The Art of Deception : Controlling the Human Element of Security Exploiting Software : How to Break Code Computer Security: Art and Science Hacking Exposed (TM) Web Applications Inside Network Perimeter Security: The Definitive Guide to Firewalls, Virtual Private Networks (VPNs), Routers, and Intrusion Detection Systems Java Security (2nd Edition) Cryptography and Network Security: Principles and Practice (3rd Edition) Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management Steal This Computer Book 3: What They Won't Tell You About the Internet

• Security Training Home.
• IHS Information Security Policy.
• For questions or comments about this site, please contact the Security Awareness Team. ...
• Computer Security Awareness Training .
• The Computer Security Act requires that all U. ... Government personnel who use computers, as part of their work activities, complete training on computer security awareness. ... When you are finished, click on the "Security Awareness Training Certification" link to register your compliance with the Computer Security Act. ...
• Information Security Basics .
• Personal Computer (PC) Hardware and Software .
• Security References .
• For help or to submit comments, contact the Security Awareness Team .
• JavaScript enabled browser required to use the security portion of this application.

• ON COMPUTER AND NETWORK SECURITY.
• TABLE OF CONTENTS About Netsurfer Focus The Only Safe Computer is a Dead Computer Good Housekeeping Open Sesame Into the Labyrinth The Little Black Bag Great Walls of Fire Kerberos Much Ado About Satan Into the Soup - the Alphabet Soup Follow the Rainbow A Tale of Two Securities Hacker, Cracker, Phracker, Spy Confessions of an International Arms Courier Information at Your Fingertips From Screen Worship to Sun Worship Dangling Pointers .
• THE ONLY SAFE COMPUTER IS A DEAD COMPUTER The three tradeoffs .
• Life is full of tradeoffs and computer security is no different. ...
• The only safe computer is a dead computer. ... So the extent of computer safety or security is always a tradeoff between putting the computer to use and restricting its misuse and abuse. ...
• The time and money you spend on securing your computer has to be weighed against the likely loss if it is broken into or damaged; e. ...
• As you design or modify your computer and network security, think about how you want to use your systems and what you stand to lose if security is compromised. ...
• The same is true of computer and network systems. Securing your computer system means security of the software and hardware, trustworthiness of the people who use and manage it, and reliability of the procedures for using and managing the system. ... But when you are evaluating the security of your system, don't forget to consider the other components. ...
• A malfunctioning sprinkler system in the computer room, a magnitude 6. ... Also, don't count on your computer to come out of the box with its security mechanisms set up correctly for you. ...
• The bottom line: It really is housekeeping, and it really is up to you what kind of a computer house you keep. ...
• The whole idea of security is tied to who can have access to what. ... Multiuser computer systems, like Unix, usually have a hierarchy of personages, each with different access privileges. ...

• Leonard Adleman Leonard Adleman (born December 31, 1945) is a noted theoretical computer scientist and professor of computer science and molecular biology at the University of Southern California. ... RSA is now ubiquitous in security applications, including digital signatures. ...
• For his contribution to the invention of the RSA cryptosystem, Adleman was a recipient along with Ron Rivest and Adi Shamir of the 2002 ACM Turing Award, often called the Nobel Prize of Computer Science. ...
• Fred Cohen, in his 1984 paper, Experiments with Computer Viruses has credited Adleman with coining the term "virus". ...

• The act was prevalent in the 1980s due to lax security; when corporations became aware of the need for increased security (in the early 1990s), sensitive documents were shredded before being placed in dumpsters. ...
• The term is also used for the retrieval of useful items (not necessarily computer-related) from dumpsters, trash cans, curbsides, or similar places where discarded items can be found. ...
• Dumpster Diving: The Advanced Course by John Hoffman (brings dumpster diving into the computer era) Paladin Press 2002; ISBN 158160369X .

• Of all his work, the most well-known is the second of his six principles: the principle that the security of a cryptosystem must depend only on the key and not on the secrecy of any other part of the system. ...
• For computer security systems, a determined attacker might be able to run your software under control of a debugger or probe your hardware in various ways until he finds out in detail how it works. Kerchoffs' law is the argument that cryptography should be secure even against an opponent who has done such things, or alternatively, that security by obscurity is insufficient in cryptography. ...

• Cryptanalysis (from the Greek kryptós and analýein, "to loosen" or "to untie") is the study of methods and techniques for recovering information from encrypted material (produced by ciphers or codes), without knowledge of the key or codebook, or more generally, any attack on a cryptographic scheme that attempts to bypass a security measure. ...
• Often the cryptanalyst either will know some of the plaintext or will be able to guess at, and exploit, a likely element of the text, such as an encrypted letter beginning with "Dear Sir" or a computer session starting with "LOGIN:". ...
• company, and several others designed secure electronic mail and computer-networking schemes based on the algorithm. ...
• In 1980 one could factor a difficult 50-digit number at an expense of 1,000,000,000,000 elementary computer operations (ie, add, subtract, shift, and so forth). ... Computer speeds may be confidently expected to continue to increase. ...
• The security of two-key cryptography depends on mathematical questions in a way that single-key cryptography generally did not, and conversely equates cryptanalysis to mathematical research in a new way. ...

• Trusted computing is a proposal to increase the security of the PC with new abilities provided by new hardware and software. But these new abilities come at a high cost: they allow people you interact with to make your computer do things you don't want it to do. However, a simple change could give us the additional security of trusted computing without losing control over your computer. ...
• Trusted computing architects, however, claim that the name means that a computer can be trusted as to its hardware/software configuration. This is a requirement to see this computer as a trusted client. ...
• Secure input and output (I/O) provides a secure path between your computer and devices like your keyboard and screen. ...
• For example, if you keep a private diary on your computer, you wouldn't want other programs or other computers able to read it. ... ) Even if your diary was protected by a password, the virus could try each password in turn -- on a modern computer, this is pretty fast. ... With sealed storage, the diary is securely encrypted so that only the unmodified diary program on your computer can read it. ...
• Remote attestation allows changes to your computer to be detected by you and others. That way, you can avoid having private information sent to or important commands sent from a compromised or insecure computer. ... The user can present this certificate to a remote party to show that their computer hasn't been tampered with. ...
• The problem with trusted computing is that the security features which protect your computer from viruses and attackers, also protect the computer from you! This makes new anti-competitive and anti-consumer techniques possible, hurting people who buy trusted computers. ...
• This use of remote attestation has nothing to do with increasing security, the stated goal of trusted computing, and only serves other motivations. ...
• For example, if you upgrade computers, sealed storage can prevent you from moving all your music files to your new computer -- instead, you could be forced to buy all the songs again. ...
• Even though you saved the original article on your computer, the software would refuse to let you view it once a change had been announced. ...

• Security .
• There are three main problems with Telnet, making it a bad choice for modern systems from the point of view of security: .
• In environments where security is important, such as on the public Internet, telnet should not be used. ...
• SSH provides all functionality present in telnet, with the addition of strong encryption to prevent sensitive data such as passwords from being intercepted, and public key authentication, to ensure that the remote computer is actually who it claims to be. ...
• Experts in Computer Security, such as SANS, and the members of the comp. ... security newsgroup recommend that the use of Telnet for remote logins should be discontinued under all normal circumstances. ...
• When telnet was being developed in the early 1980s (according to some sources in 1969), most users of networked computers were in the computer departments of academic institutions, or at large private and government research facilities. In this environment, security was not nearly as much of a concern as it became after the bandwidth explosion of the 1990s. ...

• Computer virus.
• In computer security terminology, a virus is a piece of program code that, like a biological virus, makes copies of itself and spreads by attaching itself to a host, often damaging the host in the process. The host is another computer program, often a computer operating system, which then infects the applications that are transferred to other computers. ...
• There are a few relatively "harmless" viruses that have been written to perform a simple task (such as flashing a single message onto the user's computer screen). A small percentage of viruses are the result of computer code that operates in an unexpected manner, but the majority of viruses are programs deliberately written to interfere with, or damage, other programs or computer systems. ...
• The term "virus" was first used in this sense in print by Fred Cohen in his 1984 paper Experiments with Computer Viruses, where he credits Len Adleman with coining it. ... was One, includes a description of a fictional computer program called "VIRUS" that worked just like a virus (and was countered by a program called "ANTIBODY"); and John Brunner's 1975 novel The Shockwave Rider describes programs known as "tapeworms" which spread through a network for the purpose of deleting data. The term "computer virus" with current usage also appears in the comic book "Uncanny X-Men" No. ...
• A program called "Elk Cloner" is credited with being the first computer virus to appear "in the wild" -- that is, outside the single computer or lab where it was created. ...
• The predominant destructive effect of viruses is their uncontrolled self-reproduction, which wastes or overwhelms computer resources. ...
• A bomb is mostly located at the beginning of the virus, and it might for example try to erase all files on the computer at a certain date, like on any friday that happens to be at the 13th day in any month. ...
• Before computer networks became widespread, most viruses spread on removable media, particularly floppy disks. ... Some viruses spread by infecting programs stored on these disks, while others installed themselves into the disk boot sector, ensuring that they would be run when the user booted the computer from the disk. ...
• At bootstrap the computer runs the code located in the boot sector, which has been replaced by virus-code. ...
• Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit software bugs in a system or application to spread. ...
• Closed-source software development as practiced by Microsoft and other commercial software companies is also seen by some as a security weakness. Open source software such as Linux, for example, allows all users to find and fix security problems without relying on a single vendor. ...

•   About > Computing & Technology > Internet/Network Security > Comp Security 101 .
• Internet/Network Security.
• · Free Computer Security Class.
• · Security Alerts and Bulletins.
• Security Blogs.
• General Security.
• Security FAQ.
• Wireless Security.
• Email Security.
• Mac Security.
• Linux Security.
• Computer Security 101.
• This Subject contains links to all ten of the articles from the 10-part series titled Computer Security 101. Computer Security 101 walks a user through a basic understanding of the acronyms and technology and the how's and why's of securing their computer.
• Free Computer Security 101 Class.
• If you are totally confused by the technology, terminology and acronyms associated with information security this class is for you. ...

• Computer bug.
• A computer bug is an error, flaw, mistake or fault in a computer program which prevents it from working correctly. ... It is said that there are bugs in all useful computer programs, but well-written programs contain relatively few bugs, and these bugs typically do not prevent the program from performing its task. ...
• 5 List of computer bugs.
• 6 Common types of computer bugs.
• In some operating systems, such as Microsoft Windows, crashing or freezing programs may render the computer unusable until it is rebooted (see blue screen of death. ) Other bugs lead to security problems; for example, a common type of bug called a buffer overflow may allow a malicious user to execute a new program that is normally not allowed to run. ...
• In 1996, the European Space Agency's prototype Ariane 5 rocket was destroyed less than a minute after launch due to a bug in the on-board guidance computer, costing over US$1 billion. ...
• Photo of first computer bug.
• Invention of the term is often erroneously attributed to Grace Hopper, through an anecdote that tells of a malfunction in an early electromechanical computer. ...
• Some bugs arise from simple oversights made when computer programmers write source code carelessly or exceed their hrair limit. ... Other bugs arise from unintended interactions between different parts of a computer program. This happens because computer programs are often complex, so that programmers are unable to mentally keep track of every possible way in which different parts can interact. ...
• The computer software industry has put a great deal of effort into finding methods for preventing programmers from inadvertently introducing bugs while writing software. ...
• Finding and fixing bugs, or "debugging", has always been a major part of computer programming. ... As computer programs grow more complex, bugs become more common and difficult to fix. ...

• The range was first introduced by Microsoft in 1985 and eventually came to dominate the world personal computer market. ...
• 4 Security.
• The Windows desktop has produced a significant change in the way people and computers interact; it is possible to perform many common tasks with very little computer knowledge, including some quite complex ones. ...
• Modern operating systems need to cater for the vastly increased user base with a lower average computer skill level and the increased power and complexity of modern computer systems. Therefore, some technically savvy users accuse the Windows interface of isolating the user from too much of the inner workings of the computer, making it more difficult to control and configure some system features. ...
• Security.
• Security has been a major issue with Windows family products for many years. Most modern operating systems were designed for security in a multi-user and/or networked environment and have a relatively small number of security issues. Windows was originally designed for ease-of-use on a single-user PC without a network connection, and did not have security features built in from the outset. ...
• Microsoft publicly admitted their ongoing security problems shortly after the turn of the century and (according to their press statements) now regard security as the number one priority. ...
• Microsoft releases security patches through its Windows Update service approximately once a month, although critical updates are made available at shorter intervals. ...
• Microsoft introduced a new security initiative called Palladium in 2001. ...

• In computer security, Authentication is the process by which a computer, computer program, or another user attempts to confirm that the computer, computer program, or user from whom the second party has received some communication is, or is not, the claimed first party. ...
• A computer system supposed to be used only by those authorized must attempt to detect and exclude the unauthorized. ...
• No computer, computer program, or computer user can 'confirm the identity' of another party. ...
• controlling a remote computer over the Internet. ...
• In a purely computer data context, cryptographic methods have been developed (see digital signature and challenge-response authentication) which are currently not spoofable if the originator's key has not been compromised. ...

• Instead of using plain-text socket communication, HTTPS encrypts the session data using either a version of the SSL (Secure Socket Layer) protocol or the TLS (Transport Layer Security) protocol, thus ensuring reasonable protection from eaves-droppers, and man in the middle attacks. ...
• Computer security, .

• View all security advisories.
• Symantec Security Response is currently tracking two threats. ...
• Symantec Security Response has also posted a tool to remove infections caused by W32. ...
• Online Virus and Security Check.
• Security Updates:.
• Symantec Enterprise Security Manager (Apr 13).
• Symantec Gateway Security (Feb 18).
• Security Database.

• This is a very strong notion of security, and implies that one-time pads are secure even against cryptanalysts with infinite computational power. Also, they are one of very few cryptosystems which can be implemented on a deterministic computer which would provably survive an affirmative solution of P vs. NP, one of the central outstanding unsolved problems of computer science. ...
• The "hot line" from the White House to the Kremlin during the Cold War reportedly used a one time pad; this line was used so infrequently that pad exhaustion was a minor concern relative to providing the necessary security. ...
• The information-theoretic security of one-time pads is wholly dependent upon the randomness (or unpredictability) and secrecy of the key pad material. ... No stream cipher has the absolute, information-theoretical security of a one-time pad, although there exist stream ciphers which (so far) appear to be unbreakable in practice without access to the key. ...
• An especially insecure approach is to use any of the random number generators that are distributed with most computer programming languages and in operating system call libraries. ...
• Though cryptographically secure pseudo-random number generators exist that serve as the basis for computationally secure stream ciphers, even these do not provide the information-theoretic security of a one-time pad. ...
• If so, one-time pads offer the best possible security of any encryption, anywhere and under any circumstances. ...

• The stated aim is to fix the problems of current computer insecurity, and to create new kinds of distributed applications, where each component can know and trust the operation of other parts of the system, even when they are running on remote computers. ...
• Opponents characterise it as an attempt to control the market for computer hardware and software, thus entrenching and extending Microsoft's existing desktop computer operating system and software monopoly. ... They further fear that the Palladium platform will eventually control all aspects of computer operation, including web browsing and e-mail. ...
• Simultaneously, the NGSCB Security Support Component, SSC, takes and records a hash of the Nexus. ...
• This inherently supports DRM as well as a wide range of other security based applications. ...
• Simon Conant, a 'security expert' (quoted verbatim from the source article, the UK Metro) working for Microsoft said "We need to go back to the drawing board with a brand new architecture for the PC". ...
• A conspiracy theorist view on this is that Microsoft have deliberately left the flaws in Outlook/Outlook Express so that an email virus can cripple a computer and Microsoft can then announce NGSCB as the saviour. ...
• Register story: MS security patch EULA gives Billg admin privileges on your box .

• Wireless networks also give users greater mobility freeing individuals from the need to be stuck at a computer tied to the wall. ...
• Some experiments have been carried out to allow computer networking over distances of several miles or more (though such placement is not unusual for cellular systems). ...
• Another issue with wireless access in genral is the need for security. ... This was usually not much of a problem, though, since many businesses had reasonably good physical security. However, the fact that radio signals bleed outside buildings and across property lines means that the physical security aspect is not as much of a deterrent. ...
• In response, several new security technologies have emerged. ... Many access points incorporate Wired Equivalent Privacy encryption, but that has been decried by many security analysts as not quite good enough (one common complaint is: "Wired Equivalent Privacy isn't"). ... 1x, which promises to enhance security on both wired and wireless networks. ...

• Network Security Degree.
•  Other Security Forums? .
• Hacking Linux Exposed: Linux Security Secrets & Solutions (Second Edition) Author(s): Brain Hatch & James Lee Website: http://www. ...
• We have 8356 registered users :: The newest registered user is coolbytesOur users have posted a total of 62560 articles within 9713 topicsIn total there are 42 users online :: 2 Security Fans, 0 Stealth Security Fans and 40 Interested OnlookersRegistered Security Fans: ao, dumguy View complete list of who is online. ...
• x © phpBB GroupDesign, Content and Customisation © 2002-2003 Security Forums Dot Com.

• R and Shimgapi, is a computer worm affecting Microsoft Windows. ...
• Several security firms have published their belief that the worm originated from a professional underground programmer in Russia. ...
• This theory has, however, been rejected by security researchers. ...
• Mydoom was named by Craig Schmugar, an employee of computer security firm McAfee and one of the earliest discoverers of the worm. ...
• Computer security companies report that Mydoom is responsible for approximately one in ten e-mail messages at this time. ...
• SCO Group's site was allegedly the target of several distributed denial of service attacks in 2003 that were unrelated to computer viruses. ...
• B also blocks access to the websites of over 60 computer security companies, as well as pop-up advertisements provided by DoubleClick and other online marketing companies. ...
• The spread of MyDoom peaks; computer security companies report that Mydoom is responsible for roughly one in five e-mail messages at this time. ...
• Computer security firm mi2g names Mydoom the worst malware ever, having caused nearly $40 billion in economic damage. ...
• Notable computer viruses and worms .

• A buffer overflow is a type of computer bug. ...
• 1 Buffer overflows and computer security.
• Buffer overflows and computer security.
• Buffer overflow bugs are frequently security vulnerabilities. A program which takes advantage of a vulnerability to subvert another program's security is called an exploit. ...
• Known to be the open source operating system that is concerned most with security. ...
• Some Linux distributions use Executable Space Protection and Stack Smash Protection as part of a security effort to stave off crackers and increase security without imposing complicated systems that get in the users' way. ...
• The Hardened Gentoo project, a subproject of the Gentoo distribution of Linux focused on security, uses Stack Smash Protection and PaX at its heart. ...
• computer security?) .
• Even after this incident, buffer overflows were virtually ignored as security issue. Later, in 1995, Thomas Lopatic independently reinvented the buffer overflow and published his findings on the Bugtraq security mailing list, which caused a wave of new security relevant buffer overflows to be found. ...
• computer security .

• Microsoft has raised the severity rating of an Outlook flaw to "critical," the highest level, after its initial analysis was challenged by the researcher who found the security hole. ...
• Security product to strike back at hackers.
• Symbiot, a Texas-based security company, plans to release a corporate defense system that fights back against distributed denial-of-service and hacker attacks by launching counterstrikes. ...
• Security vendor VeriSign is expected to announce on Tuesday that it has landed a multiyear contract with U. ... Bancorp, its second major deal in less than a year to manage security services for a large financial institution. ...
• Adrian Lamo, a white hat hacker who pled guilty to accessing The New York Times computers without permission, agreed to share what he knows about some of the common IT security slips network administrators make. ...
• Security researchers have discovered that the authors of MyDoom and Bagle are exchanging insults with the author of NetSky, using text hidden inside their virus code. ...
• SECURITY DSA 461-1 New calife packages fix buffer overflow (Linux) .
• RHSA-2004:075-01 Updated kdelibs packages resolve cookie security issue (Linux) .
• SECURITY DSA 460-1 New sysstat packages fix insecure temporary file creation (Linux) .
• SECURITY DSA 459-1 New kdelibs, kdelibs-crypto packages fix cookie traversal bug (Linux) .
• 003 OpenPKG Security Advisory (libxml) (Linux) .
• CGI/Web security.
• e-mail security & utils.
• Macintosh security.
• Novell security.

• As will be discussed below, there is a trend in the popular press to use the term to describe computer criminals (which some call crackers), and others, whose actions run afoul of various governments. This trend annoys some old-school computer/technology enthusiasts, although not all old-school hackers - some of them, like Steve Wozniak, hacked regardless of whether their activities were legal or illegal. ...
• In the nascent computer culture of the 1960s, the unavoidable analogy to "hacking" programs was the already-established counter-culture practice of chopping Harley-Davidsons in Southern California: taking them apart and "chopping" their frames, improvising to make them lower, sleeker, faster, hotter than their uncustomized "stock" originals. ...
• Computer culture at MIT developed when members of the Tech Model Railroad Club started working with a Digital Equipment Corporation PDP-1 computer and applied local model railroad slang to computers. In modern computer culture, the label "hacker" is a compliment, indicating a skilled and clever programmer. ...
• Someone who (usually illegally) attempts to break into or otherwise subvert the security of a program, system or network, sometimes with malicious intent. ...
• Someone who attempts to break into systems or networks in order to help the owners of the system by making them aware of security flaws in it. ... Many of these people are employed by computer security companies, and are doing something completely legal; and many were formerly hackers within sense 2. ...
• "Script kiddie" is reserved for a computer user of little or no skill who simply follows directions or uses a cook-book approach without fully understanding the meaning of the steps they are performing. ...
• "h4x0r" (pronounced Hacks-Or) is a script kiddie in the context of a computer game (i. ...
• Corporate programming environments typically favor only either the good hackers or the careful computer scientist. ...
• The popular press has been known to use the terms "hacker" and occasionally "cracker" for someone who attempts to break into or otherwise subvert the security of a system or network. ...
• Snooper -- Applications that capture password and other data while it is in transit either within the computer, or over the network .
• Similarly, computer viruses, unlike worms, embed themselves within files on the host system. ...
• After the comparison between computer viruses and biological viruses, the obvious comparison here is to a bacterium. ...
• These check to see which ports on a specified computer are "open" or available to access the computer through. ...

• 2 Pre-Computer.
• Pre-Computer.
• Babbage also designed, and had partially built, the first programmable digital computer, the Analytical Engine. ...
• Made major contributions to the engineering design and development of early computer hardware and software at the NPL and later at Manchester University. ...
• Has done pioneering work using DNA as a computer. ...
• Ross Anderson, UK, Cambridge University Professor, Department Director, author of many books and articles who has done important work on several aspects of cryptography and information security, including analysis of trusted computing devices, security of bank systems, robustness of protocols, steganography, "Soft TEMPEST"; cryptanalysed a number of algorithms; designed several including co-designing Serpent (an AES finalist) and Tiger a message digest algorithm. ...
• Matt Blaze, US, demonstrated a security problem with the NSA Clipper chip design, published a description of a (long known 'to the trade') security problem with master keying of physical locks, and designed and implemented the Cryptographic File System for the Unix Operating System. ...
• Bruce Schneier, US, CTO and founder of Counterpane Internet Security, Inc. ... com (Counterpane Internet Security, Inc. ...

• In terms of computer security a demilitarized zone (DMZ) is a network area that sits between an organisation's internal network and an external network, usually the Internet. ...

Do you have a great site about Computer Security? Is your Computer Security site listed here? Would you like a prefered placement of your site in this directory?

It's easy! First place, the HTML from the box below on your page that you would like listed in this directory.

Then use our link submission request with your name, your contact information, and the URL of your site that has a link to this directory. After we verify your link to us, we'll make sure your site stays in our directory, and we'll give it prefered placement here also.

Here is how to make a simple text link to us. Just copy the code in this box to your website:

We can also develop a custom Guide To The Internet for your site. Please request your own custom Guide To The Internet.