Building
Internet
Firewalls
is currently the best practical book on building firewalls. An errata
sheet is also available.
- Firewalls and
Internet
Security
is another excellent book on Firewalls. The first book on
firewalls,
and
in many ways, the best.
- ftp://ftp.win.tue.nl/pub/security
has useful tools, including tcp-wrappers which allows one to
control
and
log access to TCP based services.
- V-ONE has
- SSH is a package
which
provides
for encrypted login sessions, X windows and more general TCP
connection
tunneling, strong authentication. It is intended as a drop-in
replacement
for the Berkeley "r"-tools (rsh, rlogin, rcp). Also look at
- STEL
is an encrypting telnet replacement with built in support for
skey
authentication.
- SLr* -
rsh,rcp,rdist
over
SSL
- A free SSL
implementation
and some
SSL apps
-
CFS is a relatively portable encrypting filesystem which runs
under
several
flavours of UNIX including: Sun OS 4.1.x, Solaris 2.4, AIX,
IRIX,
Linux,
BSDI. Version 1.3.2 of CFS also includes ESM. ESM is a general
purpose
session encryptor which uses a hybrid Diffie-Hellman/triple-DES
encryption
technique and will work over almost any link (combination of
modem,
telnet,
rlogin, etc.). CFS is available from the following sites outside
of the
U.S. and Canada:
- Coldfire
has a
nice list
of computer
security
links.
- ISS has a good commercial
network
security
scanner, plus some
useful
links, a selection
of computer security mailing lists, and computer
security FAQs.
- SATAN checks for
some well
known
network security holes (be sure to get version 1.1.1 or later).
Definitely
overhyped, but still worthwhile.
- All sorts
of cool
stuff
- Quadralay
cryptography
archive
- A list
of
cryptography
sites
- The Time
Hack
Cryptology
Shack
- Pat
Farrell's
cryptography
sources hotlist
- RSA Data Security Homepage
- Pretty Good Privacy, Inc. Home
Page
- Crypto-Log:
Internet
Guide
to Cryptography is a very impressive set of pages with
many
good
links.
- Ray
Chiang's
cryptography page
- clipper.uvic.ca
has Applied
Cryptography
source code diskettes
- LIBDES
is an
excellent
DES implementation by Eric Young.
- RsaEuro
is an
RSAREF
compatible library written outside the U.S.
- Queen's
University
Cryptography
and Data Security Lab
- cryptlib
is a portable encryption library
- Crypto++
is a
free C++ class library of cryptographic primitives
- idea.sec.dsi.unimi.it
cryptography
archive (FTP)
- ftp.ox.ac.uk
cryptography
archive
(FTP)
- ftp.funet.fi
cryptography
archive
(FTP)
- ftp.uni-trier.de
cryptography
archive
(FTP)
- fractal.mta.ca
cryptography archive
(FTP)
- Index of international
cryptography
pages
- Mark Riordan's
cryptography
FTP
site. See the file GETTING_ACCESS
for instructions on getting access to cryptographic software
(U.S./Canada
only).
- MIND
LINK
(formerly
Wimsey) cryptography FTP archive. Unfortunately, access
to
cryptographic software is limited to U.S./Canada only.
- Michael P. Johnson's
North
American
Cryptography Archives
- Canadian
Cryptographic/cryptanalytic
software
- Official PGP
distribution site
for U.S./Canada at MIT
-
The US/Canada-only version of mutt
is a nice mail user agent for UNIX systems which includes PGP/MIME
support
- Pretty Good Privacy, Inc.
- Calc
is C-style arbitrary precision calculator
- Where to get PGP
FAQ
- International
PGP
home page
- sci.crypt
FAQ
- How To Make A Mint: The
Cryptography
of Anonymous Electronic Cash - NSA report on ecash
- Cryptography,
PGP,
and
your privacy
- Cypherpunks
- Vince
Cate's
Cypherpunk
page
- Home
pages
of
researchers in cryptography
- Cryptography
export
control
archives
- Crypto
Law
Survey gives information on the laws of various countries
regarding
the use/import/export of cryptography.
- The Risks of Key
Recovery, and
Trusted Third-Party Encryption tells why the U.S. plan for
government
access to cryptographic keys is risky and impractical
Basic
Cryptanalysis is a course in elementary cryptanalysis from
the U.S.
Army. Alternate
site