Hackers Beware

•Cert. Send an email to mailto:cert-advisory-request@cert.org

with SUBSCRIBE <your e-mail address here > in the subject line.

•FreeBSD Hackers Digest. Send an email to mailto:Majordomo@FreeBSD.ORG with subscribe FreeBSD- hackers-digest in the body of the message.

•Happy Hacker Digest. Send an email message to mailto:hacker@techbroker.com with subscribehh in the body of the message.

•Linux Security. Send an email message to mailto:linux- security-request@redhat.com with subscribe in the subject of the message.

•Linux Admin. Send an mail message to mailto:Majordomo@vger.rutgers.edu with subscribe linux-

admin <your e-mail address here > in the body of the message.

•NTBugTraq. Send an email message to mailto:LISTSERV@LISTSERV.NTBUGTRAQ.COM with SUBSCRIBE NTBUGTRAQ firstnamelastname in the body of the message.

•NT FAQ. Send an email message to mailto:nt-faq@ed-com.com with subscribe nt-faq <your email address here > in the body of the message.

•Windows 95. Send an email message to mailto:WIN95-L- request@PEACH.EASE.LSOFT.COM with SUB WIN95-L firstnamelastname in the body of the message.

•Windows 98. Send an email message to mailto:WIN98-L- request@PEACH.EASE.LSOFT.COM with SUB WIN98-L firstnamelastname in the body of the message.

•Visual Basic. Send an email message to mailto:VISBAS-L- request@PEACH.EASE.LSOFT.COM with SUB VISBAS-L firstname lastname in the body of the message.

Operating System Specifics

Because a large number of exploits are against specific operating systems, I divided this section into the major operating systems and listed specific vulnerabilities for each.

Linux/UNIX Related Sites

This section lists a wide range of sites that list security vulnerabilities and ways to strengthen the security of Linux and UNIX operating systems.

•http://www.freebsd.org

•http://www.hawken.edu/help/linux.htm

•http://sunsite.unc.edu/mdw/index.html

•http://www.linux.org

•http://www.geek-girl.com/UNIXhelp/

•http://www.netsys.com/

•http://www.ugu.com/

•http://www.clark.net/pub/srokicki/linux/

•http://www2.xtdl.com/~jlorenz/allunix.html

•http://www.linuxhq.com

•http://www.linuxos.org

•http://www.li.org

•http://freshmeat.net

•http://slashdot.org

•http://lwn.net/daily

•http://lwn.net

•http://webwatcher.org

•http://www.linuxresources.com

•http://www.linuxgazette.com

•http://www.linuxjournal.com

•http://www.best.com/~aturner/RedHat-FAQ/

•http://linux-list.home.ml.org

•http://www.labs.redhat.com

•http://www.redhat.com

•http://www.clark.net/pub/ray/

•http://www.suse.de

•http://www.suse.com

Linux Vendors

Most vendors do a good job of releasing patches for the various vulnerabilities that are constantly being discovered. By checking a vendors web site, you can verify that you are running all of the latest patches that they have released.

•http://www.cdrom.com

•http://www.lsl.com

•http://www.linuxmall.com

•http://www.cheapbytes.com

•http://www.varesearch.com

•http://www.linux-hw.com

Windows NT Related Sites

The following sites list information on securing Windows NT systems and the various exploits that have been discovered.

•http://www.nmrc.org/files/nt/

•http://www.webtrends.com

•http://www.ntsecurity.net

•http://www.windowsnt-plus.com/

•http://www.ntshop.com

•http://www.ntfaq.com

Windows 95 Related Sites

The following sites list information on securing Windows 95 systems and the various exploits that have been discovered.

•http://www.windows95.com

•http://www.geocities.com/SiliconValley/Heights/1094/

•http://www.windows98.org

•http://www.mindspring.com/~ggking3/pages/windmill.htm

•http://www.annoyances.org/win95/

•http://www.cobb.com/win95/index.htm

•http://www.winmag.com

•http://walden.mo.net/~rymabry/95winfaq.html#FAQ

•http://walden.mo.net/~rymabry/95winfaq.html

•http://web.mit.edu/afs/athena/org/i/is/help/win95/

•http://www.halcyon.com/cerelli/

•http://cuiwww.unige.ch/info/pc/remote-boot/

•http://www.helmig.com/

•http://www.pcguide.com

Programming Related

A general understanding of how programming languages work can help you better understand exploits and how to protect against them.

C/C++

C/C++ is one of the most popular programming languages. A basic understanding of how to read C/C++ code is a good starting point for comprehending exploits.

•http://www.cm.cf.ac.uk/Dave/C/CE.html

•http://www.delorie.com/djgpp/

•http://www.strath.ac.uk/CC/Courses/NewCcourse/ccourse.html

MS-DOS

MS-DOS is the operating system that Windows 3.1 ran on and forms the basis for most of Microsoft’s operating systems. Using MS-DOS is a common way that attackers can bypass the security features of the newer operating systems.

•http://www.cm.cf.ac.uk/User/P.L.Poulain/project/allcomms.htm

•http://log.on.ca/users/rhwatson/dos7/commandintro.html

•http://www4.ncsu.edu/unity/users/j/john/html/dosinfo/batch.html

•http://www.cit.ac.nz/smac/os100/msdos14.htm

Visual Basic

Visual basic forms the foundation of the programming that is available in most of Microsoft’s products. A large number of the macro viruses that impact the Microsoft's products are based on VB or Visual Basic.

•http://www.wvinter.net/~smithm/archives.htm

•http://www.inquiry.com/techtips/thevbpro/

•http://www.cdc.net/~dmitri/utilities.html

•http://www.brianharper.demon.co.uk/files.htm

•http://www.zeode-sd.com/ccrp/

•http://www.freecode.com/

•ftp://ftp.microsoft.com/developr/vb/kb/index.txt

•http://www.planet-source-code.com/vb/

•http://www.softcircuits.com/sw_vbsrc.htm

•http://www.karland.com/code/visualbasic/

•http://www.kingsoft.com/qaid/vb/index.html

•http://www.cgvb.com/links/lpage.boa/FILE

•http://www.buffnet.net/~millard/vb/vbwfaq1.htm

•http://www.vb-helper.com/howto.htm

•http://www.goldenfamily.com/visbas/index.html#CODE

•http://www.goldenfamily.com/visbas/index.html

•http://thebestweb.com/vbfaqs/faq_prog.html

•http://www.pconline.com/~markp/winsock.htm

Miscellaneous

The following is a list of sites that cover a wide range of topics.

•http://www.unituebingen.de/zdv/projekte/linux/books/nag/node1.html

•http://www.programmersheaven.comh

•http://www.strangecreations.com/

•http://www.utexas.edu/cc/

Online Reading Materials

The following sites contain some good reading material on a variety of topics.

•http://www.mcp.com/personal/

•http://www.developer.com

Search Engines

There is a lot of valuable information on the Internet, but it is sometimes difficult to find. Search engines are a great way to find a specific tool or general information on a topic.

•http://www.yahoo.com

•http://www.altavista.com

•http://www.infoseek.com

•http://www.lycos.com

•http://www.excite.com

•http://www.webcrawler.com

•http://www.metacrawler.com

•http://www.hotbot.com

•http://www.dejanews.com

•http://www.filez.com

•http://www.ftpsearch.com

•http://www.phoaks.com

•http://www.astalavista.com

Cracks, Wares, and so on

The following sites contain some useful tools and products.

•http://www.compucall.com/keys.htm

•http://hack.box.sk/

•http://www.fravia.org

•http://www.lordcaligo.org

•http://www.t50.com

•http://www.wwisp.com/~wsg/cbd/cracks.html

•http://members.tripod.com/~tnwo/

•http://www.fortune500.net/super/

•news://alt.cracks

•news://alt.binaries.cracks

•news://alt.binaries.cracks.phrozen-crew

•news://alt.2600.warez

•news://alt.2600.programz

•news://alt.warez.ibm-pc

•news://alt.binaries.warez.linux

•news://alt.binaries.warez.mac

•news://alt.binaries.warez.macintosh

Finding People on the Net

Just about anything can be found on the Internet—including information about people. The following are some sites for locating individuals.

•http://www.anywho.com

•http://www.infospace.com

•http://www.whowhere.com

•http://www.four11.com

•http://www.switchboard.com

•http://www.cis.ohio-state.edu/hypertext/faq/usenet/finding

•http://www.faqs.org/hypertext/faq/usenet/findingaddresses/faq.html

•http://www.thecodex.com/

•http://rs.internic.net/cgi-bin/whois/

Phreaking Related

Phreaking is a term that is often used to describe attacks against phone systems. The following sites contain information on phreaking.

•http://wwwpersonal.engin.umich.edu/~jgotts/underground/boxes.html

•http://members.tripod.com/~iang/

•http://www.phonelosers.org/

•http://pla.tsx.org

•http://boards.eesite.com/board.cgi?boardset=q7rj7dk4

•http://www.geek.org.uk/phila/nd/index.html

•http://www.slcnet.net/personalwww/apollo/telecom/phreak.htm

•http://www.webcrunchers.com

•http://www.visual-traffic.com/hacker.html

Online Scanners

There are several sites available on the Internet that you can use to scan other systems and find out a variety of information.

•http://www.fse.com/support/security%20scan/areyouprotected.htm FutureSoft

•http://www.hackerwhacker.com/ (Hacker Whacker)

•http://www.dateline.epatrol.com/ (ISS Online Vulnerability Scanner)

•http://mycio.com/zombie/ (MyCIO Scan for TFN, Trinoo, and Stacheldraht)

•http://security.shavlik.com/ (Quick Inspector for the Web)

•http://www.secure-me.net/ (Secure Me)

•https://grc.com/x/ne.dll?bh0bkyd2 (Shield’s Up)

•http://scan.sygatetech.com/ (Sygate Online Security Scan)

•http://www.webtrends.net/tools/security/scan.asp (Webtrends Online Scan)

•http://security1.norton.com/common/1033/zd/zd_intro.asp (Zdnet Online Network, Virus, and Trojan Scan)

•http://privacy.net/analyze/analyzehow.asp (Privacy analysis of your Internet connection)

•http://webservices.cnet.com/bandwidth/ (Bandwidth Meter)

•http://webservices.cnet.com/bandwidth/ (Traceroute, Ping, DNS Lookup, WHOIS, DNS Records Lookup and E-mail relay)

•http://security1.norton.com/us/intro.asp?venid=sym&langid=us (Symantec Security Check (Risks, Virus and Trojans))

•http://scan.sygatetech.com/ (Sygate Scan (Stealth, Trojan, TCP, UDP, ICMP))

•http://www.mycio.com/asp_subscribe/trial_cc.asp (myCIO CyberCop ASaP)