Jax RCFB Security Page

• This Web page provided as a public service for those seeking information about computer and network security.
• Some sites listed herein may encourage dubious online activity.
  • Use your "judgement tempered by experience", as Nero Wolfe used to tell Archie Goodwin.
• You might consider turning off JavaScript, Java, and other extended browser facilities before browsing these sites
• Some More Important Disclaimers here

Contents

• Alerts
• Law
• News & Info
• Secure Programming
• Spam Prevention
• Tools & Tricks
• Unique
• Bizarre

Alerts

• Computer Emergency Response Team (CERT) is the world's central security alert site.
• Computer Operations, Audit, and Security Technology (COAST) from Purdue University.
• Computer Incident Advisory Capability (CIAC) from theUnited States Department of Energy.

Law

• National Infrastructure Protection Center is the FBI responding to incidents involving $5,000 or more of loss.

News & Info

• 2600 Magazine is the hacker's quarterly.
• Hacker News Network tracks news of interest to the security-concious.
• ISS X-Force from Internet Security Systems keeps you up-to-date on attacks and viruses.
• RootPrompt.org has interesting articles about Unix and security.
• Security Focus is another news site.
• Senderek, Ralph has tips on PGP and securing "really bad networks".
• Operating Systems
  • BSD Operating System
    • Trusted BSD enhancements for the enterprise to FreeBSD .
  • OpenlySecure.Org focusses on security through open source operating system.
• Lynn Wheeler's Payment, Security and Internet References

Secure Programming

• Executable/Non-Executable spaces
  • The NX bit hacked on Linux
  • Theo DeRaadt's Magic Point presentation on Exploit Mitigation Techniques
    
• Secure UNIX Programming
• Secure Programming for UNIX and Linux
• Writing Safe SetUID Programs

Spam Prevention

• Coalition Against Unsolicited Commercial Email lobbies to extend federal statute 47 USC 227 against junx faxes to apply to junk email.
• FREE is the Forum for Responsible and Ethical Email.
• Mail Abuse Prevention System provides the RBL "Realtime Black hole List" of spam originating sites.
• Network Abuse Clearinghouse has a database of reporting info for reporting spam.
• Spam Recycling Center has tools and tips on pushing back spam.

Tools & Tricks

• American Registry for Internet Numbers
  • WHOIS
• attrition.org offers security news & views.
• cr.yp.to of the Department of Mathematics, Statistics, and Computer Science at the University of Illinois at Chicago, has lots of tools relating to TCP/IP and to network security.
• GNU Privacy Guard is GNU public key encryption.
• Hogwash is a Snort -based packet scrubber.
• Insecure.org is the home of the nmap port scanner.
• ITS4 from Reliable Software Technologies (RST) is an open source, simple tool that statically scans C and C++ source code for potential security vulnerabilities.
• Lance Spitz has whitepapers about defending against black-hat attacks.
• Loki's Home Page is a phrack site.
• l0pht is the premier security phreak's site.
• lsof the lister of all open files on a system is unique and indispensible.
• NetScan scans the Internet for sites whose slack administrators allow their networks to become smurf amplifiers.
• Network Security Library claims to be the "biggest collection of network security information".
• OpenSSH is a free software implementation of the Secure SHell.
• Rijndael Encryption is free and NIST-certified.
• Secure Linux proof-of-concept from the National Security Agency.
• WWW.PORCUPINE.ORG is IBM'er Wietse Venema's site.
  • Mr. Venema is one of the authors of the SATAN security exposure diagnosis tool.
• Rootshell is about how people access machines as root.
• SecureOps shows how to create a VPN on OpenBSD.
• Snort is a lightweight Intrusion Detection System (IDS).
  • Hogwash is a Snort -based packet scrubber.
• Sudo Main Page
• WabiSabiLabi is "aiming to a single moving target: to bring the world closer to zero risk". To that end they are ... auctioning unpublished exploits!? (See also WabiSabiLabi's Blog.)
• Whitehats is a resource to help network and security administrators by offering free software and community support.

Unique

• Cryptome.org claims to be "an archive of spatial and geographic documents on privacy, cryptography, dual-use technologies, national security and intelligence".
  • Especially read John Gilmore's brilliant What's Wrong With Content Protection written in reply to Dr. Ron Rivest.
• Dug Song is a young fellow who participates in the OpenBSD project and has a very nice homepage with valuable computer security information.
• InterNIC is the central source of domain registration info.
• PullThePlug.Com invites you to crack their machines and network, as long as you play nice and tell them how you did it!

Bizarre

• AntiOffline
• Disgraced
• S<R1p7\<!Dd!{}7 (ScriptKiddiot)

Visit Jax Home Page