Zero-Knowledge Systems - Pentium III Processor Serial Number exploit
Tamper Resistance - a Cautionary Note
This article describes how recent research has found "tamper resistant" technologies to be found wanting. "Smart cards" may claim to provide security; they are really only secure against people that have no technical abilities. Some of the most secure commercial "anti-tampering" technologies can fall prey to attacks that require only sorts of equipment that are commercially (and cheaply) available.
The article further examines what public information is available on the technologies used to protect nuclear weapons from tampering; evidence suggests that in order to protect such devices from tampering fundamentally requires armed guards and extremely serious physical protection.
The conclusion is that commercially available tamper-resistent systems really only resist tampering and reverse engineering done by unknowledgeable attackers.
HP Consulting - Building a Windows NT bastion host in practice
This paper presents a checklist for converting a default Windows NT installation to a bastion host.
A bastion host is a computer system that is exposed to attack, and may be a critical component in a network security system. Special attention must be paid to these highly fortified hosts, both during initial construction and ongoing operation. Bastion hosts can include Firewall gateways, Web servers, FTP servers, Name servers (DNS), Mail hubs and Victim hosts (sacrificial lambs).
Unfortunately, turning the host into a "bastion" results in making the system "inoperable from a management perspective." Once secured, standard tools (e.g. SMS) may no longer be used to manage the system...
An introduction to the security model known as capabilities.
Capability-Based Financial Instruments
An attempt to unify cryptography, object programming, and capability-based operating system research to provide a secure way of managing financial transactions.
The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments
A site focusing on the use of firewalls; a lot of likely-useful links.
Including an essay on Secure Deletion of Data from Magnetic and Solid-State Memory
NTLM (NT / Lan Manager) Authentication is a scheme created by Microsoft that is quite commonly used to set up authentication used to get through NT firewalls.
Information Security: Science, Pseudoscience, and Flying Pigs
This site lists ports and services commonly used for attacks. Could be useful in trying to diagnose what's going on in a port-scanning attack...
As for the notion that open source's usefulness to opponents outweighs the advantages to users, that argument flies in the face of one of the most important principles in security: A secret that cannot be readily changed should be regarded as a vulnerability. | ||
| -- Whitfield Diffie | ||
August 2003 - Submarine Warfare ...
This article likens information security to submarine warfare:
In the new infosec paradigm, the attacker can be anywhere. To defeat him, you'll have to change your thinking--and your tactics.
A "lockpick" suitable for opening cheap padlocks built out of an electric toothflosser.
Here is a fairly typical example of how to use hashing so that the passwords you store in your applications are not vulnerable to capture in plain text form.
3480 Default Passwords from AOH
This represents a large list of default passwords for various hardware and software systems. It can be used either for good or for evil.
A "pranky" approach to people trying to steal your bandwidth; the idea is to give such folks a really strangely filtered view of the Internet, notably involving intercepting HTTP requests and redrawing graphics backwards
DefaultRouter Passwords - The internet's most comprehensive router password database
Could be used for evil or for good.
Assists tracking your mobile device, should it go astray.
Seven Security Policies for the IPv6 Network of the Future - www.enterprisenetworkingplanet.com