Tools and Resources
Downloads
Linux Wipe Tools: Four shell scripts for securely wiping all data from the swap partition, wiping unused disk space on the root partition, or wiping an entire disk, by Thomas C. Greene. Last updated 11 March 2005.
No Messenger: A batch file that eliminates Windows Messenger and fixes the problem of Outlook Express loading slowly when Messenger is absent, by an anonymous friend of The Register.
FileCheck MD5: A free, simple, lightweight MD5 utility for Windows, courtesy of Brandon Staggs.
Errata: A text file containing my various blunders and ommissions in the book (right-click and "save as," or view as HTML). Last updated 6 May 2005.
Links to Other Goodies
Mozilla: A free, open source Web browser and e-mail client for Linux and Windows, feature rich and far more secure than Internet Explorer and Outlook Express. Recommended for novices.
Firefox: A free, open source, stand-alone Web browser for Linux and Windows. Very light and fast. Recommended for intermediate users.
Thunderbird: A free, open source e-mail and news client for Linux and Windows. Recommended for intermediate users.
GnuPG: Gnu Privacy Guard; a free, open source replacement for PGP, for Windows and Linux.
WinPT: Windows Privacy Tools; a free, open source GUI frontend to GnuPG for Windows.
Bastille: A free, open source security frontend for Linux that will configure packet filtering and tighten up system permissions easily.
Anonymizer: Various services for anonymous Web surfing, e-mail, chat, etc. I recommend their Total Net Shield product, which includes SSH tunneling.
OpenSSH: A free, open source SSH (Secure Shell) client and server for Linux and UNIX.
PuTTY: A free, open source implementation of, and GUI front end to, OpenSSH for Windows.
Speak Freely: A free, open source Internet telephone application for Windows and for Linux that features end-to-end encryption.
Freenet Project: A free, open source P2P networking application revealing the raw underbelly of the Internet, totally uncensored and with decent anonymity features built in, for Windows and Linux. See my vulnerability report before you use it.
Invisible IRC Project (IIP): A free, open source Internet Relay Chat (IRC) proxy implementation that includes anonymizing and encryption features, for Windows and Linux.
Ethereal: A free, open source network traffic analyzer for Windows and Linux. Windows users will need to install WinPcap before installing Ethereal.
Ad-Aware: A free, closed source adware/spyware scanner for Windows.
SpyBot Search & Destroy: Another free, closed source adware/spyware scanner for Windows.
Sam Spade: CGI gateways to numerous online tools, such as whois, traceroute, etc.
SourceForge: A vast repository of open-source software for Windows and Linux. The site can be overwhelming, but it has a search engine to help users locate packages.
GNU Project: The home base of the open source movement. A repository of open source products, chiefly for Linux, but with some attention to Windows systems.
Security Information
About Internet/Network Security: An informative and useful site dealing with computer and Internet security, with reviews of security products and books, practical howtos and tips, and links to numerous tools and information resources, geared toward beginners and intermediate users.
SANS Institute: An educational and research organization with a vast archive of security research documents, news, and advisories, geared toward intermediate and advanced users.
CERT/CC: Computer Emergency Response Team Coordination Center at Carnegie Mellon University. An archive of advisories, statistics, and administrative worst and best practices, geared toward intermediate and advanced users.
NIST CSRC: An archive of security research maintained by the NIST (National Institute of Standards and Technology) CSRC (Computer Security Resource Center). Recommended for advanced users and security professionals.
SecurityDocs: An archive of computer, network, and database security whitepapers. Geared toward security professionals and advanced users.
WindowSecurity: Security and virus news, whitepapers, tutorials, and downloads for Windows users and admins.
FAS: Federation of American Scientists; a site concerned with the social and political implications of technology and security. Not limited to computing.
Attrition: A pleasantly quirky site offering a good deal of security information with a skeptical point of view.
F-Secure virus library: A searchable database of computer viruses.
Sophos virus library: Another searchable database of computer viruses.
Simovits Consulting: A list of ports used by Trojan backdoors and rootkits with brief descriptions.
WinGuides Registry library: A large collection of Windows Registry tips, tweaks, and explanations.
LIiUtilities process library: A large, searchable collection of both malicious and normal Windows processes with brief descriptions.
Computer Bytes Man: A site detailing online privacy threats and political issues connected with technology.
CDT: Center for Democracy and Technology, another site detailing online privacy threats and political issues connected with technology.
EFF: Electronic Frontier Foundation, yet another site detailing online privacy threats and political issues connected with technology.
Vmyths: Scathing criticism of the antivirus industry and media-hyped virus scares.
Consumer Alert: A site dealng with privacy issues, IT politics, and official abuse of technology.
Cryptome: An online repository of government documents and anonymous submissions. Information is not checked for accuracy, by design.
Webopedia: A searchable online dictionary of computer terminology.
Wikipedia: A searchable online encyclopedia. More detailed than Webopedia, and not limited to computing.
Acronym Finder: A searchable online database of acronyms, not limited to computing.
Victoria TelecommunityNet: A glossary of technical terms chiefly related to security, maintained by Rob Slade, one of the better class of security expert.
Risks Digest: An archive of general privacy, security, and safety articles. Not limited to computing.
Searchlores: A delightfully quirky site by the enigmatic Fravia+ filled with vast amounts of security and privacy information, and organized with much personal idiosyncrasy.
Security News
The Register: The most skeptical and perhaps the last fully independent tech news publication. Covers all aspects of the IT industry worldwide, including security and privacy. Shares content with SecurityFocus.
SecurityFocus: Computer and network security are the only topics. Offers news articles, opinion columns, advisories, and technical howtos, ranging from newbie-friendly to advanced. Shares content with The Register.
Wired News: Owned by Lycos, but apparently enjoys considerable editorial independence. Covers all aspects of the IT industry, including security and privacy.
Linux Security: A daily roundup of Linux security stories.
Linux Today: A daily roundup of Linux stories from the press, including security.
FreeOS: News and resources for systems such as BSD and Linux.
Security News Portal: A daily roundup of security news. Ironically, the site appears to be optimized for Internet Explorer, which is the least secure browser available, and displays poorly in Mozilla, which is immensely more secure.
Whitehats: A daily security news roundup.
SecuriTeam: A portal with security news, tools, and separate focus areas for Windows and *nix.
E-mail Lists
The Register: An e-mail roundup of the day's tech stories, including security and privacy. Sign up here.
Counterpane Crypto-Gram: A monthly e-mail newsletter by Bruce Schneier, one of the better class of security expert. Sign up here.
ISN (InfoSec News) from Attrition: A daily e-mail roundup of security news items. Sign up here.
Sans Institute NewsBites: A weekly e-mail roundup of important security news items. Sign up here.
About Network Security: A weekly newsletter from Tony Bradley of About.com, summarizing his daily column. Sign up here.
Politech: An occasional list of news stories and topics concerning Internet privacy, free speech on line, and legislation related to technology, from Declan McCullagh of News.com. Sign up here.
SecurityFocus News: Sign up here.
SecurityFocus Microsoft Security News: Sign up here.
SecurityFocus Linux Security News: Sign up here.
BugTraq: A high-volume mailing list of bugs and exploits geared towards security researchers. Sign up here.
Focus on Microsoft: A high-volume mailing list of bugs and exploits geared towards Windows researchers. Sign up here.
Focus on Linux: A high-volume mailing list of bugs and exploits geared towards Linux researchers. Sign up here.
