Security
links [26.11.2008]
(My 10+ years worth of
security bookmarks, actually. New links added frequently, hardly never
cleaned. Lots of outdated and broken links).
News &
portals
Magazines & Newsletters
Terms
Papers, presentations
Online
books
Discussions, Mailing lists
Known Bugs, Warnings
Advisories
Guidelines
Standards
Laws
Awareness
Risk Management
Security
Management
Identity, Authentication and Access
Management
Disaster
Recovery,
Business Continuity
Organizations
Conferences
Surveys,
stats
Software development
Intrusion Detection Systems
Penetration
testing
Public Key Infrastructure
LDAP, Directories
Virtual Private Networks
Firewalls
Crypto
Biometrics
Unix
Windows
Mobile & Wireless
Ethics
Privacy
Incidents, exploits, hacks, vulnerabilities
Hackers, crackers, script-kiddies
Infowar, Hactivism
"Traditional Security"
People
Fun
Blogs & Podcasts
What's new (most
recent first)
- IDC: Innovation and Security: Collaborative or Combative (pdf)
- RSA: The Time is Now: Making Information Security Strategic to Business Innovation (pdf)
- Secologic project: Guides for secure programming
- Symantec Report on the Underground Economy
- Verizon Business 2008 Data Breach Investigations Report (pdf)
- PCI Portal
- Adventurers and Risk-Takers: Finnish professional criminals and their organisations in the 1990s cross-border criminality (pdf)
- Arbor Networks Infrastructure Security Report
- Washington Post Security Fix Blog
- Dataloss DB
- Application Architecture Guide
- Security Principles
- Fundamental Practices For Secure Software Development (pdf)
- Physical Security Maxims
- (ISC)2 Blog
- European ATM Security Team (EAST) Crime Reports
- HP Game: Accelerate Security
- Europol European Organised Crime Threat Assessment (OCTA) reports
- Murphy's Laws
- NRI Secure Technologies Web Application Security Assessment Trend analysis report 2008
- Consumer Reports Guide to Online Security
- Emerging Cyber Threats Report for 2009 (pdf)
- Security Blogger's Network
- Security Assessment of the Internet Protocol (pdf)
- Compuware 2008 Study on the Uncertainty of Data Breach Detection (pdf)
- Estonia Cyber Security Strategy (pdf)
- NIST:Technical Guide to Information Security Testing and Assessment (pdf)
- The 10 Most Mysterious Cyber Crimes
- Cigital Java Security Rulepack
- Global Technology Audit Guide (GTAG)
News &
Portals
Magazines &
Newsletters
Terms, FAQs
Papers,
presentations
- Trust
in Cyberspace
- Lance
Spitzner
papers
- Dan
Farmer papers
- Papers
from
UC Davis
- Fred Cohen papers
- Sys-security
Group
- The
Memorability and Security of Passwords -- Some Empirical Results
(pdf)
- Activism,
Hacktivism, and Cyberterrorism
- Cyber
Threats and Information Security Meeting the 21st Century Challenge
- White
Papers
and Analyst Reports
- Protecting
Network Infrastructure at the Protocol Level
- Guarding
the Crown Jewels: An Overview of Internet and Network Security
- 12
Keys for
Locking Up Tight
- EU
report about Echelon (pdf)
- @Stake
Research Reports
- How
to Cheat at the Lottery (pdf)
- The
Future of
Internet Worms
- Trends
in Denial
of Service Attack Technology (pdf)
- Open
Source Security
- Network
Defense Columns by Rik Farrow
- The
Survivor's Guide to 2002
- CERT-toiminta
Suomessa (finnish)
- SANS Security
Reading Room
- The
Information Security Group Teaching Material
- Centralized
Management - SIM products
- Ken
Thompson:
Reflections on Trusting Trust
- Computer
World: Security Manager's Journal
- Gartner
- Security
- Online
Bank
Security
- DoD
Insider Threat Migitation (doc)
- Security
In the
Information Age (US Congress) (pdf)
- Keeping
Secrets in Hardware: the Microsoft XBox Case Study (pdf)
- Kansallinen
Tietoturvakatsaus (finnish, pdf)
- Coffee
vs. Security
- Risk
Exposure through Instant Messaging and P2P Networks (pdf)
- Marcus
Ranum: 7 Things I've Learned
- Homeland
Insecurity (about Bruce Schneier)
- Shatter
Attacks - How to break Windows
- The
Ten Immutable Laws of Security
- Practical
Architectures for Survivable Systems and Networks
- The
National (US) Strategy to Secure Cyberspace
- PhD
Thesis: Four Views on security (pdf)
- InfoSec
Writers
- Economist:
Securing the Cloud
- New
Yorkin WTC-terrori-isku ja toiminnan jatkuvuus (finnish, pdf)
- Decimalisation
table attacks for PIN cracking (pdf)
- Defending
Against an Internet-based Attack on the Physical World (pdf)
- The
Myth of Security at Canada's Airports (pdf)
- Failing
to Keep Up With the Information Revolution
- CISSP
certification experience
- Workshop
on Human-Computer Interaction and Security Systems
- Nanog
security
presentations
- Safe
and
Sound: A Treatise on Internet Security (pdf)
- Lab for
Information Security
Technology (LIST)
- Securing
Storage Networks (pdf)
- Cyberinsecurity:
The Cost of Monopoly (pdf)
- EROS: The
Extremely Reliable
Operating System
- Semantic
hacking
- Cognitive
Hacking: A Battle for the Mind (pdf)
- Simulating
and optimising worm propagation algorithms (pdf)
- Attacking
the DNS Protocol Security (pdf)
- Decades
after creation, viruses defy cure
- The
Future of Security
-
Scenario One
- Grand
Research Challenges in Computer Science and Engineering, 2002
(pdf)
- Grand
Research Challenges in Information Security & Assurance, 2003
(pdf)
- Timing
the Application of Security Patches for Optimal Uptime
- Survivability:
Protecting Your Critical Systems
- CERT
papers about Survivability
- Fact Squad
- FBI
Guide to Conceable Weapons (pdf)
- Who
Wrote Sobig? (pdf)
- Principles
of Survivability and Information Assurance
- An
analysis of Skype VoIP application for use in a corporate environment
(pdf)
- Trust
in the
New Economy - The Case of Finnish Banks
- Portable
Computing Device Security (pdf)
- NIST:
Security Considerations for VoIP Systems (pdf)
- Aspects
on Availability (
Dissertation for the degree of Doctor of Philosophy) (pdf)
- Blogs:
Another Tool
in the Security Pro's Toolkit
- Remote
Physical Device Fingerptinting
- Creating
a National Framework fo Cybersecurity: An Analysis of Issues and Options
(pdf)
- Thesis:
Plastic card fraud, a survey of current relevant card and system
properties (pdf)
- Cyber
Security: A Crisis of Prioritization (pdf)
- DDoS
extortion story
- An
Analysis of the Skype Peer-to-Peer Internet Telephony Protocol
(pdf)
- The
Economic Impact of Cyber-Attacks (pdf)
- The
Six Dumbest Ideas in Computer Security
- Skype
Security Evaluation (pdf)
- Thesis:
Strategic Security
- Security
considerations of Google Desktop (pdf)
- Federal
Plan for Cyber Security and Information Assurance Research and
Development (pdf)
- Security
Absurdity: The Complete, Unquestionable, And Total Failure of
Information Security
- Tietoturvallisuuden
tutkimus ja opetus Suomessa 2005 (pdf, finnish)
- CIIP Handbook Volume
I and Volume
II (pdf)
- 17
Mistakes Microsoft Made in the Xbox Security System
- Migitating Denial of Service Attacks in Computer Networks (pdf)
- Bypassing network access control (NAC) systems (pdf)
- The life of the security professional...grand it ain't!
- the underground economy: priceless (pdf)
- An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks (pdf)
- The Psychology of Security
- Exploiting SAP Internals (pdf)
- “OO-OO-OO!” The Sound of a Broken OODA Loop
- Security Architecture Blueprint (pdf)
- Cost of Information Assurance (pdf)
- The Evolution of Security
- The Ghost In The Browser - Analysis of Web-based Malware (pdf)
- House of Lords Science and Technology Committee: Personal Internet Security (pdf)
- 10 Claims That Scare Security Pros
- Security Usability Fundamentals (pdf)
- Commercial Malware Industry (pdf)
- Virtual Machine Security Guidelines (pdf)
- Guide to Security Architecture in TOGAF ADM (pdf)
- Russian Business Network study (pdf)
- Security Economics And The Internal Market (pdf)
- Point-of-Sales Vulnerabilities (pdf)
- Security Issues and Recommendations for Online Social Networks (pdf)
- The New Politics of Personal Information (pdf)
- Using Cartoons to Teach Internet Security (pdf)
- Data Breaches: What The Underground World of "Carding" Reveals (pdf)
- Large Scale Internet Attacks (pdf)
- Information Security Economics – and Beyond (pdf)
- SecMeter - tietoturvainformaatiota (finnish)
- Estonia Cyber Security Strategy (pdf)
- Security Assessment of the Internet Protocol (pdf)
Online books,
guides
Discussions,
Mailing-lists
Known Bugs,
Warnings
Advisories
Guidelines
- Valtionhallinnon
tietoturvallisuusohjeistus (finnish)
- RFC2504, Users'
Security Handbook
- RFC2196,
Site
Security Handbook
- PK-yritysten
tietoturvaopas (pdf, finnish)
- The
Field
Guide for Investigating Computer Crime, Part One, Two,
Three,
Four,
Five,
Six,
Seven
and Eight
- The
Open-Source Security Testing
Methodology Manual
- Simple
Security
Truths
- Contingency
Planning and
Disaster Recovery
- Commonly
Accepted Security
Practices & Recommendations
- Introduction
to Security Policies Part One, Two,
Three
and Four
- Tietoturvaa
peruskäyttäjille (finnish)
- BSI
IT Baseline Protection Manual
- Security
Auditing Guide (pdf)
- Tietosuojan
ja Tietoturvan Tarkistuslista (rtf, finnish)
- NSA
Security
Recommendation Guides
- NIST
Guidelines on Securing Public Web Servers (pdf)
- NIST
Guideline on Network Security Testing (pdf)
- OCTAVE:
Operationally
Critical Threat, Asset, and Vulnerability Evaluation
- OECD
Security
and Privacy Guidelines
- NIST
ASSET - Automated
Security Self Evaluation Tool
- NIST
Guide to Selecting Information Security Products (pdf)
- NIST
Guide to Information Technology Security Services
(pdf)
- Tietoturvaopas (finnish)
- The
Antivirus Defense-in-Depth Guide
- Turvallisuussopimusten
laadintaohjeistoa (finnish)
- GAISP:
Generally Accepted Information Security Principles
- NIST
Guide to Computer Security Log Management (pdf)
-
The IT Audit Checklist for Information Security (pdf)
- Global Technology Audit Guide (GTAG)
Standards and
"standards"