Category Index:
/pub/doc/general Category Index:
/pub/doc/general
No Pointing!Geoffrey S. Steward, David Sylvester,
CSRC memorandum
Abstract: Memo of CSRC. In recent years the Internet has
been used to spread computer viruses to many of its host
computers, it used email services to send copies of itself to
network users, it displayed the holiday message on the receivers
screen and then mailed itself to others. The virus caused both
the denial of services and systems shutdown. In view of these
matters, some Internet users are developing Computer Security
Response Centers(CSRC) to establish emergency and preventative
measures.
EFF, Various
EFF Papers on Issues in Computing and Cyberspace
Abstract: EFF Papers on a variety of topics. These range
from profiles of Hackers to James Joyce on Cyberspace. An
eclectic mix - use at your peril!
Dan
Farmer, Wietse
Venema,
Improving the Security of Your Site by Breaking Into
it
Abstract: In this paper we will take an unusual approach
to system security. Instead of merely saying that something is a
problem, we will look through the eyes of a potential intruder,
and show "why" it is one. We will illustrate that even seemingly
harmless network services can become valuable tools in the search
for weak points of a system, even when these services are
operating exactly as they are intended to. In an effort to shed
some light on how more advanced intrusions occur, this paper
outlines various mechanisms that crackers have actually used to
obtain access to systems and, in addition, some techniques we
either suspect intruders of using, or that we have used ourselves
in tests or in friendly/authorized environments.
Unknown, General
Information About NIST
Abstract: This directory contains the general information
about NIST.
Unknown,
NIST Interagency Reports
Abstract: This directory contains computer
security-related Interagency Reports.
Paul Holbrook, Joyce K. Reynolds,
RFC 1244: Site Security Handbook
Abstract: This FYI RFC is a first attempt at providing
Internet users guidance on how to deal with security issues in
the Internet. As such, this document is necessarily incomplete.
There are some clear shortfalls; for example, this document
focuses mostly on resources available in the United States. In
the spirit of the Internet's "Request for Comments" series of
notes, we encourage feedback from users of this handbook. In
particular, those who utilize this document to craft their own
policies and procedures. This handbook is meant to be a starting
place for further research and should be viewed as a useful
resource, but not the final authority. Different organizations
and jurisdictions will have different resources and rules. Talk
to your local organizations, consult an informed lawyer, or
consult with local and national law enforcement. These groups can
help fill in the gaps that this document cannot hope to
cover.
Alan Solomon, Barry Nielson and Simon
Meldrum, Information
about the AIDS diskette trojan
Abstract: On Monday, 11th December, several thousand
diskettes were mailed out containing a program that purported to
give you information about AIDS. These diskettes actually
contained a trojan - do not install the program. If you have
installed it, you must remove it - see Appendix 3 below for
how.
Christopher
William Klaus,
Compromise: What if your Machines are Compromised by an
Intruder.
Abstract: This FAQ deals with some suggestions for
securing your Unix machine after it has already been compromised.
Even if your machines have not been compromised, there are many
helpful tips on securing machine in this paper. I would
appreciate any suggestions. This FAQ will be posted
monthly.
G. Pernul G. Luef,
A Bibliography on Database Security
Abstract: A lot of discussion about literature on Computer
Security has been taken place recently in news group. The author
have compiled a bibliography on the security aspect in
databases.
Barton P. Miller, David Koski, Cjin Pheow Lee, Vivekananda Maganty, Ravi Murthy, Ajitkumar Natarajan, Jeff Steidl,
Fuzz Revisited: A Re-examination of the Reliability of UNIX
Utilities and Services
Keywords: testing, debugging, programs, utilities, random
testing, reliability
Abstract: e have tested the reliability of a large
collection of basic UNIX utility programs, X-Window applications
and servers, and network services. We used a simple testing
method of subjecting these programs to a random input stream. Our
testing methods and tools are largely automatic and simple to
use. We tested programs on nine versions of the UNIX operating
system, including seven commercial systems and the
freely-available GNU utilities and Linux. We report which
programs failed on which systems, and identify and categorize the
causes of these failures.
Barton P. Miller, Lars Fredriksen, Bryan So, An
Empirical Study of the Reliability of UNIX
Utilities
Keywords: testing, debugging, programs, utilities,
reliability
Abstract: Operating system facilities, such as the kernel
and utility programs, are typically assumed to be reliable. In
our recent experiments, we have been able to crash 25-33 of the
utility programs on any version of UNIX that were tested. This
report describes these tests and an analysis of the program bugs
that caused the crashes.
B. Clifford Neuman,
Protection
and Security Issues for Future Systems
Abstract: We are becoming increasingly dependent on
computers in daily life. This dependence brings with it a
heightened need for security in the computer systems we use. The
distributed nature of recent systems has made it difficult to
apply many of the security techniques used in centralized
systems. Additionally, many of the services which are becoming
available by computer are placing new demands on the protection
and security mechanisms of the systems on which they run. These
services require interaction between parties that are mutually
suspicious of one another; the servers require protection from
users, while at the same time the users require protection from
malicious or incompetent service providers. This paper examines
the problems of protection and security as applied to future com-
puter systems.
Richard D. Pethia, Kenneth R. van Wyk,
Computer Emergency Response - An International
Problem
Abstract: Computer security incidents during the past few
years have illustrated that unauthorized computer activity does
not obey traditional boundaries (e.g., national, network,
computer architecture). Instead, such activity frequently crosses
these boundaries not just once, but several times per incident
[Stoll89]. International cooperation among computer security
response groups can be an effective means of dealing with
computer security issues faced today by the computer user
community. This paper addresses the need for such cooperation and
suggests methods by which individual computer security response
groups can work together internationally to cope with computer
security incidents.
Built by Mark Crosbie
and Ivan
Krsul.
Security Archive Homepage.
Purdue CS Dept page.
