Medford Police Department
Medford, Massachusetts USA
Chief Leo A. Sacco, Jr.
 "Quality Policing Through Community Involvement"  

** Springtime Street Sweeping Starting ** Community Policing - Monthly Meetings - Every First WEDNESDAY of the month... for more information call CSU.
Computer: Crime/Security/Crypto/Training Links:
Computer Crime Computer Security Info. Hacker Info.
Privacy Sites SpyWare Privacy Info.
Virus Protection Crypto-Encryption Firewalls

Computer Crime Security & Investigation Training Sites

Computer Crime Info

--------------------------------------------------------------------------------------------

Hacker Information

  • 2600.com - Hacker news quarterly.
  • cult of the dead cow - Hacker news, issues, files.
  • Computer Underground Digest (Cu Digest) - The Cu Digest was a more-or-less weekly digest/newsletter/journal of debates, news, research, and discussion of legal, social, and other issues related to computer culture. Because of editors' time constraints, CuD likely published its last issue in March, 2000. See also, the Computer Underground Digest Archives.
  • Court Banned Citibank PIN Cracking Documents - Vulnerabilities in the cryptographic equipment commonly used to protect the PINs used to identify customers to cash machines. Also see PIN Recovery Attacks (.pdf). Presented by Jolyon Clulow.
  • CyberArmy Headquarters - A group of netizens who believe in a deregulated Internet free from external control. CyberArmy provides tools to assist others who believe in a free Internet Supports Open Source.
  • Cypherpunks - Links to PGP, remailers, rants, various crypto-tools, newspaper clippings, and other things.
  • Def Con - Annual computer underground party for hackers held in Las Vegas, Nevada. People attend to meet others into hacking, hang out with old friends, listen to new speeches or just hack on the network.
  • Denial of Service Project's Trinoo Analysis - Analysis of the DoS Project's "trinoo" (a.k.a. "trin00") master/slave programs which implement a distributed network denial of service tool.
  • DShield-Distributed Intrusion Detection System - An attempt to collect data about cracker activity from all over the Internet.
  • Elliptic Curve Cryptosystem (ECC) Challenge - The challenge is to compute the ECC private keys from the given list of ECC public keys and associated system parameters. This type of problem faces an adversary who wishes to completely defeat an elliptic curve cryptosystem.
  • Freedom to Tinker - Weblog discussing the freedom to understand, discuss, repair, and modify the technological devices you own.
  • Freak's Macintosh Archive - Security hacking, cracking, and warfare for the Macintosh.
  • Hackers.com - Hackers, crackers, phreakers and warez traders.
  • Happy Hacker - Dedicated to good old-fashioned harmless hacking. Computer crime news, updated every 15 minutes.
  • HNC - Reatime news and media and editorials, CDs, booksooks and clothing for hackers and security enthusiasts, utilites, tools, reference material, diagnostic tools or network utilities.
  • Intrusion Detection Pages - Presents information about intrusion detection and intrusion detection research and a hotlist of Internet resources associated with intrusion detection.
  • New Order - Resource for people to help avoid being hacked. Security and exploiting related files and links.
  • Nomad Mobile Research Center - Projects and papers written from the perspective of the unwanted intruder. Research into bugs and holes in commercial networking software. Hacks and cracks.
  • ph.uk - Source of new information for UK hackers and phreakers.
  • SPECTER - SPECTER is a smart honeypot or deception system. It simulates a complete machine, providing an interesting target for hackers to lure them away from the real machines. SPECTER offers common Internet services such as SMTP and FTP which appear perfectly normal to the attackers but in fact are traps for them to mess around and leave traces without even knowing that they are connected to a fake system which does none of the things it appears to do but instead logs everything and notifies the appropriate people. SPECTER can even investigate the originators while they are still trying to break in.
  • Tribe Flood Network Distributed Denial of Service Analysis - Analysis of the "Tribe Flood Network", or "TFN", by Mixter. TFN is currently being developed and tested on a large number of compromised Unix systems on the Internet.

--------------------------------------------------------------------------------------------

Privacy Information

  • Alliance Against Fraud in Telemarketing & Electronic Commerce (AAFTEC) - Formed by the National Consumers League, the oldest nonprofit consumer organization in the U.S., to raise public awareness about fraudulent telephone solicitations. With the increasing use of the Internet and online services for marketing, the Alliance now also focuses on scams in cyberspace.
  • Anonymous Remailer FAQ - A nontechnical overview of "remailers" to help you decide whether to use these computer services.
  • BBBOnline - A wholly owned subsidiary of the Council of Better Business Bureaus. BBBOnLine's mission is to promote trust and confidence on the Internet through the BBBOnLine Reliability and BBBOnLine Privacy programs.
  • Biometrics Catalog - An information service to the biometrics community and potential users of biometric technology.
  • Biometrics Research - Biometrics is a rapidly evolving technology which is being widely used in forensics such as criminal identification and prison security, and has the potential to be used in a large range of civilian application areas. Biometrics can be used to prevent unauthorized access to ATMs, cellular phones, smart cards, desktop PCs, workstations, and computer networks. It can be used during transactions conducted via telephone and internet (electronic commerce and electronic banking). In automobiles, biometrics can replace keys with key-less entry devices.
  • Center for Democracy and Technology (CDT) - Promotes democratic values and constitutional liberties in the digital age. Free speech, data privacy, wiretapping, cryptography, legislation, news. Visit CDT's Wiretap section for information on government surveillance, CDT's popular chart summarizing the rules under which the government can intercept your communications or seize your email; CDT's overview of the FBI's Digital Storm program and law enforcement data networks utilizing the new digital technology to expand government surveillance power; and updated information about the Communications Assistance for Law Enforcement Act (CALEA).
  • Computer Professionals for Social Responsibility (CPSR) - A public-interest alliance of computer scientists and others concerned about the impact of computer technology on society.
  • Conference on Computers, Freedom and Privacy (CFP) - Information of CFP conferences.
  • Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN) - Consumer group opposed to supermarket loyalty and frequent shopper cards. Is Big Brother in your grocery cart?
  • Cookie Central - Dedicated to answering questions about cookies, the kind that are so adept at storing information in visitor browsers.
  • Covert Surveillance Code of Practice - This UK code applies to every authorisation of covert surveillance or of entry on or interference with property or with wireless telegraphy carried out under section 5 of the Intelligence Services Act 1994, Part III of the Police Act 1997 or Part II of the Regulation of Investigatory Powers Act 2000.
  • Cyber-Rights and Cyber-Liberties (UK) - Civil liberties organisation founded to promote free speech and privacy on the Internet.
  • Cypherpunks - Links to PGP, remailers, rants, crypto-tools, news.
  • Electronic Frontier Foundation (EFF) - A non-profit, non-partisan organization working in the public interest to protect fundamental civil liberties, including privacy and freedom of expression in the arena of computers and the Internet. Also see EFF Privacy Now! Campaign.
  • Electronic Privacy Information Center (EPIC) - A public interest research center in Washington, D.C., established to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values. See also:
  • Federal Trade Commission (FTC): Privacy Initiatives - The FTC is educating consumers and businesses about the importance of personal information privacy. Read more about its efforts, what it has learned, and what you can do to protect the privacy of your personal information.
  • Frequently Asked Questions About Data Privacy and P3P - prepared and maintained by Karen Coyle for CPSR.
  • Global Internet Liberty Campaign (GILC) - Members of the coalition include the American Civil Liberties Union, the Electronic Privacy Information Center, Human Rights Watch, the Internet Society, Privacy International, the Association des Utilisateurs d'Internet, and other civil liberties and human rights organizations. Advocates prohibiting prior censorship, free expression, allowing online users to encrypt their communications and information without restriction.
  • IDs -- Not That Easy - Questons about nationwide identity systems.
  • International Biometric Group - Provides technology-neutral and vendor-independent biometric services and solutions to financial institutions, government agencies, systems integrators, and high-tech firms.
  • International PGP Home Page - Download the latest version.
  • Internet Privacy Coalition - Promotes privacy and security on the Internet through widespread public availability of strong encryption and the relaxation of export controls on cryptography.
  • Junkbusters - Self-defense against privacy invading marketing.
  • National ID Cards - Information on national ID cards from EPIC.
  • National ID Cards - Information on national ID cards from Privacy International.
  • National ID Hantai - Anti national ID in Japan.
  • National Identification Schemes (NIDS) and the Fight against Terrorism: Frequently Asked Questions - From Computer Professionals for Social Responsibility (CPSR).
  • Northern Light: Computers & Privacy Special Edition - Links to articles and resources on computer privacy issues.
  • NYC Surveillance Camera Players - "Only someone completely distrustful of all government<BR> would be opposed to what we are doing with surveillance cameras." - NYC Police Commissioner Howard Safir, 27 July 1999.
  • Online Privacy Alliance (OPA) - Supports self-regulatory initiatives that create an environment of trust and foster the protection of individuals' privacy online and in electronic commerce.
  • Onion Routing (OR) - The Onion Routing research project is building an Internet-based system that strongly resists traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routers themselves). It prevents the transport medium from knowing who is communicating with whom - the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network.
  • Opt Out | Get Off the Lists! - This site, run by the Center for Democracy and Technology (CDT), makes it as easy as possible for you to opt-out of having your personal information shared and sold by the companies you interact with.
  • Pew Internet and American Life - Creates and funds original, academic-quality research that explores the impact of the Internet on children, families, communities, the work place, schools, health care and civic/political life.
  • Platform for Privacy Preferences (P3P) Project - P3P enables Web sites to express their privacy practices in a standard format that can be retrieved automatically and interpreted by user agents. P3P user agents allow users to be informed of site practices (in machine- and human-readable formats) and to automate decision-making based on these practices. Users need not read the privacy policies at every site they visit.
  • Privacilla.org - Privacy policy from a free-market, pro-technology perspective. Privacy information and links designed for policy-makers, their staffs, the press, and the interested public.
  • Privacy.org - Daily news, information, and initiatives on privacy.
  • Privacy and Human Rights 2000 - Survey by EPIC and Privacy International that reviews the state of privacy in over fifty countries. The survey examines a wide range of privacy issues including, data protection, telephone tapping, genetic databases, ID systems and freedom of information laws.
  • Privacy and Library Records Update: USA Patriot Act - Informaion on the USA Patriot Act, including the text of the law, analyisis, and further information specific to university, college, and public libraries.
  • Privacy Forum - Includes a moderated e-mail digest for the discussion and analysis of issues relating to privacy (both personal and collective) in the information age. Topics include telecommunications, information and database collection and sharing, and a wide range of other privacy issues, as pertains to the privacy concerns of individuals, groups, businesses, government, and society at large.
  • Privacy Foundation - Workplace surveillance project, legal database, and privacy resources. Educates the public, in part by conducting research into communications technologies and services that may pose a threat to personal privacy.
  • Privacy International (PI) - A human rights group formed as a watchdog on surveillance by governments and corporations. PI is based in London, England, and has an office in Washington, D.C. PI has conducted campaigns throughout the world on issues ranging from wiretapping and national security activities, to ID cards, video surveillance, data matching, police information systems, and medical privacy.
  • Privacy Page - Computer privacy news stories and resources.
  • Privacy Rights Clearinghouse - A nonprofit consumer education, research, and advocacy program.
  • PrivacyExchange.org - Global resource that brings together trans-national and cross-cultural views on privacy and data protection - allowing companies, governments, consumers, experts, and the media to track the emerging global privacy system.
  • Privacylaw.net - News and information about privacy law and policy.
  • PrivacyTimes.com - Designed for professionals and attorneys who need to follow the legislation, court rulings, industry developments and stories that frame the ongoing debate about information privacy.
  • Privaterra - Offers and implements privacy and security technology, technological education and support to ensure workers have the ability to communicate and conduct activities in greater safety against the dangers of spying eyes and ears.
  • Section 215 FAQ - Section 215 of the USA PATRIOT Act allows the FBI to order any person or entity to turn over "any tangible things," so long as the FBI "specif[ies]" that the order is "for an authorized investigation . . . to protect against international terrorism or clandestine intelligence activities." The ACLU provides an overview.
  • security.tao.ca - Information on computer and Internet security, privacy, anonymity, and more. Attempts to answer the many questions that get asked about computer security, particularly as it relates to activists and activism.
  • Stop SEVIS! - The U.S. has enacted a law that will make it mandatory for educational institutions to provide information on it's international students to the INS's Student Exchange Visitor Information System (SEVIS) computer system. SEVIS is a system of racial profiling that singles out and criminalizes international students in the U.S. It requires that schools police international students by providing private student information to the INS, State Department and others. It aims to intimidate them and silence their voices. And if the government is successful in implementing SEVIS, the U.S. will be one step closer to being a police state.
  • Total Information Awareness (TIA) System - The goal of the TIA program is to revolutionize the ability of the United States to detect, classify and identify foreign terrorists - and decipher their plans - and thereby enable the U.S. to take timely action to successfully preempt and defeat terrorist acts. To that end, the TIA program objective is to create a counter-terrorism information system that: (1) increases information coverage by an order of magnitude, and affords easy future scaling; (2) provides focused warnings within an hour after a triggering event occurs or an evidence threshold is passed; (3) can automatically queue analysts based on partial pattern matches and has patterns that cover 90% of all previously known foreign terrorist attacks; and, (4) supports collaboration, analytical reasoning and information sharing so that analysts can hypothesize, test and propose theories and mitigating strategies about possible futures, so decision-makers can effectively evaluate the impact of current or future policies and prospective courses of action.
  • TRUSTe - An independent, non-profit privacy organizations whose mission is to build users' trust and confidence on the Internet.
  • World Wide Web Consortium (W3C) - Leading the World Wide Web to its full potential by developing common protocols that promote its evolution and ensure its interoperability. W3C has more than 400 Member organizations from around the world.

--------------------------------------------------------------------------------------------

PRIVACY SITES

  • Anonymizer, The - Browse the Web through Anonymizer.com's premium or free service using an intermediary to prevent unauthorized parties from gathering your personal information.
  • Cookie Crusher - Cookie Crusher controls cookies in real-time before they are placed on your hard drive.
  • EPIC Online Guide to Practical Privacy Tools - Links to software available on Internet to improve privacy. Snoop proof email, anonymous remailing, surf anonymously, HTML fiter, cookie busters, voice privacy, email and file privacy, web encryption, telnet encryption, disk encrytion, disk/file erasing, privacy policy generators, passwaord generators, PC firewalls and more.
  • HushMail - Free encrypted web-mail.
  • Lucent Personalized Web Assistant - Helps preserve browing privacy. Secures usernames and passwords.
  • Philip Zimmerman & Associates - Home page of the creator of PGP. Buy PGP from Phil Zimmerman.
  • Pretty Good Privacy (PGP) - MIT Distribution Center for PGP (Pretty Good Privacy). Site also provides links to extensive archives of PGP information.
  • Privacy.net - Privacy analysis of your Internet connection and listing of Privacy-Related Software.
  • Program Lock Pro - Lock and unlock any program on your pc so it cannot be used.
  • Public Proxy Servers - A proxy server is a kind of buffer between your computer and the Internet resources you are accessing. Anonymous proxy servers hide your IP address and thereby prevent your from unauthorized access to your computer through the Internet. They do not provide anyone with your IP address and effectively hide any information about you and your reading interests.
  • Stealther - Anonymous Internet surfing.
  • Stop Messenger Service Spam in Windows - You can protect yourself and STOP MESSENGER SPAM by following the instructions provided on this page. This new form of spam is considered by some worse than email spam. That's because to receive a messenger spam you don't need to have an email account, chat client, or Web browser. All you need in order to be spammed is Windows XP, 2000, or NT and an Internet connection.
  • Wetstone Technologies - A developer of internet security, protection, and communication products: Stego Watch, Time Check, Time Lock, DETS, Net Witness, Seeing Stone, SMART Watch.
  • Zero-Knowledge Systems - Provides tools and strategies for protecting individual privacy for the Web, email, chat, and newsgroups.

--------------------------------------------------------------------------------------------

SPY WARE

  • Mikko Technology: KeyKey 2002 - Records keystrokes in a log file and auto-send via email, works in Windows 9x, Me, NT, 2000, and XP.
  • PC Spy - Spy and monitoring shareware for Windows. Runs undetected.
  • Spector Pro - Internet and PC activity recorder. Spector records all web sites visted, all keystrokes typed, all incoming and outgoing e-mails. As frequently as once per second, Spector secretly takes a snapshot of your computer's screen, and allows for easy, VCR-like playback. With Spector, you see exactly what someone else was doing on the Internet. eBlaster records all keystrokes typed, all web sites visited, and records both sides of AOL chat conversations, AOL instant messages, and ICQ chat conversations. eBlaster then e-mails this recorded information to the e-mail address you specify, so that you know what your wife, husband, children and employees are doing, even if you are thousands of miles away.
  • Spychecker - Global database of spyware programs. Enter the name and find out if it's spyware or not. "Spyware" makes periodic use of your Internet connection in the background. While legitimate adware companies will disclose the nature of data that is collected and transmitted in their privacy statement (linked from our database), there is almost no way for the user to actually control what data is being sent.
  • Who's Spying on You - Informative article by Charles Pappas on spyware programs such as WinWhatWhere Investigator, SpectorSoft, and Silent Watch -- and counter programs that can spy on spy programs, like Who's Watching Me?, System Monitor Detector, SpySentry, Anti-keylogger, and SpyCop.

--------------------------------------------------------------------------------------------

Computer Security

  • @stake - Vulnerability advisories, security news, research reports. @stake also provides digital security consulting services.
  • ARIS Analyzer - A free service designed by SecurityFocus to allow participating network administrators to submit suspicious network traffic and intrusion attempts anonymously, for detailed analysis and reporting.
  • Armoring Linux - Covers the basics of securing a Linux box.
  • Armoring Windows NT - A step by step look at how you can best armour your NT box in preparation for a firewall.
  • Attrition.org - Computer security Web site dedicated to the collection, disemination and distribution of information about the industry. They maintain a large catalog of security advisories, cryptography, text files, and denial of service attack information. They are also known for the largest mirror of Web site defacements and their crusade to expose industry frauds and inform the public about incorrect information in computer security articles.
  • Authentica - Provider of information security software that lets businesses and organizations protect intellectual property and sensitive information throughout its lifecycle. Provides a free Web service that lets users securely share valuable digital information and actively control how it is used by recipients after delivery.
  • Backbone Security.com - Focuses on strategic, operational and tactical information security support for federal, state and commercial organizations
  • C4I.org - The acronym C4I stands for "command, control, communications, computers, and intelligence". Links to security-related articles and information. Also see, Erehwon's Strong Cryptography Links on the Internet.
  • Center for Democracy and Technology (CDT): Cyber Security Site - Includes details about Carnivore, the Federal Intrusion Detection Network (FIDNet), and the Cyberspace Electronic Security Act, as well as other areas of interest.
  • Center for Education and Research in Information Assurance and Security (CERIAS) - Perdue University center for multidisciplinary research and education in areas of information security
  • CERT Coordination Center - Starts incident response teams, coordinates teams responding to large-scale incidents, trains incident response professionals, researches security vulnerabilities, system security, and survivability of large-scale networks.
  • CISSP and SSCP Open Study Guides - Dedicated to helping people in achieving their goal of becoming a CISSP (Certified Information Systems Security Professional) or SSCP (Systems Security Certified Practitioner).
  • Common Vulnerabilities and Exposures (CVE) - A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.
  • Computer Incident Advisory Center (CIAC) - CIAC provides on-call technical assistance and information to Department of Energy (DOE) sites faced with computer security incidents. Bulletins, virus database, hoaxes, tools, documents, C-Notes computer security articles, chain letters, operating systems, security resources.
  • Computer Security Group - An informal group of people with similar interests: mainly security, cryptology, and distributed systems.
  • Computer Security Institute (CSI) - Membership organization dedicated to serving and training the information, computer and network security professional - providing education and advocating the importance of protecting information assets. CSI sponsors two conference and exhibitions each year, NetSec in June and the CSI Annual in November, and seminars on encryption, intrusion management, Internet, firewalls, awareness, Windows and more.
  • Computer Security Resources - A selected list of sites that cover the basic issues of computer security prepared by Jane F. Kinkus, Mathematical Sciences Librarian at Purdue University.
  • Computer Security Technology Center (CSTC) - Lawrence Livermore National Laboratory CSTC is composed of security-cleared information security professionals with backgrounds in computer science, information systems, and engineering specializing in awareness, training, and education; Electronic Commerce security; electronic security assessment; firewall and web security; incident response; Internet and Intranet security; intrusion detection; malicious code detection and eradication; network security; policies and procedures; risk management; and system and software engineering.
  • Computerworld Community Services for Security - Security watch service, news, information, forum, and resources provided by Computerworld.
  • Counterpane Internet Security, Inc. - Expert security analysts that can monitor your network for suspicious activities and take immediate action to keep your business running smoothly.
  • CSI Firewall Product Search Center - Information, ariticles for Firewall products, and search engine for comparing different product capabilities. Papers by firewall experts.
  • EDUCAUSE/Cornell Institute for Computer Policy and Law - Provides leadership to colleges and universities in developing technology policies.
  • Electronic Privacy Information Center (EPIC) - EPIC focuses public attention on civil liberties issues, privacy, the First Amendment, and constitutional values.
  • eSecurityOnline.com - An eSecurity venture of Ernst and Young dedicated to providing corporate security professionals with the knowledge and resources needed to help protect their data, applications, operating systems, networks and devices.
  • F-Secure - A leading strategic provider of powerful data security solutions.
  • Firewall.com - Links, resources, news in computer security, encryption, crytography, firewall software, firewall associations.
  • Foundstone - Business-focused security consulting and education solutions.
  • Hacktivismo - An international group of hackers, human rights workers, lawyers and artists that evolved out of The Cult of the Dead Cow (cDc), a publishing and computer security group. We believe that privacy and access to information are basic human rights. Hacktivismo assumes as an ethical point of departure the principles enshrined in the Universal Declaration on Human Rights and the International Convention on Civil and Political Rights.
  • Hicks & Associates, Inc (H&AI) - H&AI provides national security consulting services to government and industry executives.
  • incidents.org (by the SANS Institute) - Working closely with individuals, organizations, and sometimes law enforcement, the SANS Institute is designed this site to promote "threat-driven" information assurance and intelligence. The primary goal is to provide users with a complete and current security intelligence early-warning system.
  • Information Awareness Office (IAO) - The DARPA IAO will imagine, develop, apply, integrate, demonstrate and transition information technologies, components and prototype, closed-loop, information systems that will counter asymmetric threats by achieving total information awareness useful for preemption; national security warning; and national security decision making.
  • Information Security Policies/Computer Security Policies Directory - This directory will help you develop security policies, implement them, manage compliance with them, and audit against them.
  • Information Warfare Site (IWS) - Aims to stimulate debate about a range of subjects from information security to information operations to e-commerce. Emphasis on offensive and defensive information operations. For the latest cyber-threat news visit the INFOCON Threat Centre.
  • InfoSec News - A privately run, medium traffic mailing list that distributes information security news articles from newspapers, magazines, online and other resources.
  • InfoSECURITYnetBASE - Information security resources and CRC Press, publisher of information for the professional and technical communities.
  • Internet Engineering Task Force (IETF) - A large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet.
  • Internet Security Systems (ISS): X-Force - Resource for compter threats and vulnerabilities. Sophisticated Internet security solutions, software and services.
  • Intrusion Detection Pages - Presents information about intrusion detection and intrusion detection research and a hotlist of Internet resources associated with intrusion detection.
  • IP Security Protocol (IPSEC) Working Group - Develops mechanisms to protect client protocols of IP.
  • ITtoolbox Security - News, mailing list, forum, academic and industry articles, and many additional resources relating to computer security.
  • Linux Security - The Linux commuity's center for security.
  • Macintosh Security Site - Devoted to Apple Macintosh security and Mac OS X security.
  • METASeS - Providers networking and e-commerce security solutions and services worldwide.
  • National Infrastructure Protection Center (NIPC) - Located in the FBI's headquarters building in Washington, D.C., the NIPC serves as the U.S. government's focal point for threat assessment, warning, investigation, and response for threats or attacks against its critical infrastructures, including telecommunications, energy, banking and finance, water systems, government operations, and emergency services.
  • National Security Agency (NSC) - Cryptologic organization that coordinates, directs, and performs highly specialized activities to protect U.S. information systems and produce foreign intelligence information. A high technology organization, NSA is on the frontiers of communications and data processing. It is also one of the most important centers of foreign language analysis and research within the U.S. Government.
  • National Security Institute (NSI) Security Resource Net - Industry and product news, computer alerts, travel advisories, a calendar of events, a directory of products and services, and access to an extensive virtual security library.
  • Netegrity - A global e-commerce infrastructure company that provides solutions for securely managing and personalizing business-to-business, business-to-consumer, and Intranet portals.
  • Network Security Library - Hundreds of articles, FAQs, white papers and books on network security, gathered from various sources throughout the industry.
  • New Order - Resource for people to help avoid being hacked. Security and exploiting related files and links.
  • nmap - An open source utility for network exploration or security auditing, designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (ports) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers, and both console and graphical versions are available. Nmap is free software, available with full source code under the terms of the GNU GPL.
  • Nomad Mobile Research Center - Projects and papers written from the perspective of the unwanted intruder. Research into bugs and holes in commercial networking software. Hacks and cracks.
  • NTBugtraq - A mailing list for the discussion of security exploits and security bugs in Windows NT and its related applications.
  • Orange Book - First published in 1983, the Department of Defense Trusted Computer System Evaluation Criteria, (DOD-5200.28-STD) known as the Orange Book is the de facto standard for computer security today.
  • ph.uk - UK Hacking and phreaking resources.
  • Ronald L. Rivest - Professor Rivest, the Webster Professor of Electrical Engineering and Computer Science at MIT, has interests in cryptography, computer and network security, and algorithms. This page houses many of his shorter papers, information on programs at MIT, and various links to other sources of information.
  • RSA Security - Trusted name in e-security, helping organizations build secure, trusted foundations for e-business through its two-factor authentication, encryption and public key management systems.
  • SANS Institute/FBI Top Twenty List - The majority of successful attacks on computer systems via the Internet can be traced to exploitation of security flaws on this list. For instance, system compromises in the Solar Sunrise Pentagon hacking incident and the easy and rapid spread of the Code Red and NIMDA worms can be traced to exploitation of unpatched vulnerabilities on this list. Documentation includes step-by-step instructions and pointers to additional information for correcting these security flaws.
  • Securant Technologies - A leading developer of Internet security software that provides a secure infrastructure for conducting e-business. The company's flagship product, ClearTrust SecureControl, controls user access to Web-based resources including applications, content and transactions.
  • Secure Digital Music Initiative (SDMI) - A forum that brings together more than 180 companies and organizations representing information technology, consumer electronics, security technology, the worldwide recording industry, and Internet service providers.
  • Security Policy Issues - Most of the articles posted here have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large.
  • security.tao.ca - Information on computer and Internet security, privacy, anonymity, and more. Attempts to answer the many questions that get asked about computer security, particularly as it relates to activists and activism.
  • SecurityFocus - Facilitates discussion on security related topics, creates security awareness, and provides the Internet's largest and most comprehensive database of security knowledge and resources.
  • Shields Up! - Without your knowledge or permission, the Windows networking technology which connects your computer to the Internet may be offering some or all of your computer's data to the entire world. Gibson Research Corporation provides this page to check the security of your computer's connection to the Internet.
  • SPECTER - SPECTER is a smart honeypot or deception system. It simulates a complete machine, providing an interesting target for hackers to lure them away from the real machines. SPECTER offers common Internet services such as SMTP and FTP which appear perfectly normal to the attackers but in fact are traps for them to mess around and leave traces without even knowing that they are connected to a fake system which does none of the things it appears to do but instead logs everything and notifies the appropriate people. SPECTER can even investigate the originators while they are still trying to break in.
  • Spyware List - Is the software you are using spying on you?
  • SSH Communications Security - A world-leading supplier of Internet security software for demanding network security solutions.
  • Stay Safe Online - This site is designed to give information needed to secure your home or small business computer. You'll find tips on how to safeguard your system, a self-guided cyber security test, educational materials, and other Internet resources, as well as valuable information from our sponsor organizations.
  • TomCat Internet Solutions - The risk of falling victim to an intrusion whether from a virus, trojan, malicious script, hacker, or the obscure gathering of personal private information increases daily. The goal at this site is to compile a resource of information that will provide every online MS Windows user with the knowledge required to take control of and maintain their own privacy and security over the Internet.
  • Viisage Technology - A world leader in face-recognition technology. Viisage's patented technology, systems integration and software design capabilities provide convenient, non-intrusive, and cost effective identity protection solutions for security and e-commerce applications.
  • WatchGuard - Provider of dynamic, comprehensive Internet security solutions designed to protect enterprises that use the Internet for e-business and secure communications.
  • Windows Security Guide - Security for Windows. Provides information and resources to secure the Windows operating system and networks with details about the latest vulnerabilities and fixes, articles and technical support.

--------------------------------------------------------------------------------------------

Virus Protection

--------------------------------------------------------------------------------------------

Crypto - Encryption

  • Advanced Encryption Standard - Development efforts toward a crypto algorithm for the 21st century.
  • Basic Cryptography Glossary - Maintained by Rick Smith, author of Internet Cryptography.
  • C4I.org - The acronym C4I stands for "command, control, communications, computers, and intelligence". Links to security-related articles and information. Also see, Erehwon's Strong Cryptography Links on the Internet.
  • Center for Democracy and Technology (CDT): Encryption - Information on encryption, legislation, policy, court cases, resources and links.
  • Computer Security Group - An informal group of people with similar interests: mainly security, cryptology, and distributed systems.
  • Counterpane Systems - Links, papers, and newsletter on computer security and cryptography from Bruce Schneier (author of Applied Cryptography).
  • Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design - The Electronic Frontier Foundation (EFF) raised the level of honesty in crypto politics by revealing that the Data Encryption Standard (DES) is insecure. The U.S. government has long pressed industry to limit encryption to DES (and even weaker forms), without revealing how easy it is to crack. Continued adherence to this policy would put critical infrastructures at risk; society should choose a different course. To prove the insecurity of DES, EFF built the first unclassified hardware for cracking messages encoded with it. On Wednesday, July 17, 1998 the EFF DES Cracker, which was built for less than $250,000, easily won RSA Laboratory's "DES Challenge II" contest and a $10,000 cash prize. It took the machine less than 3 days to complete the challenge, shattering the previous record of 39 days set by a massive network of tens of thousands of computers. The research results are fully documented in a book published by EFF and O'Reilly and Associates, entitled Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design.
  • Cryptography A-2-Z - Lists international sources of cryptographic software, information on cryptographic methods, algorithms, and protocols, including encryption, decryption, cryptanalysis, steganography (hiding information), cryptographic softare, tools, information, and assessments about cryptographic methods.
  • Cryptology ePrint Archive - Recent research in cryptology.
  • Cryptography Project - Links to papers that Georgetown University computer science professor Dorothy Denning has authored or co-authored and to other selected documents and web pages.
  • Cryptography Research - Committed to assisting clients and partners in identifying, developing, and implementing cost-effective security solutions. Site contains extensive collection of cryptography resources.
  • Cryptology ePrint Archive - Recent research in cryptology.
  • Cypherpunks - Links to PGP, remailers, rants, various crypto-tools, newspaper clippings, and other things.
  • Data Encryption Techniques - Primer on encryption.
  • Digital Transmission Licensing Administrator (DTLA) - To allow for protected transmission of copy-protected material between digital devices like PC's, DVD Players, and Digital TV's, five companies - Hitachi, Intel, Matsushita (MEI), Sony and Toshiba have prepared the "5C" Digital Transmission Content Protection (DTCP) specification. This site provides informaiton on DTCP.
  • Digital Watermarking World - An international meeting point for scientists, researchers and companies active in digital watermarking.
  • DVD-Copy - Forum for DVD encryption technology.
  • DVD Copy Control Association (DVD CSS) - A not-for-profit corporation with responsibility for licensing CSS (Content Scramble System) to manufacturers of DVD hardware, discs and related products. Licensees include the owners and manufacturers of the content of DVD discs; creators of encryption engines, hardware and software decrypters; and manufacturers of DVD Players and DVD-ROM drives. Electronic Privacy Information Center (EPIC) - EPIC focuses public attention on civil liberties issues, privacy, the First Amendment
  • Elliptic Curve Cryptosystem (ECC) Challenge - The challenge is to compute the ECC private keys from the given list of ECC public keys and associated system parameters. This type of problem faces an adversary who wishes to completely defeat an elliptic curve cryptosystem.
  • FAQs About Today's Cryptography - This FAQ covers the technical mathematics of cryptography as well as export law and basic fundamentals of information security.
  • Firewall.com - Links, resources, news in computer security, encryption, crytography, firewall software, firewall associations.
  • Gallery of CSS Descramblers - This site, through examples, points out the absurdity of the position that source code can be legally differentiated from other forms of written expression.
  • Gnu Privacy Guard
  • GPG DropThing