Appendix B. Security Resources
Throughout the book we've discussed software, documents, and Web sites that will be useful for securing and maintaining your Macintosh system. This appendix provides quick access to some of the most useful resources available for Mac OS X administrators.
Table B.1. URLs for Software or Software Services
| URL | Product |
|---|---|
| http://airsnort.shmoo.com/ , | AirSnort (WEP decryption package) |
| http://www.amavis.org/ | AMaViS ” A mail virus scanner (a program that interfaces sendmail, Qmail, Postfix, and Exim with virus scanners , for Linux, Solaris, *BSD, AIX, and HP-UX) |
| http://www.apache.org/ | Apache (Web server) |
| http://www.apple.com/remotedesktop/ | Apple Remote Desktop (desktop sharing application for Mac OS X and traditional Mac OS) |
| http://www.securityfocus.com/data/tools/arpwatch.tar.Z | Arpwatch (Record ARP activity on your network) |
| http://personalpages.tds.net/~brian_hill/ | BrickHouse (graphical interface for the built-in Mac OS X firewall) |
| http://www.bensoftware.com/ | BTV Pro X (motion detection capture software) |
| http://www.macosxunleashed.com/article.php?sid=2 | CGvirusscan 1.0 (virus scanner interface between CommuniGate Pro and Virex) |
| http://cotvnc. sourceforge .net/ | Chicken of the VNC (a VNC viewer for Mac OS X) |
| http://clamav.elektrapro.com/ | Clam AntiVirus (virus scanner for Unix) |
| http://www.stalker.com/cpro/default.html | CommuniGate Pro (email server for Mac OS) |
| http://ccitt5.net/archive/conflictd.tar.gz | conflictd (Spoofs "here I am" responses to Windows machine network initialization queries requesting the availability status for an IP address) |
| http://preciousgem.dnsalias.com:90/PreciousGem/Corundum/Corundum.html | Corundum (software to steganographically hide textual information in images ”for Mac OS 8.5 or higher, including Mac OS X) |
| http://michel.arboi.free.fr/UKUSA/couic.html | Couic (connection cutting software) |
| http://www.cpan.org/ | CPAN (Comprehensive Perl Archive Network ”a source for everything relating to Perl) |
| http://www.wildpackets.com/products/etherpeek_mac | EtherPeek (network traffic and protocol analyzer for Macintosh) |
| http://ettercap.sourceforge.net/ | Ettercap (multipurpose sniffer/interceptor/logger for switched LAN) |
| http://fink.sourceforge.net/ | Fink (system that ports Unix software to Mac OS X) |
| http://www.gnu.org/ | |
| http://www.fsf.org/ | The GNU Project and the Free Software Foundation (home of such projects as gcc) |
| http://www.pliris-soft.com/products/firewalkx/index.html | Firewalk X (firewall software for Mac OS X) |
| http:// freshmeat .net/ | freshmeat.net (an opensource repository) |
| http://www.f-secure.com/ | F-Secure SSH (SSH clients for Windows and Macintosh; SSH client and server for Unix) |
| http://rsug.itd.umich.edu/software/fugu/ | Fugu (SFTP/SCP/SSH tunneling client for Mac OS X) |
| http://www.gideonsoftworks.com/gideon.html | Gideon (FTP/SFTP client for Mac OS X) |
| http://dreamless.home.attbi.com/ | HenWen (Graphical interface to Snort) |
| http://www. metaobject .com/Community.html#hfstar | hfstar (a GNUtar derivative that supports HFS+) |
| http://pldaniels.com/inflex/ | Inflex (email scanner that can be used to scan for viruses, for Linux, FreeBSD, Solaris) |
| http://www.sustworks.com/site/prod_ipm_download.html | IPNetMonitorX (network monitoring tools) IPNetTunerX (TCP/IP network performance optimizer) IPNetShareX (provides graphical access to Mac OS X's Network Address Translation (NAT)) |
| http://www.arenasoftware.com/grepsoft/ | JellyfiSSH (GUI interface to the ssh command for Mac OS X) |
| http://www.openwall.com/john/ | John the Ripper (password cracking utility for Unix, DOS, Win32, BeOS, and OpenVMS) |
| http://www.iit.edu/~gawojar/ldap/ | LDAP Browser/Editor (Java client for exploring LDAP servers) |
| http://www.nd.edu/~eds/search/ldap_search.shtml | University of Notre Dame's Public LDAP Directory Advanced Search |
| http://www.threenorth.com/LaBrea/ | LaBrea ( watches for incoming ARP requests that go unanswered and spoofs a response) |
| http://www.packetfactory.net/libnet/dist/deprecated/ | libnet (network packet assembly/injection library ”slightly out-of-date version for use with conflictd) |
| http://www.obdev.at/products/littlesnitch/index.html | Little Snitch ( monitors for outgoing connection attempts and enables the user to allow or deny the connection) |
| http://www.macanalysis.com/ | MacAnalysis (Comprehensive set of tools including intrusion detection (via SNORT) and vulnerability scanning) |
| http://macgpg.sourceforge.net/ | Mac GNU Privacy Guard (GPG implementation for Mac OS X) |
| http://macscan.securemac.com/ | MacScan ("Spyware" detector; locates stealth applications running on your system) |
| http://www.macssh.com/ | MacSSH (SSH2 terminal for traditional MacOS ) MacSFTP (SFTP client for traditional Mac OS and Mac OS X) |
| http://www.securemac.com/file-library/Malevolence.sit http://www.msec.net/ | Malevolence (software for dumping an unshadowed version of the NetInfo password database forMac OS X) |
| http://www.messagewall.org/ | MessageWall (SMTP proxy that keeps out viruses, spam, and mail relaying, for Unix with an ANSI C compiler) |
| http://www.roaringpenguin.com/mimedefang/ | MIMEDefang (email filter for Linux that can be used to filter viruses) |
| http://www.opensource.apple.com/cgi-bin/registered/cvs | CVS access to mod_auth_apple (Apache authentication module) |
| http://www.opensource.apple.com/cgi-bin/registered/cvs | CVS access to mod_hfs (Apache HFS+ case-sensitivity fix) |
| http://www.modssl.org/ | _mod_ssl (SSL security for Apache) |
| http://www.lysator.liu.se/~jonasw/freeware/niftyssh/ | NiftyTelnet 1.1 SSH r3 (SSH1 client with SCP capability for traditional Mac OS) |
| http://www. insecure .org/nmap/index.html | NMAP (THE network scanning tool) |
| http://www. symantec .com/nav/nav_mac/ | Norton Anti-Virus |
| http://www.openantivirus.org/ | Open AntiVirus Project (Java-based virus scanner) |
| http://www.openssh.org/ | OpenSSH (SSH client and server for Unix) |
| http://prdownloads.sourceforge.net/osxvnc/ | OSXvnc (an Aqua VNC server) |
| http://www.pgp.com/ | PGP (commercial and free PGP software for multiple platforms) |
| http://www.pgpi.org/ | PGP (free versions of PGP software for mulitple platforms) |
| http://www.pgpi.org/services/keys/keyservers/ | International PGP's keyservers listing |
| http://www.openwall.com/passwdqc/ | pam_passwdqc (PAM password strength checking module for Linux, FreeBSD, Solaris, and HP-UX) |
| http://www.puppysuite.com/ | PuppySuite (hardware/software fingerprint biometric authentication solution for Mac OS X) |
| http://www.kernel.org/pub/linux/libs/pam/modules.html | Linux-PAM modules listing |
| http://www.postfix.org/ | Postfix (drop-in replacement for the sendmail MTA) |
| http://www.chiark.greenend.org.uk/~sgtatham/putty/ | PuTTY (SSH client for Windows) |
| http://personalpages.tds.net/~brian_hill/puzzlepalace.html | PuzzlePalace (encryption software for Mac OS X) |
| http://www.raeinternet.com/rav/ravforosx.html | RAV Anti-Virus for Mac OS X (virus scanner for CommuniGate Pro, SurgeMail, Courier, Postfix) |
| http://rsug.itd.umich.edu/software/radmind/ | Radmind (integrity checking software for Solaris, Mac OS X, FreeBSD, OpenBSD, Linux, includes a GUI for Mac OS X) |
| http://www-stat. stanford .edu/~susan/surprise/Birthday.html | Random Birthday Applet |
| http://www.rbrowser.com/ | RBrowser (FTP/SFTP/SCP/SSH tunneling client for Mac OS X) |
| http://www.opendarwin.org/cgi-bin/cvsweb.cgi/proj/rsync_hfs/ | rsync_hfs (HFS+ aware version of rsync) |
| http://www.samba.org/ | Samba Server (Windows-compatible CIFS/SMB server) |
| http://www.ssh.com/ ftp://ftp.ssh.com/pub/ssh/ | SSH Secure Shell (SSH client for Windows; SSH client and server for Unix) |
| http://projekte.imd.net/ | scan.sh 1.0b1 (mail filtering program for CommuniGate; no longer supported) |
| http://homepage.mac.com/cnorris/ScriptGUI/ | ScriptGUI (software for running shell scripts in the Finder for Mac OS X) |
| http://www.gideonsoftworks.com/sshhelper.html | SSH Helper (GUI interface for configuring OpenSSH on Mac OS X) |
| http://www.vandyke.com/products/ securecrt / | SecureCRT (SSH/SFTP/tunneling client for Windows) |
| http://www.bensoftware.com/ | SecuritySpy (multicamera video surveillance software) |
| http://www.sendmail.org/ | sendmail (mail transport agent) |
| http://sourceforge.net/projects/sendmail-milter/ | Sendmail::Milter (Perl module for writing filters for milter, the mail filter API for sendmail) |
| http://www.bombich.com/software/smd.html | Share My Desktop (an Aqua VNC server) |
| http://www.phil.uu.nl/~xges/ssh/ | SSH Agent (GUI for ssh-agent ) |
| http://sourceforge.net/projects/snort/ | Snort (Packet Sniffer/Logger) |
| http://www. sophos .com/ | Sophos Anti-Virus |
| http://sourceforge.net/ | SourceForge (an open source repository) |
| http://www.opensource.apple.com/projects/darwin/1.0/projects.html | Extra TCP Wrappers files for Mac OS X 10.1 and earlier |
| http://hp.vector.co.jp/authors/VA002416/teraterm.html | Tera Term Pro (Terminal emulator for Windows) |
| http://www.porcupine.org/forensics/tct.html | The Coroner's Toolkit (TCT) (collection of forensics analysis tools) |
| http://www.tightvnc.com/ | TightVNC (an enhanced version of VNC; includes support for automatic SSH tunneling on Unix) |
| http://www.netopia.com/en-us/software/products/tb2/index.html http://www.netopia.com/en-us/support/howtodocs/mac/tcpport.html | Timbuktu (Remote desktop application for Macintosh and Windows) |
| http://tripwire.sourceforge.net/ | Tripwire (integrity checking software) |
| http://www.zip.com.au/~roca/ttssh.html | TTSSH (an extension DLL for Tera Term Pro that allows Terra Term Pro to be used as an SSH1 client for Windows) |
| http://www. versiontracker .com/ | Versiontracker (site that tracks the latest software updates for Mac OS X, traditional Mac OS, Windows, and Palm OS) |
| http://www.mcafeeb2b.com/products/virex/ | Virex (antivirus software for Macintosh) |
| http://www.intego.com/virusbarrier/ | Virus barrier (antivirus software for Macintosh) |
| http://www.realvnc.com/ http://www.uk.research.att.com/vnc/ http://www.uk.research.att.com/vnc/contribs.html | VNC (Virtual Network Computing ”server and client software for multiple platforms) |
| http://www.mdimension.com/ | VNCDimension (a VNC viewer for Mac OS X) |
| http://webthing.net/vncthing/ | VNCThing (a VNC viewer for Mac OS 8.1 or later, including Mac OS X) |
| http://homepage.mac.com/kedoin/VNC/VNCViewer/ | VNCViewer (a VNC viewer for Mac OS X) |
| http://www.geocities.com/tim_senecal/vnc.html | VNCViewer (a VNC viewer in a carbon, noncarbon, and 68k version) |
| http://www.wu- ftpd .org/ | WU-FTPD (FTP server) |
| http://www.landfield.com/wu-ftpd/ | WU-FTPD Resource Center |
| http://xamime.com/ | Xamime (email filter that can establish an interface between a mail transport agent and virus scanners; for Linux, Solaris, or FreeBSD) |
| http://www.xinetd.org/ | xinetd (a more secure replacement for inetd) |
| http://www.cdc.noaa.gov/~jsw/macosx_xvnc/ | Xvnc (VNC server for serving X11 applications from Mac OS X) |
| http://www.zlib.org/ | zlib compression library |
Table B.2. URLs Relating to Physical Security Devices
| Company | URL | Products Manufactured or Sold |
|---|---|---|
| 123 Security Products | http://www.123securityproducts.com/ | Security cameras , time lapse VCRs |
| ADT Security Services | http://www.adt.com/ | Security services |
| Advanced Security Concepts | http://www.mediaprotection.com/ | Media safes; electronic door locks |
| Air Magnet | http://www.airmagnet.com | Handhelds and laptops that can be used to manage wireless networks and identify security and interference issues |
| AnchorPad International | http://www.anchorpad.com/ | Cable locks, plates, entrapments |
| Apple Computer, Inc. | http://www.apple.com/xserve/ | Xserve (rack-optimized server) |
| BTV | http://www.bensoftware.com/ | BTV Pro X (motion detection capture software); SecuritySpy (multicamera video surveillance software) |
| CCTV HQ Network | http://www.cctvheadquarters.net/ | Fake security cameras, security camera systems |
| Champion Lockers | http://www.championlockers.com/ | Lockers |
| Computer Security Systems, Inc. | http://www.computersecurity.com/ | Cable locks, entrapments, plates, alarm systems, tracking systems, enclosures |
| Cutting Edge Products, Inc. | http://www.cuttingedgeproductsinc.com/ | Fake security cameras |
| Federal Security Camera, Inc. | http://fakecam.com/ | Fake security cameras |
| GoLocks.com | http://www.golocks.com/ | Cable locks |
| Kensington Technology Group | http://www.kensington.com/ | Cable locks; alarm unit |
| Kensington Technology Group | http://www.kensington.com/html/1434.html | Laptop security devices |
| Keyware | http://www.keyware.com/ | Biometric building access system |
| Marathon Computer | http://www.marathoncomputer.com/ | Rackmounts |
| Minatronics Corporation | http://www.minatronics.com/ | Fiber optic alarm system |
| Penco Products | http://www.pencoproducts.com/ | Lockers |
| Pentagon Defense Products | http://www.pentagondefense.com/ | Fake security cameras |
| Polaris Industries | http://www.polarisusa.com/ | Security cameras, multiplexors, time-lapse VCRs |
| PUPPY Suite for Mac OS X | http://www.puppysuite.com/ | (Hardware/Software fingerprint biometric authentication solution for Mac OS X) |
| Republic Storage | http://www.republicstorage.com/ | Lockers |
| Secure-It | http://www.secure-it.com/ | Cable locks, entrapments, enclosures, tracking system, alarm system |
| Secureitall.com | http://www.securitall.com/ | Alarm systems for home/business |
| Securityideas.com | http://www.securityideas.com/ | Security cameras |
| SecurityKit.com | http://www.securitykit.com/ | Cable locks |
| Security Tracking of Office Property (STOP) | http://www.stoptheft.com/ | Tracking system |
| Secure Systems Services | http://www.secureservices.com/ | Cable locks, entrapments |
| Targus | http://www.targus.com/ | Alarm units |
| TrackIT | http://www.trackitcorp.com/ | Alarm units |
Table B.3. URLs for Reference Material and Additional Reading
| URL | Article |
|---|---|
| http://www.3com.com/corpinfo/en_US/technology/tech_paper.jsp?DOC_ID=5298 | 3Com Technical Papers Layer 3 Switching: An Introduction |
| http://www.turnpoint.net/wireless/has.html | 802.11b Homebrew Antenna Shootout ”2/14/2 |
| http://attila.stevens-tech.edu/~khockenb/crypt3.html | The Ambitious Amateur vs. crypt(3) or Pondering the Lifespan of Visible Passwords Against Brute-Force Attack |
| http://www.oreillynet.com/cs/weblog/view/wlg/448 | Antenna on the Cheap (er, Chip) |
| http://www.2600.com/news/display/display.shtml?id=378 | Appeal Heard in 2600/DECSS Case |
| http://www. counterpane .com/bfdobsoyl.html | The Blowfish Algorithm ”One Year Later |
| http://www.securityfocus.com/news/925 | BugBear ”Nasty Email Virus |
| http://www.internetnews.com/bus-news/article.php/3_1138351 | Can "Deep Linking" Lead to Deep Trouble? |
| http://www.fbi.gov/hq/lab/carnivore/carnivore.htm | Carnivore Diagnostic Tool (FBI communications-content scanning system) |
| http://csrc.nist.gov/nissc/2000/ proceedings /papers/601.pdf | The Case for Beneficial Computer Viruses and Worms ”A Student's Perspective |
| http://www. mcafee .com/aboutus/bus_dev/retail_users/newsletters/feb2002/classof2001.htm | The Class of 2001 ”Year in Review |
| http://www.securityfocus.com/news/1113 | Clues, Vandalism, Litter Sendmail Trojan Trail |
| http://www.pff.org/encry.html | The Computer Revolution, Encryption and True Threats to National Security |
| http://www.cnn.com/2003/TECH/internet/01/25/internet.attack/index.html | Computer Worm Grounds Flights, Blocks ATMs |
| http://www.counterpane.com/bfsverlag.html | Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish) |
| http://catless.ncl.ac.uk/Risks/13.06.html#subj3 | "Desert Storm " Viral Myths |
| http://grc.com/dos/drdos.htm | Distributed Reflection Denial of Service |
| http://www.distributed.net/des/ | distributed.net: Project DES |
| http://www.salon.com/tech/col/rose/1999/08/12/deep_links/ | Don't Link or I'll Sue! |
| http://www.dontlink.com/ | Don't Link to Us! |
| http://www.eff.org/descracker.html | EFF DES Cracker Project |
| http://www.sirbacon.org/edllibrary.htm | Edwin Durning Lawrence & His Bacon Library |
| http://www.privacyfoundation.org/resources/docbug.asp | FAQ: Document Web Bugs |
| http://www.rsasecurity.com/rsalabs/challenges/factoring/rsa155.html | Factorization of RSA-155 |
| http://www.brainyquote.com/quotes/quotes/b/q118446.html | Famous Quotes: Benjamin Franklin (on security) |
| http://csrc.nist.gov/ publications /fips/index.html | FIPS (Federal Information Processing Standards) Computer Security Resource Center |
| http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf | FIPS Publication 46-3 (Data Encryption Standard (DES)) |
| http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf | FIPS Publication 186-2 (Digital Signature Standard (DSS)) |
| http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf | FIPS Publication 197 (Announcing the Advanced Encryption Standard (AES)) |
| http://www.cnn.com/2003/TECH/biztech/01/25/microsoft.security.ap/index.html | Gates Pledges Better Software Security |
| http://hepcvets.com/ info /2002/mar/hepcvets512.pdf | Gene Repair in the New Age of Gene Therapy |
| http://www.bbsonline.org/Preprints/OldArchive/bbs.neuwelt.html | Gene Replacement Therapy in the Central Nervous System: Viral Vector Mediated Therapy of Global Neurodegenerative Disease |
| http://mitpress.mit.edu/e-books/HP/hyp000.htm | Hypnerotomachia Poliphili |
| http://www.iana.org/ | IANA (Internet Assigned Numbers Authority) |
| http://www.ietf.org/ | IETF (Internet Engineering Task Force) |
| http://www.scambusters.org/Scambusters55.html | Internet ScamBusters ¢ #55 |
| http://sunland.gsfc.nasa.gov/info/guide/The_Internet_Worm.html | The Internet Worm |
| http://www.nwfusion.com/archive/1997/97-07-28____.html | InterNIC Domain Name Registry Rerouting |
| http://www.jjtc.com/pub/nfjidr99.pdf | An Introduction to Watermark Recovery from Images |
| http://info.astrian.net/jargon/terms/h/hacker_ethic.html | The Jargon Dictionary, "hacker ethic " |
| http://catb.org/jargon/ | The Jargon File |
| http://jargon.watson-net.com/ | The Jargon File (mirror) |
| http://www.catb.org/jargon/html/entry/Brooks's-Law.html | The Jargon File: Brooks's Law |
| http://catb.org/jargon/html/entry/cracker.html | The Jargon File: Cracker |
| http://www.catb.org/jargon/html/entry/hacker.html | The Jargon File: Hacker |
| http://www.catb.org/jargon/html/entry/hacker-ethic.html | The Jargon File: Hacker Ethic |
| http://www.catb.org/jargon/html/entry/leech.html | The Jargon File: Leech |
| http://www.catb.org/jargon/html/entry/patch.html | The Jargon File: Patch |
| http://www.catb.org/jargon/html/entry/sneakernet.html | The Jargon File: Sneakernet |
| http://www.catb.org/jargon/html/The-Story-of-Mel.html | The Jargon File: The Story of Mel |
| http://www.catb.org/jargon/html/entry/tiger-team.html | The Jargon File: Tiger Team |
| http://www.catb.org/jargon/html/entry/wizard.html | The Jargon File: Wizard |
| http://news.zdnet.co.uk/story/0,,t281-s2109785,00.html | MS .doc Bug Hibernates on Net |
| http://www.wired.com/news/print/0,1294,43389,00.html | MS May Have File-Trading Answer |
| http://www.cl.cam.ac.uk/ftp/users/rja14/tr500.pdf | The Memorability and Security of Passwords ”Some Empirical Results |
| http://www.privacyfoundation.org/privacywatch/report.asp?id=39&action=0 | Microsoft Word Documents That "Phone Home" |
| http://www.vmyths.com/hoax.cfm?id=123&page=3 | NSA Printer Virus (1991) |
| http://www.nardware.co.uk/honeys/honey1/NardHoney1.htm | Nardware Honeypot Breach |
| http://psyber.letifer.org/downloads/priv/hacker_doc.pdf | A New Hacker Taxonomy |
| http://home.rica.net/alphae/419coal/ | Nigeria ”The 419 Coalition Website |
| http://www.cis.ohio-state.edu/cs/Services/rfc/ | The Ohio State University's RFC Database |
| http://www.securityfocus.com/news/560 | OpenSSH Trojaned! |
| http://ota.ahds.ac.uk/ texts /1855.html | Oxford Text Archive, "The Gold Bug" |
| http://people. qualcomm .com/ggr/about_pgp.html | PGP, Phil Zimmerman, Life, the Universe and so on |
| http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ | PKCS#1 ”RSA Cryptography Standard |
| http://www.securityfocus.com/news/2623 | Program Hides Secret Messages in Executables |
| http://www.ietf.org/rfc/rfc0854.txt | RFC 854 (Telnet Protocol Specification) |
| http://www.ietf.org/rfc/rfc1282.txt | RFC 1282 (BSD Rlogin) |
| http://www.ietf.org/rfc/rfc1321.txt | RFC 1321 (MD5 Message-Digest Algorithm) |
| http://www.ietf.org/rfc/rfc2144.txt | RFC 2144 (CAST-128 Encryption Algorithm) |
| http://www.ietf.org/rfc/rfc2612.txt | RFC 2612 (CAST-256 Encryption Algorithm) |
| http://www.ietf.org/rfc/rfc2828.txt | RFC 2828 (Internet Security Glossary) |
| http://www.rfc-editor.org/rfc.html | RFC Editor RFC Database |
| http://www.cs.princeton.edu/sip/sdmi/riaaletter.html | RIAA/SDMI Letter, April 9, 2001 |
| http://www.rsasecurity.com/rsalabs/faq/ | RSA Laboratories' Frequently Asked Questions About Today's Cryptography, Version 4.1 |
| http://www.moorecad.com/standardpascal/real_programmers.html | Real Programmers Don't Use Pascal |
| http://www.acm.org/classics/sep95/ | Reflections on Trusting Trust |
| http://slashdot.org/features/01/05/03/2043244.shtml | The Rise of Steganography |
| http://www.cs.princeton.edu/sip/sdmi/sdmimessage.txt | SDMI Statement Read by Edward W. Felten at the Fourth International Information Hiding Workshop, in Pittsburgh, on April 26, 2001 |
| http://www.ssh.com/tech/crypto/algorithms.cfm | SSH Communications Security's Cryptographic Algorithms site |
| http://filebox.vt.edu/users/sears/bloated.html | The Scary Secret Behind Bloated Word Documents |
| http://www.computerbytesman.com/privacy/wmp8dvd.htm | Serious Privacy Problems in Windows Media Player for Windows XP |
| http://www.studyworksonline.com/cda/content/explorations/0,,NAV2-76_SEP949,00.shtml | Studyworks! Online: The Birthday Problem (Hash collision statistics) |
| http://home.att.net/~mleary/pennl10.htm | Chapter 10: The Second Cryptographic Shakespeare |
| http://www.exploratorium.edu/ronh/secret/secret.html | The Secret Language |
| http://www.ietf.org/ids.by.wg/secsh.html | Secure Shell (secsh) Working Group of the IETF |
| http://www.trouble.org/survey/ | Security Survey of Key Internet Hosts & Various Semi-Relevant Reflections |
| http://home.att.net/~tleary/sigs.htm | Shakspere's Signatures |
| http://www.snpp.com/episodeguide.html | The Simpsons Archive |
| http://www.spammimic.com/index.shtml | Spam Mimic ( steganographic service that hides short text messages in email that looks like spam) |
| http://www.sans.org/rr/threats/spoofing.php | Spoofing: An Overview of Some the Current Spoofing Threats |
| http://www.ssh.com/support/cryptography/ | SSH Communications Security's Cryptography A-Z |
| http://www.cs.princeton.edu/sip/sdmi/announcement.html | Statement Regarding the SDMI Challenge |
| http://www.jjtc.com/stegdoc/steg1995.html | Steganography |
| http://www.jjtc.com/Steganography/ | Steganography & Digital Watermarking ”Information Hiding |
| http://grc.com/dos/grcdos.htm | The Strange Tale of the Denial of Service Attacks Against GRC.COM |
| http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt | A Stream Cipher Encryption Algorithm "Arcfour" |
| http://www.sirbacon.org/links/evidence.htm | Summary of Baconian Evidence for Shakespeare Authorship |
| http://www.swiss.ai.mit.edu/6805/articles/computer-crime/schwartz-matrix-news.txt | System Administration as a Criminal Activity or, the Strange Case of Randal Schwartz |
| http://icbtollfree.com/pressetc/telephonyarticle10142002.html | Telephony: Spelling Trouble |
| http://www4.law.cornell.edu/uscode/17/ | US Code Collection: Title 17 ”Copyrights |
| http://www4.law.cornell.edu/uscode/17/106.html | US Code Collection: Title 17, Chapter 1, Section 106 |
| http://www4.law.cornell.edu/uscode/17/107.html | US Code Collection: Title 17, Chapter 1, Section 107 |
| http://www4.law.cornell.edu/uscode/17/ch5.html | US Code Collection: Title 17, Chapter 5 |
| http://www4.law.cornell.edu/uscode/17/1201.html | US Code Collection: Title 17, Chapter 12, Section 1201 |
| http://www. snopes .com/business/consumer/cookie.htm | Urban Legends Reference Pages: Business ((Costs a) Fortune Cookie) |
| http://www.snopes.com/inboxer/children/shergold.htm | Urban Legends Reference Pages: Inboxer Rebellion (Craig Shergold) |
| http://vil.nai.com/vil/content/v_99728.htm | W32/Bugbear@MM |
| http://vil.nai.com/vil/content/v_99141.htm | W32/SirCam@MM |
| http://securityresponse.symantec.com/avcenter/venc/data/w97. melissa .a.html | W97.Melissa.A |
| http://www.cl.cam.ac.uk/~fapp2/watermarking/index.html | Watermarking : Weaknesses of Existing Schemes |
| http://www.cnn.com/2003/TECH/internet/02/05/virus.spread.reut/index.html | Worm Spread Worldwide in 10 minutes |
| http://www.kensington.com/html/1355.html | Why Utilize the Kensington Security Slot in Your Designs? |
Table B.4. URLs for Security Practices, Security Announcements, Vulnerabilities, and Ethics
| URL | Content |
|---|---|
| http://www.apple.com/support/security/security.html | Apple Product Security |
| http://www.info.apple.com/ | AppleCare Support |
| http://www.auscert.org.au/ | AusCERT (Australian Computer Emergency Response Team) |
| http://www.securityfocus.com/popups/forums/bugtraq/intro.shtml | BugTraq |
| http://www.cerias.purdue.edu/ | CERIAS (Center for Education and Research in Information Assurance and Security) |
| http://www.cert.org/ | CERT ¢ Coordination Center |
| http://www.cert.org/tech_tips/anonymous_ftp_config.html | CERT ¢ Coordination Center's Anonymous FTP Configuration Guidelines |
| http://www.ciac.org/ciac/ | CIAC (U.S. Department of Energy Computer Incident Advisory Capability) |
| http://cve.mitre.org/ | Common Vulnerabilities and Exposures |
| http://www.eff.org/ | Electronic Frontier Foundation |
| http://www.ethics.org/ | Ethics Resource Center |
| http://www.first.org/ | FIRST (Forum of Incident Response and Security Teams) |
| http://isc.incidents.org/ | InternetStormCenter |
| http:// freaky .staticusers.net/security.shtml | Freak's Macintosh Security Archive ”MacintoshSecurity Issues, Exploits, and Insecurities (covers traditional Mac OS) |
| http://www.macintoshsecurity.com/ | MacintoshSecurity.com |
| http://www.macsecurity.org/ | MacSecurity.org |
| http://vil.nai.com/vil/default.asp | McAfee Virus Information Library |
| http://www.nipc.gov/ | National Infrastructure Protection Center |
| http://www.openssh.com/security.html | OpenSSH's security announcements page |
| http://www.packetstormsecurity.org/ | Packet Storm Security |
| http://www.privacyfoundation.org/ | Privacy Foundation |
| http://www.pff.org/ | The Progress & Freedom Foundation |
| http://www.sans.org/ | SANS (SysAdmin, Audit, Network, Security) Institute |
| http://www.securemac.com/ | SecureMac.com |
| http://www.securityfocus.com/ | SecurityFocus Online |
| http://www.symantec.com/avcenter/vinfodb.html | Symantec Virus Information Database |
Table B.5. Supplemental URLs for Some Vulnerabilties
| URL | Vulnerability |
|---|---|
| FTP | |
| http://packetstormsecurity.nl/advisories/suid/001.txt | SUID Advisory for wu-ftpd |
| http://www.kb.cert.org/vuls/id/2558 | File Transfer Protocol allows data connection hijacking via PASV mode race condition |
| http://www.attrition.org/security/advisory/misc/ infowar /iw_sec_01.txt | FTP PASV "Pizza Thief" Exploit |
| OpenSSH | |
| http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584 | OpenSSH Remote Challenge Vulnerability |
| http://www.openbsd.org/advisories/ssh_channelalloc.txt | OpenSSH Security Advisory (adv.channelalloc) |
| http:// razor .bindview.com/publish/advisories/adv_ssh1crc.html | Remote vulnerability in SSH daemon crc32 compensation attack detector |
| Telnet | |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.v1.1.asc | telnetd contains remote buffer overflow |
 |
| |
| Top |
EAN: 2147483647
Pages: 158