New!!
Attacking Tor: how the NSA targets users'online anonymity Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate MD5 Birthday Attack demonstration OWASP TOP 10: The ten most critical web application security vulnerabilities 2007 2004 Live after Antivirus -- What does the future hold? ( Panel Presentation from RAID, Oct 2008)
Intrusion Detection Systems
Intrusion Detection Systems (slides courtesy Prof. Stolfo)
Forensic Discovery, by Wietse Venema, IBM T.J.Watson Research, USA
Chinese PC virus may have hidden agenda
New Research Result: Cold Boot Attacks on Disk Encryption
Web Application Security / Cross-site scripting (intro)
The Web Application Firewalls (WAF) Information Center
Stanford Web Security Research
The Web Hacking Incident Database
XSS, Cookies, and Session ID Authentication – Three Ingredients for a Successful Hack
Cross Site Scripting Attacks: Xss Exploits And Defense
Web Security from Google Code University
Attack Patterns
Attack Patterns: Knowing Your Enemy in Order to Defeat Them, as presented at Blackhat DC 2007
Exploiting Software: How to Break Code
General FAQs and Security Related Resources
CERT/CC Malicious Web Scripts FAQ
Computer and Network Security: Security FAQs
Telstra Corporation: Computer and Network Security Reference Index
RFC2196: Site Security Handbook
Cryptography
RSA Laboratories | Cryptography FAQ
GMU Cryptography Web Resources
Differential Cryptanalysis: Why 16 rounds for DES ?
COPACOBANA: How to Break DES for 8980 Euros
How easy is collision search? Application to DES.
How Easy is Collision Search. New Results and Applications to DES.
THE STORY OF NON-SECRET ENCRYPTION
Authentication Protocols Design, Mistakes and Lessons Learned
Using Encryption for Authentication in Large Networks of Computers
Prudent Engineering Practice for Cryptographic Protocols
An Attack on the Needham-Schroeder Public-Key Authentication Protocol
Network and System Security
Top 20 System Vulnerabilities list by SANS: http://www.sans.org
Bugtraq: THE "full-disclosure" security mailing list
A talk by a Cisco Security Expert on Layer 2 Network Vulnerabilities
Sniffing (network wiretap, sniffer) FAQ
Top 75 Network/System Security Tools from Insecure.org
Googling Master Passwords for Automatic Teller Machines
Buffer Overflow Attacks and Defenses
Defeating Microsoft Windows XP Heap buffer-overflow protection
Smashing the Stack for Fun and Profit by Aleph One
Engineering Heap Overflow Exploits with JavaScript Exploiting Format String Vulnerabilities S.M.Bellovin, Guidelines for Mandating the Use of IPSec. October, 2002, Work In Progress. (In)Security of the WEP algorithm Jesse Walker's paper titled "Unsafe at any key length" Jesse Walker's Series of articles on 802.11 Security: Part I Key Management for WEP and TKIP, Part II The Temporal Key Integrity Protocol (TKIP), Part III AES-based Encapsulations of 802.11 Data, The Wired Equivalent Privacy (WEP) Nancy Cam-Winget, Russ Housley, David Wagner and Jesse Walker, Security Flaws in 802.11 Data Link Protocols , Communications of the ACM, May 2003, Vol. 46, No. 5. A news article about the latest claim on cracking GSM Security, reported on Sept 2003. The paper led to the above news article: Elad Barkan, Eli Biham, Nathan Keller, Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication (.ps),CS-2003-05, Proceedings of Crypto 2003. Presentations, 4, 5, 6 on GSM Security by a group of graduate students (Yuri Sherman, Max Stepanov, Gregory Greenman) for a class in Hebrew University. "A precis of the new attacks on GSM encryption", Gre Rose, 10, Sep 2003 Digest Authentication in Apache 1.3 User authentication using MD5 Digest Authentication in Apache 2.0 RFC2617: HTTP Authentication: Basic and Digest Access Authentication
Heap Overflow Attacks
String Formatting Attacks
IPSec
Wireless LAN Security
Presentations, 1, 2, 3 on Wireless LAN security by a group of graduate students (Tzachy Reinman, Roy Werber and Bracha Hod) for a class in Hebrew University.
GSM Security
Web Services
Apache Web Server Digest-based Authentication