Security

Mailing list dedicated to the discussion of patch management.

Paper by M. Bishop, 1991. The author describes a technique, and a mechanism, to allow users to select passwords which to them are easy to remember but to others would be very difficult to guess. [Postscript]

Computer resources offering antivirus software, current virus news, antivirus patches, online protection, security software and other information about computer security.

Distributed Intrusion Detection System collects firewall log excerpts from volunteers. The logs are aggregated and analyzed. Several reports are generated showing trends in attack sources and methods used.

Small daemon that creates virtual hosts on a network (honeypot). Can be used as a virtual honeynet, for network monitoring, or as a spam trap. For *BSD, GNU/Linux, and Solaris.

A tool for semi-automatically creating emulators of network server applications.

Microsoft Research project to detect and analyze Web sites hosting malicious code using client-side honeypots.

Live honeynet status data, papers produced as a result of research, and other related resources.

Web Application Security Consortium Distributed Open Proxy Honeypot Project.

A high interaction client honeypot. A client honeypot is a security technology that allows one to find malicious servers on a network.

Sink Holes - an ISP Security Tool

Featuring articles and web links on Internet and network security for the Unix and Windows platforms.

Large index of computer security resources, including a glossary of Intrusion Detection and Prevention systems.

Location of various security mailing lists pertaining to exploits, hacking tools, and others.

Security news portal with articles, screenshots of hacked websites, security advisories and details of latest vulnerabilities.

Group dedicated to bringing you the latest news and utilities in computer security. Latest exploits with a focus on both Windows and Unix.

News articles on computer and internet security.

Computer security news for the I.T. Professional.

Community weblog covering security issues and projects related to securing Linux.

An archive of Brian Krebs stories at the Washington Post.

Former Washington Post staffer Brian Krebs writes on cyber crime and other Internet security topics.

Defines the principles behind the W3C Platform for Privacy Preferences initiative.

Generally Accepted System Security Principles, developed by The International Information Security Foundation.

Assess your company's Return on Information Security Investment

Products include PhoneSweep, a commercial telephone line scanner and NetIntercept, a network analysis tool to reassemble TCP sessions and reconstruct files.

Secure data storage, network access and e-mail software for wireless handhelds. Securitybuilder developer toolkits for embedding cryptographic functions in new applications and hardware.

Provides software and hosted services that automate the signing of electronic documents using legally valid electronic (graphical - NOT digital) signatures.

Offers a range of PC software products, most of which relate to security.

Database system to help manage compliance with multiple laws. Compliance activities and tasks are assigned to positions on organization charts, while the database takes care of the mesh of rules and regulations.

Cyber-security, incident response and forensics services

Research and system design in areas including tamper resistance, content protection, network security, and financial services. Service descriptions and white papers.

Security advisories and patches.

Download security updates, service packs, and anti-spyware tools for Windows.

An index of related resources. Includes software distributions and patches, as well as user documentation.

Freely available implementation of Kerberos 5. Includes system documentation and downloads.

Proof of concept. Tutorial using an image as the component "what you have".

OTP (S/Key) calculator for MacOS X, MacOS X Server and NEXTSTEP. RFC-2289 compliant. Software downloads, documentation and an introduction to the technology.

Providers of identity and access management software. The IAM Suite includes single sign-on, user provisioning, role management and directory synchronization.

fingerprint identification (software and processors).

Specializes in information security consulting and custom development to the area of strong authentication and biometric recognition.

Design and manufacture fingerprint verification subsystems for integration into other hardware products. Based in Gothenburg, Sweden.

Biometric identification solutions for business applications.

Offers full biometric systems, life cycle support and specialty in independent, objective large-system performance analysis for Government organizations.

Links to resources for research on facial expressions.

ICSA an independent organization offering objective views and opinions on computer security issues. Improve computer security through knowledge sharing, information dissemination, and security products certification.

University of Maryland (USA)

By Juergen Luettin, Neil Thacker and Steve Beet. Paper describing a new approach to speaker identification based on lipreading.

Provides advanced computer forensic training, services and hardware.

Offers forensic services in the UK and Worldwide for both criminal and civil matters.

A forensic technology firm specialising in computer forensics, electronic disclosure and discovery.