Saturday, February 23, 2008
Internet Fraud
Phishing We continue to see increasing numbers of fraudulent e-mail messages trying to convince people to visit fraudulent web sites in order to steal their credit card numbers, bank account numbers, E-Bay, PayPal, banking, and AOL account passwords, and other sensitive data. Fraudulent messages pretending to be from local banks, such as SunTrust and BB&T, have also been seen. These scams, being referred to as "phishing" attacks, use e-mail messages made to appear as though they come from banks and other businesses you may trust. The messages contain links leading to malicious web sites that duplicate the business' web sites in almost every detail and that ask for passwords, credit card numbers, and other sensitive information useful to criminals. It is very difficult to tell the difference between an official web site and one set up by criminals to mimic an official one and they are getting more sophisticated. You can view real-life examples of these messages and the fake websites at: http://www.fraudwatchinternational.com/phishing/index.php and http://www.antiphishing.org/phishing_archive.html . The face values of web links in email, web sites, instant messages, and other locations cannot be trusted to make critical decisions such as whether to supply sensitive information or download software on to your computer. They're as useless and as easily forged or disguised as the return address on a post card or the FROM address on an email message. It is best to avoid typing sensitive data (account numbers, passwords, credit card numbers, etc.) into unfamiliar web sites or those led to by links in unexpected or unusual e-mail messages. It is also prudent to avoid clicking links in such e-mail and instant messages especially those that are blatant spam or phishing messages as they sometimes lead to web sites that will infect visiting computers. For the same reason, it is also best to avoid downloading software from such web sites. Use a known good web link and/or verify the message contents over a known good secondary channel (phone number, email address, etc.). If you receive such a message, you may report it to authorities by forwarding the message, preferably with full mail headers, to spam@uce.gov and/or the owner of the site being forged (e.g. abuse@suntrust.com, abuse@ebay.com, or the address supported for this purpose by the organization). A web site ( http://www.lookstoogoodtobetrue.com/ ) promoting Internet fraud awareness has been published with the cooperation of the FBI, U.S. Postal Service, and several other organizations. Carnegie Mellon University has designed a game meant to improve your ability to identify fraudulent web sites. It can be accessed at http://cups.cs.cmu.edu/antiphishing_phil/ . Note that it requires the installation of Adobe Flash. Many people already have this installed. If you install it, it is important to check for security updates as it can leave your computer vulnerable if not properly maintained. http://www.adobe.com/support/security/bulletins/apsb07-12.html http://www.adobe.com/support/security/bulletins/apsb06-11.html http://www.adobe.com/devnet/security/security_zone/apsb06-03.html http://www.adobe.com/devnet/security/security_zone/mpsb05-07.html Identity Theft Help If you typed sensitive information into one of these criminal's web sites it is likely the information you provided will be, or already has been, sold or misused. To limit loss in such a case, review the recommendations at the following web sites after contacting the organization whose site was forged. ID Theft Home ( U.S. Federal Trade Commission ) Identity Theft Victim's Guide ( Privacy Rights Clearinghouse ) Consumer Advice: What To Do If You've Given Out Your Personal Financial Information ( AntiPhishing.org ) Identify Theft Resources ( Privacy Rights Clearinghouse ) Identity Theft and Fraud ( U.S. Department of Justice ) In the past, it has been difficult for a person to freeze credit reporting on themselves. State laws mandating the ability of consumers to request such freezes were spotty ( notably absent in Virginia ) and the credit reporting agencies did not offer the service in states where laws mandated it. Luckily, the credit agencies seem to be responding and are beginning to offer the ability for anyone nationwide to freeze their credit reports ( see this article and this one ). This becomes a useful tool for preventing fraud and the spread of identity theft. Additional phishing information: What you should know about phishing identity-theft scams ( Microsoft Video ) Putting an End to Account Hijacking Identity Theft ( Federal Trade Commision PDF file) Excerpt: "While precise statistics on the prevalence of account hijacking are difficult to obtain, recent studies indicate that unauthorized access to checking accounts is the fastest growing form of identity theft. The FTC has estimated that almost 2 million U.S. adult Internet users experienced this fraud during the 12 months ending April 2004." Special Report on Phishing ( U.S. Department of Justice Criminal Division PDF file) How Not to get hooked by a phishing scam ( U.S. Federal Trade Commission ) Can you tell the difference? MailFrontier Quiz II Washington Post Quiz Phishing in the news: Phishing is Big Business ( eWeek 03/07/2005 ) Phishing Feeds Internet Black Market ( Washington Post 11/18/2004 ) IT Tackles Phishing ( InfoWorld 1/24/05 ) Consumers deluged as fake e-mails multiply - Even experts say telling real mail from phish can be difficult ( MSNBC 01/21/2004 ) What happens to victims ( MSNBC 11/04/2003 ) Fake FBI Site ( MSNBC ) Other Internet Fraud: 419 or Nigerian fraud schemes where you are offered a percentage of a large amount of money for help transferring it. United States Secret Service Alert Information at the University of Pennsylvania Nigeria cracking down on e-scams ( CNN 08/08/2005 ) Nigerian Scams Keep Evolving ( MSNBC 06/10/ 20 05 ) You may forward such messages with full e-mail headers to 419.fcd@usss.treas.gov View Monster.com's safe online job search tips for avoiding identity theft, criminal recruitment, and other threats associated with online job searches Seduced into scams: Online lovers often duped MSNBC ( 07/29/ 20 05 ) Officials: Beware of phantom stock regulators ( ZDNet 07/29/ 20 05 ) Cybercrooks lure citizens into international crime ( USA TODAY 07/11/ 20 05 ) Fake banks lure customers online ( MSNBC 03/03/ 20 05 ) Auction sites being used to sell goods purchased with stolen credit cards ( MSNBC 06/08/ 20 04 ) Scam: Postal Forwarding/Reshipping job aiding criminals ( MSNBC 12/17/ 20 03 ) Beware of Fake Escrow Sites for Internet Financial Transactions ( MSNBC 12/04/ 20 03 ) Online auction scams ( WashintonPost.com 05/03/ 20 03 ) Fraudulent offers of money from Nigeria and other countries for assistance in transferring funds . ( United States Secret Service. Forward received messages to the United States Secret Service at 419.fcd@usss.treas.gov . ) FBI Internet Fraud and Crime Complaint Center Common Mistakes Affecting Our Privacy, Accounts, Computers, and Data Trusting unknown programs Failure to periodically patch defective desktop Windows software at the Windows update site Failure to run and update anti-virus software Treating a computer that accesses sensitive information as an entertainment device Using the same passwords on multiple systems with different levels of sensitivity and risk factor Failure to set passwords on Windows NT, 2000, and XP computers Microsoft File Sharing configuration errors Installing and operating Linux, Windows NT, and Windows 2000 servers without first fixing known defects Failure to back up critical files Poor password choices Unsafe handling of passwords Forgetting to log out of shared computers like those found in labs Trusting unknown computers that may be running malicious software that records keystrokes Failure to assure sufficient resources to maintain servers
Saturday, January 19, 2008
Things to know
Protect your account from unauthorized users
· How to create a strong password?
To create a strong password, you need to use words in combination with string such like @, -, =, +, and such like, together with numbers and capital letter(s). For example, your password is lookme, is a weak password. This one; look+me is good, but Look+Me89 is the best and is considered as a strong password.
Password Strength & Password Security - Microsoft SecurityTest your new password with Password Checker. Click here to check your password strength.
· How to input or type your password in a system that is suspected not to be safe?
Most spyware programs, usually spy key stroke that is key from the keyboard. It records in order, the way the keys are been stroke in (typed in) and store into his database. But with the use of keys like Home and End, you confuse most spyware programs.
For example Look+Me89 is your password to type in this, simply do the following accordingly.
Press e press Home press M press Home press + press Home press k press Home press o press Home press o press Home press L press End press 8 press Home press End press 9
This is the best and final way to securely login without fear. Always use it.
Computer Security
The major technical areas of computer security are usually represented by the initials CIA: confidentiality, integrity, and authentication or availability. Confidentiality means that information cannot be access by unauthorized parties. Confidentiality is also known as secrecy or privacy; breaches of confidentiality range from the embarrassing to the disastrous. Integrity means that information is protected against unauthorized changes that are not detectable to authorized users; many incidents of hacking compromise the integrity of databases and other resources. Authentication means that users are who they claim to be. Availability means that resources are accessible by authorized parties; "denial of service" attacks, which are sometimes the topic of national news, are attacks against availability.
TECS: The Encyclopedia of Computer Securityhttp://www.itsecurity.com/
TECS provide a forum for visitors to seek the opinions of one or several security experts on a broad scope of security questions. Users range from individuals asking about their home computers to students working on projects to IT professionals; TECS's panel of volunteer security experts tend to work for computer or security consulting companies. Questions are sent via listserv to the experts, whose answers are then published, along with the question, on the web site. The site owners request that the experts try to provide balanced answers that do not gratuitously advertise specific products; vendors are free to list full product descriptions in the TECS Security Product Database.
CYBERCRIMEhttp://www.cybercrime.gov/
This site is maintained by the Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Department of Justice; the information available at this site is presented from a legal, rather than technical, perspective. It provides a plethora of information about the various ways computers can be used to commit crimes, how and to whom to report computer crimes, and what to do if you are the victim of computer crime. It includes links to cases, laws, legal issues, and policy issues surrounding hacking, intellectual property infringements, and other online offenses.
Common Vulnerabilities and Exposureshttp://www.cve.mitre.org/
MITRE, a not-for-profit national resource that provides systems engineering, research and development, and information technology support to the government, has created CVE in an attempt to standardize the names of vulnerabilities and other information security exposures. MITRE's goal is to increase data communication across network tools by encouraging software companies and developers to use the common names found at the CVE web site; according to CERIAS, "CVE is the key to vulnerability database compatibility." To date, over 60 major organizations have agreed to make their products and services CVE compliant.
Ethics
Computer and Information Ethics on WWWhttp://www.ethics.ubc.ca/resources/computer/
This site is a subdivision of a website on ethics resources which is maintained by the University of British Columbia's Centre for Applied Ethics. The site provides lists of web sites, as well as lists of electronic and print publications, pertaining to various ethical issues in computing. There is a section on courses in computer ethics, which provides links to online syllabi to classes taught at other institutions, and a list of links to relevant organizations. The breadth of this site is limited, but it's a good place to begin exploring the ethical issues of network computing.
Ethics in Computing{http://ethics.csc.ncsu.edu/}
This site is administered by Dr. Edward F. Gehringer, an NCSU professor in Electrical & Computer Engineering and Computer Science who teaches several undergraduate and graduate classes in computer science and computer ethics. The site organizes computer ethics into a simple hierarchy of topics, starting with basic information on ethics. The articles are not necessarily recent, although many concepts pertaining to ethics may remain constant over time. An interesting feature is the site map, which looks like a real map, which offers a graphical representation of how the concepts are related.
Privacy
EFF Privacy Now! Campaign {http://www.eff.org/Privacy/}
The Electronic Frontier Foundation was founded in 1990 to confront civil liberties issues raised by new technologies. EFF's interest in privacy issues runs the gamut from Internet anonymity and pseudonymity to medical privacy to the privacy risks posed by the nation's post-9/11 increased interest in surveillance, biometrics, and a national identification system. This site goes beyond mere tips and offers a thoughtful analysis of the privacy (and social) consequences of our increasingly automated society. Look for Carabella-an interactive adventure game that illustrates some of the privacy and fair use issues associated with online music shopping.
Privacy Rights Clearinghouse http://www.privacyrights.org/
The Privacy Rights Clearinghouse is a nonprofit consumer advocacy organization. Their web site is full of information on privacy rights in an online environment. The main issues addressed on this site include personal privacy, financial privacy, and identity theft. Information sources include fact sheets covering specific privacy issues, news items and articles about privacy, and transcripts of PRC speeches and testimony from conferences and legislative hearings.
The Privacy Foundationhttp://www.privacyfoundation.org/
The Privacy Foundation's main privacy concerns are data that is collected surreptitiously by companies about web surfers and their browsing habits, and employer surveillance of computer activity in the workplace. Users can sign up for free email delivery of the Foundation's TipSheets and Privacy Watch advisories and commentaries. An interesting free download available at this site is Bugnosis, software which alerts Internet Explorer users to web bugs, tiny or invisible web page graphics that have been encoded to collect information about who is browsing the web page.
Platform for Privacy Preferences (P3P) Projecthttp://www.w3.org/P3P/
The Worldwide Web Consortium, an organization promoting greater interoperability for web technologies, has developed P3P, a proposed standard that allows web sites to state their privacy policies using special keywords so that other P3P-enabled utilities (e.g., web browsers) can interpret them and compare them to a user's privacy preferences. P3P offers users greater control over how their personal information might be used on the Internet by giving them more opportunities to avoid offending sites.
Antivirus
Virus Bulletinhttp://www.virusbtn.com/
Virus Bulletin is a fee-based, monthly magazine that provides information, reviews, and comparisons of antivirus products. The Virus Bulletin website offers the latest virus-related news, description of recent viruses, and monthly prevalence tables of known virus activity. Consumers can see which antivirus products have earned the VB100% award, which is awarded to products that detect all In The Wild Viruses (see WildList Organization, below) in test scans. Of particular practical use are four step-by-step DOS tutorials for recovering from some of the more common problems of virus infection.
The WildList Organization Internationalhttp://www.wildlist.org/
The WildList Organization's mission is "to provide accurate, timely and comprehensive information about 'In the Wild' computer viruses to both users and product developers." "In the wild" viruses are viruses that have been cited by two or more of the organization's panel of computer experts as spreading in the real world and therefore pose a real threat to computers and networks. The WildList is made available free of charge by the organization and is considered a standard against which the effectiveness of antivirus programs is measured. The WildList Organization has retained its independence from any one antivirus developer and encourages all users to find an antivirus vendor and develop a relationship with its customer support service.
F-Secure: Security Information Centerhttp://www.f-secure.com/virus-info/
The self described "industry standard source for up-to-date information on new viruses and hoax alerts," this site provides long, easily readable descriptions and screen shots of known viruses, including their variations, and information on how to recover if you're hit. While F-Secure naturally promote the sale of their commercial products, they also offers a few dozen free downloads to fix specific virus problems. Also of interest are a six-minute video entitled "Virus Summary 2001," an account of the most notable (i.e., destructive) virus attacks of 2001, and a list of tips to avoid those pesky, and increasingly popular, email worms.
Cryptography
Cryptology ePrint Archivehttp://eprint.iacr.org/
The International Association for Cryptologic Research (IACR) is a non-profit scientific organization whose purpose is to further research in cryptology and related fields. IACR's Cryptology ePrint Archive accepts clear and readable submissions from authors which "look somewhat new and interesting," and "contain proofs or convincing arguments for any claims." The archive begins in 1996, and as of this writing, there are 136 articles posted for 2002. While many of the newer articles are available as .pdf files, many files are available in postscript format only.
The International PGP Home Pagehttp://www.pgpi.org/
Pretty Good Privacy (PGP) is a cryptographic device for protecting digital information, including the contents of email messages, developed by Phil Zimmerman in 1991 and distributed as freeware for non-commercial use. The purpose of this web site is to promote the use of PGP worldwide by providing downloads, documentation, FAQs, lists of known bugs, links to web sites, and the latest news and other information about PGP in English and other languages.
Operating System Security
Network Security Library {http://www.windowsecurity.com/whitepaper/}
This is a site providing articles on general network and system security, and no emphasis is placed on any one OS. Due to the large number of articles available on Unix and Windows, these systems have their own links; articles on other operating systems, such as Macintosh or Linux, can be found through keyword searches. Articles come from a variety of sources, including individual submissions as well as published book chapters. Readers are invited to rate articles on a scale of one to ten, and the average score and number of votes are listed with each article title.
Windows Security Guidehttp://www.winguides.com/security/
This site lists security vulnerabilities and fixes for all Microsoft operating systems, as well as for network-related utilities such as MS Internet Explorer and Internet Information Server. Other services include a free newsletter of alerts and updates, and "support forums" for discussion of security topics. There are two levels of membership: the basic free membership allows access to the forums and newsletters, while a fee-based premium subscription option allows access to help files, free downloads, and the ability to turn off advertisements.
Macintosh Security Sitehttp://www.securemac.com/
The Macintosh Security Site contains several informative articles on Macintosh security, and reviews of many security products for Macs and Mac servers. While the site is supported through paid advertisements, the ads are rather unobtrusive. Of interest is the fact the Macintosh Security Site is maintained as the "white side" of Freak's Macintosh Archive, a "hacking" site devoted to announcing and exploiting security vulnerabilities in Macintosh software & utilities.
Linux Securityhttp://www.linuxsecurity.com/
This site is sponsored by Guardian Digital, Inc., an Open Source security company which produces EnGarde Linux products. The site is not used solely to advertise EnGarde products, and other vendors and products are represented through their sponsorship of the site as well as in articles and advisories posted at the site. The News section of the site provides full-text articles, reprinted from a variety of external sources, on a wide range of general and Linux-specific security topics; the Documentation section features numerous practical "how-to" articles. Users can subscribe to free weekly Linux security newsletters and advisories and participate in an online mailing list.
· How to create a strong password?
To create a strong password, you need to use words in combination with string such like @, -, =, +, and such like, together with numbers and capital letter(s). For example, your password is lookme, is a weak password. This one; look+me is good, but Look+Me89 is the best and is considered as a strong password.
Password Strength & Password Security - Microsoft SecurityTest your new password with Password Checker. Click here to check your password strength.
· How to input or type your password in a system that is suspected not to be safe?
Most spyware programs, usually spy key stroke that is key from the keyboard. It records in order, the way the keys are been stroke in (typed in) and store into his database. But with the use of keys like Home and End, you confuse most spyware programs.
For example Look+Me89 is your password to type in this, simply do the following accordingly.
Press e press Home press M press Home press + press Home press k press Home press o press Home press o press Home press L press End press 8 press Home press End press 9
This is the best and final way to securely login without fear. Always use it.
Computer Security
The major technical areas of computer security are usually represented by the initials CIA: confidentiality, integrity, and authentication or availability. Confidentiality means that information cannot be access by unauthorized parties. Confidentiality is also known as secrecy or privacy; breaches of confidentiality range from the embarrassing to the disastrous. Integrity means that information is protected against unauthorized changes that are not detectable to authorized users; many incidents of hacking compromise the integrity of databases and other resources. Authentication means that users are who they claim to be. Availability means that resources are accessible by authorized parties; "denial of service" attacks, which are sometimes the topic of national news, are attacks against availability.
TECS: The Encyclopedia of Computer Securityhttp://www.itsecurity.com/
TECS provide a forum for visitors to seek the opinions of one or several security experts on a broad scope of security questions. Users range from individuals asking about their home computers to students working on projects to IT professionals; TECS's panel of volunteer security experts tend to work for computer or security consulting companies. Questions are sent via listserv to the experts, whose answers are then published, along with the question, on the web site. The site owners request that the experts try to provide balanced answers that do not gratuitously advertise specific products; vendors are free to list full product descriptions in the TECS Security Product Database.
CYBERCRIMEhttp://www.cybercrime.gov/
This site is maintained by the Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Department of Justice; the information available at this site is presented from a legal, rather than technical, perspective. It provides a plethora of information about the various ways computers can be used to commit crimes, how and to whom to report computer crimes, and what to do if you are the victim of computer crime. It includes links to cases, laws, legal issues, and policy issues surrounding hacking, intellectual property infringements, and other online offenses.
Common Vulnerabilities and Exposureshttp://www.cve.mitre.org/
MITRE, a not-for-profit national resource that provides systems engineering, research and development, and information technology support to the government, has created CVE in an attempt to standardize the names of vulnerabilities and other information security exposures. MITRE's goal is to increase data communication across network tools by encouraging software companies and developers to use the common names found at the CVE web site; according to CERIAS, "CVE is the key to vulnerability database compatibility." To date, over 60 major organizations have agreed to make their products and services CVE compliant.
Ethics
Computer and Information Ethics on WWWhttp://www.ethics.ubc.ca/resources/computer/
This site is a subdivision of a website on ethics resources which is maintained by the University of British Columbia's Centre for Applied Ethics. The site provides lists of web sites, as well as lists of electronic and print publications, pertaining to various ethical issues in computing. There is a section on courses in computer ethics, which provides links to online syllabi to classes taught at other institutions, and a list of links to relevant organizations. The breadth of this site is limited, but it's a good place to begin exploring the ethical issues of network computing.
Ethics in Computing{http://ethics.csc.ncsu.edu/}
This site is administered by Dr. Edward F. Gehringer, an NCSU professor in Electrical & Computer Engineering and Computer Science who teaches several undergraduate and graduate classes in computer science and computer ethics. The site organizes computer ethics into a simple hierarchy of topics, starting with basic information on ethics. The articles are not necessarily recent, although many concepts pertaining to ethics may remain constant over time. An interesting feature is the site map, which looks like a real map, which offers a graphical representation of how the concepts are related.
Privacy
EFF Privacy Now! Campaign {http://www.eff.org/Privacy/}
The Electronic Frontier Foundation was founded in 1990 to confront civil liberties issues raised by new technologies. EFF's interest in privacy issues runs the gamut from Internet anonymity and pseudonymity to medical privacy to the privacy risks posed by the nation's post-9/11 increased interest in surveillance, biometrics, and a national identification system. This site goes beyond mere tips and offers a thoughtful analysis of the privacy (and social) consequences of our increasingly automated society. Look for Carabella-an interactive adventure game that illustrates some of the privacy and fair use issues associated with online music shopping.
Privacy Rights Clearinghouse http://www.privacyrights.org/
The Privacy Rights Clearinghouse is a nonprofit consumer advocacy organization. Their web site is full of information on privacy rights in an online environment. The main issues addressed on this site include personal privacy, financial privacy, and identity theft. Information sources include fact sheets covering specific privacy issues, news items and articles about privacy, and transcripts of PRC speeches and testimony from conferences and legislative hearings.
The Privacy Foundationhttp://www.privacyfoundation.org/
The Privacy Foundation's main privacy concerns are data that is collected surreptitiously by companies about web surfers and their browsing habits, and employer surveillance of computer activity in the workplace. Users can sign up for free email delivery of the Foundation's TipSheets and Privacy Watch advisories and commentaries. An interesting free download available at this site is Bugnosis, software which alerts Internet Explorer users to web bugs, tiny or invisible web page graphics that have been encoded to collect information about who is browsing the web page.
Platform for Privacy Preferences (P3P) Projecthttp://www.w3.org/P3P/
The Worldwide Web Consortium, an organization promoting greater interoperability for web technologies, has developed P3P, a proposed standard that allows web sites to state their privacy policies using special keywords so that other P3P-enabled utilities (e.g., web browsers) can interpret them and compare them to a user's privacy preferences. P3P offers users greater control over how their personal information might be used on the Internet by giving them more opportunities to avoid offending sites.
Antivirus
Virus Bulletinhttp://www.virusbtn.com/
Virus Bulletin is a fee-based, monthly magazine that provides information, reviews, and comparisons of antivirus products. The Virus Bulletin website offers the latest virus-related news, description of recent viruses, and monthly prevalence tables of known virus activity. Consumers can see which antivirus products have earned the VB100% award, which is awarded to products that detect all In The Wild Viruses (see WildList Organization, below) in test scans. Of particular practical use are four step-by-step DOS tutorials for recovering from some of the more common problems of virus infection.
The WildList Organization Internationalhttp://www.wildlist.org/
The WildList Organization's mission is "to provide accurate, timely and comprehensive information about 'In the Wild' computer viruses to both users and product developers." "In the wild" viruses are viruses that have been cited by two or more of the organization's panel of computer experts as spreading in the real world and therefore pose a real threat to computers and networks. The WildList is made available free of charge by the organization and is considered a standard against which the effectiveness of antivirus programs is measured. The WildList Organization has retained its independence from any one antivirus developer and encourages all users to find an antivirus vendor and develop a relationship with its customer support service.
F-Secure: Security Information Centerhttp://www.f-secure.com/virus-info/
The self described "industry standard source for up-to-date information on new viruses and hoax alerts," this site provides long, easily readable descriptions and screen shots of known viruses, including their variations, and information on how to recover if you're hit. While F-Secure naturally promote the sale of their commercial products, they also offers a few dozen free downloads to fix specific virus problems. Also of interest are a six-minute video entitled "Virus Summary 2001," an account of the most notable (i.e., destructive) virus attacks of 2001, and a list of tips to avoid those pesky, and increasingly popular, email worms.
Cryptography
Cryptology ePrint Archivehttp://eprint.iacr.org/
The International Association for Cryptologic Research (IACR) is a non-profit scientific organization whose purpose is to further research in cryptology and related fields. IACR's Cryptology ePrint Archive accepts clear and readable submissions from authors which "look somewhat new and interesting," and "contain proofs or convincing arguments for any claims." The archive begins in 1996, and as of this writing, there are 136 articles posted for 2002. While many of the newer articles are available as .pdf files, many files are available in postscript format only.
The International PGP Home Pagehttp://www.pgpi.org/
Pretty Good Privacy (PGP) is a cryptographic device for protecting digital information, including the contents of email messages, developed by Phil Zimmerman in 1991 and distributed as freeware for non-commercial use. The purpose of this web site is to promote the use of PGP worldwide by providing downloads, documentation, FAQs, lists of known bugs, links to web sites, and the latest news and other information about PGP in English and other languages.
Operating System Security
Network Security Library {http://www.windowsecurity.com/whitepaper/}
This is a site providing articles on general network and system security, and no emphasis is placed on any one OS. Due to the large number of articles available on Unix and Windows, these systems have their own links; articles on other operating systems, such as Macintosh or Linux, can be found through keyword searches. Articles come from a variety of sources, including individual submissions as well as published book chapters. Readers are invited to rate articles on a scale of one to ten, and the average score and number of votes are listed with each article title.
Windows Security Guidehttp://www.winguides.com/security/
This site lists security vulnerabilities and fixes for all Microsoft operating systems, as well as for network-related utilities such as MS Internet Explorer and Internet Information Server. Other services include a free newsletter of alerts and updates, and "support forums" for discussion of security topics. There are two levels of membership: the basic free membership allows access to the forums and newsletters, while a fee-based premium subscription option allows access to help files, free downloads, and the ability to turn off advertisements.
Macintosh Security Sitehttp://www.securemac.com/
The Macintosh Security Site contains several informative articles on Macintosh security, and reviews of many security products for Macs and Mac servers. While the site is supported through paid advertisements, the ads are rather unobtrusive. Of interest is the fact the Macintosh Security Site is maintained as the "white side" of Freak's Macintosh Archive, a "hacking" site devoted to announcing and exploiting security vulnerabilities in Macintosh software & utilities.
Linux Securityhttp://www.linuxsecurity.com/
This site is sponsored by Guardian Digital, Inc., an Open Source security company which produces EnGarde Linux products. The site is not used solely to advertise EnGarde products, and other vendors and products are represented through their sponsorship of the site as well as in articles and advisories posted at the site. The News section of the site provides full-text articles, reprinted from a variety of external sources, on a wide range of general and Linux-specific security topics; the Documentation section features numerous practical "how-to" articles. Users can subscribe to free weekly Linux security newsletters and advisories and participate in an online mailing list.
Subscribe to:
Posts (Atom)