Hackers, Security, Privacy

Okay, I give up. I'm in the process of updating this page. It's linked to in so many places, the 404 messages are never going to stop. Please, if you are just finding it now, don't link to it here. I'm moving it back to its original home, on deaddrop.org. You may be seeing it there, now. Currently, it's based on deaddrop.com, but I copied it over, just in case. It'll just take a few days, and I'll move everything around.

In the mean time, I've added a couple of things. You will now find links to the best of the TLA sites, and also a nice overview of the virus scanning world. Yes, there's more than just McAffee and Norton, folks.

++ The Management ++

Hacker Sites

On-line Magazines
Yearly Conventions
The Sites
Old or retired

Miscellaneous
Encryption

PGP

Key Servers
Distributions
Information and Documentation
Support Software

Cryptography Sites

Privacy
Security Sites

Intrusion Detection Systems
Multi-Purpose
Odds and Ends
Tools
Other Commercial

Virus Scanners

The Feds (Why Not?)
Security Conferences
Publishers

---

Hacker Sites

Zines (Does anyone read these anymore?)

Welcome to WWW.2600.com

2600 magazine is the grandfather of all zines. First formed in 1984 (or thereabouts) it contains articles on phone phreaking, hacking, and various archives on injustice and overreaction by the authorities. Buy it on the newsstands. Subscribe. See also HOPE, in Conferences, below.

Phrack Webpage

Phrack is the venerable journal of the hacking upper crust. The resurrected site now lives at www.phrack.org, for some small amount of time. Note that the site was hosted at infonexus for a while. The site www.phrack.com does not currently resolve, nor does phrack.infonexus.com (but you can still hang out at the packetfactory).

Yearly Cons

DEF CON Convention

Once a year, in vegas, in July, and they have hacker jeopardy too. The page is rich with links and information ... the links may not always be up to date, but those that are, are excellent. It's the granddaddy of them all.

Hackers at Large

What the Hack

HAL2001 was the fourth in a series, and What the Hack was number five. It's been running every four years since 1989. Many of the participants at "The Galactic Hacker Party" (1989), "Hacking at the End of the Universe" (1993) and "Hacking in Progress" (1997) have been instrumental in bringing about the changes that are upon us today. Stay tuned for the next event, expected in the year 2009.

HOPE 2002: Hackers On Planet Earth

HOPE 2004: The Fifth Hope

The Sixth Hackers On Planet Earth conference - has been confirmed for the summer of 2006, at The Hotel Pennsylvania. Keep up to date through the 2600 site (see reference above).

CanSecWest

This conference is held annually in Vancouver B.C., Canada, and focuses on newly emerging information security research, with a balance of both topics on auditing and pen-testing as well as security and defensive strategies.

The presenters are experienced security professionals at the vanguard of leading information security technology as well as experienced instructors who have prepared tutorials intended to help you stay abreast of the lastest developments in this rapidly moving technological field. The best, and brightest, have assembled unique new material to help you maintain your technological leadership.

TooRcon

TooRcon is a comprehensive three day computer security extravaganza featuring lectures from some of the top experts in the field, hands-on demonstrations of the newest approaches to computer security. TooRcon also features raffles for collector items and brand new equipment alike, and of course three days of enjoyment!

ShmooCon

An annual East coast hacker convention hell-bent on offering an interesting atmosphere for demonstrating technology exploitation, inventive software & hardware solutions, as well as open discussion of critical information security issues. ShmooCon 2006 was January 13-15, 2006, in Washington, D.C.

LayerOne

Currently in its 3rd year, LayerOne is a computer security and technology conference held in the Los Angeles/Pasadena area. The purpose of LayerOne is to bring together the many different types of folks who make up the security community for a 2 day discussion of the technologies that impact our professional and personal lives.

CodeCon

CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community.

All presentations must include working demonstrations, ideally accompanied by source code. Presentations must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code.

SummerCon

Summercon is the oldest of the hacker cons. It has been hosted in such fine cities as St. Louis, Atlanta, Washington, D.C., and Amsterdam. Last seen in Austin, TX. They tend to be slow to update the site, but don't count them out for 2006; it's early yet.

The con audience is a wide mix from security professionals, military officials, socialists, hackers, parents, artists, etc... It is a social event with presentations to help get the conversations started. There is little attitude, lots to learn, and plenty of fun at Summercon; all in the name of hacking.

PhreakNIC

PhreakNIC is Nashville's *FREE* annual hacker con. Anyone is welcome to attend. We create an environment where people who are interested in the more underground elements of technology can meet, exchange ideas and hopefully teach/learn. The primary focus is on computers and computer security, but we also cover other topics, such as radio (ham, pirate & low-power/community), SETI work, robotics, high-power rocketry, satellites, phones and phreaking, cryptography, etc. We are planning interesting things for our fifth year - please join us.

Serious

The Sites

Fyodor's Playhouse

One of the good guys (still), and the author of Nmap (one of my personal favorites)

History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. ...Bruce Schneier

The Nessus Project

Nessus was a free, open-sourced and easy-to-use security scanner. Recently, with the last edition, it was taken closed source by its author and contributors. It is still available for download, but not considered open source. There isn't space for the discussion here. Use a search engine, you'll figure it out. It currently compiles and runs under several flavors of Unix, such as Linux, FreeBSD, Solaris, and IRIX. It's still the dandiest thing since sliced bread.

Nomad Mobile Research Centre

Not everyone loses their ethics and idealism. Simple Nomad is a class act. All of NMRC's hack and cracks will bring forth the idea that you cannot secure a system for long ... sooner or later someone will find a way around the obstacle.

Chaos Computer Club e.V.

The one and only. Please understand most topics here are covered in German and only some in English.

Attrition

Commentary on almost everything. A section just for a "Security Advisory Library" which contains all sorts of advisories that remind us that buffer overflows and root compromises have always been with us.

Was home to the largest assortment of mirrors of hacked web sites on the planet. Home to archives of everything from text to old zines.

The Million Packet March

The Packet Factory, FKA projects from daemon9 (one of the most prolific and talented contributers to Phrack). Looking for libnet, or Loki? This is where they went.

SoCal Underground

The Southern California underground, by twentythreedotorg.

NEWORDER (used to be Hack.box.sk)

Eastern Europe hackers site. Enter at your own risk.The search engine is named Astalavista. What's not to like?

Old or Retired

Access All Areas

The last (and only) happened in July 97. I keep it because I love the java anarchy toy (which is now gone). There is also a link to the mailing list, which was active, last time I looked.

L0pht Heavy Industries (R.I.P.)

The L0pht (www.l0pht.com) was the home of luminaries such as Brian Oblivion and Mudge. It was dedicated to the improvement of security within Microsoft and other deserving organizations. Making the theoretical practical since 1992. It was the site of AntiSniff and L0phtCrack. It was acquired by @stake, which was in turn absorbed by Symantec.

LOD Communications Home Page

The Legion of Doom. They are now an ISP (hey, everybody's got to make a living, and at least you know they're competent). They offer security consulting, and various other services. Amazing.

Hack-Tic Magazine Archive

Mostly in dutch, but they were excellent resources. Hack-Tic is still out there, at least in part, just no more cool magazine.

The Cheshire Catalyst

Cheshire got his reputation playing with Marisat, the Maritime Communications Satellite System.

Miscellaneous

The Netninja are Everywhere!

Another really nice site (well laid out, and lots of information).

L.A. 2600

The Los Angeles 2600 Meetings, held near the Union Train Station.

Encryption

PGP

Keyservers

WWW based PGP 5.0 Keyserver System

This uses the new PGP 5.0 compatible server, listening on port 11371. It makes available a string of possible keyserver web sites.

The original web of trust.

The web of trust, from Phil Zimmerman (prz AT acm.org) out.

Distributions

MIT distribution site for PGP

MIT distributes PGP free for non-commercial use. This distribution is done in cooperation with Philip Zimmermann, the author of PGP, PGP Incorporated and with RSA Data Security, Inc., which licenses patents to the public-key encryption technology on which PGP relies.

The International PGP Home Page

Cyber-Knights Templar

Pretty Good Privacy, Inc.

Well, it was Pretty Good, then it was Network Associates (and it took FOREVER to load, too), now it's back to Pretty Good. Phil has gone off to help with the OpenPGP Alliance, at http://www.openpgp.org. No, he isn't back at PGP, but those are all good people, and I have hope that it lasts.

Phil Zimmermann's Home Page

Philip R. Zimmermann is the creator of Pretty Good Privacy. For that, he was the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread all around the world following its 1991 publication as freeware.

PuTTY

Windows implementation of SSH, versions 1 and 2.

F-Secure's SSH

The commercial version of SSH. Supports versions 1, 2, and 3.

OpenSSH

OpenSSH, for the rest of us. Runs on Unixen, and supports versions 1 and 2.

NifyTelnet/NiftySSH

SSH for the Macintosh. Supports version 1 and 2.

O'Reilly Book for SSH

Yes, there's even an O'Reilly book on SSH. I have got to get out of the cave more often. "This book covers Unix, Windows, and Macintosh implementations of SSH."

Information

Tom McCune's PGP Page

This is really one of my favorites. Don't look at NAI for answers... they're here.

PGP for Beginners

This spells it all out. It's a beautiful effort.

PGP DH vs RSA FAQ

This is a truly well-written discussion on which encryption is better, and why.

PGP (The basic stuff)

PGP2.6.2 Frequently Asked Questions (old)

This is pretty old, but if you're trying to use 2.6.2 instead of one of the newer versions, this is probably better information for you.

Support Software

Mailcrypt: An Emacs/PGP Interface

Mailcrypt is an Emacs Lisp package which provides a simple interface to public key cryptography with PGP [and now GnuPG!]. Mailcrypt makes strong cryptography a fully integrated part of your normal mail and news handling environment, and is an important part of a balanced breakfast.

PGP Digital Timestamping Service

Stamper is a free digital timestamping service which uses PGP and operates via Internet email. Launched in 1995, it remains my intention that this will be a reliable quality service which will remain in operation for a number of years.

Crypto Sites

Counterpane Homepage

Computer Security and Cryptography Consulting ... Bruce Schneier. Bruce also has a monthly mailing list (CryptoGram), and an excellent blog.

The Cypherpunks Home Page

It used to be hosted at http://www.csua.berkeley.edu/cypherpunks/, but I suppose everything moves on. Still, the page above is good enough. Here you can find links to PGP, remailers, rants, various crypto-tools, newspaper clippings, and a good deal of other things

Strong Cryptography Links on the Net ... Erehwon

More Crypto links than anywhere else. "Strong cryptography makes the world a safer place."

Distributed Net ... Node Zero

The fastest computer on earth ... especially when it comes to RC5 and DES II distributed.net was the Internet's first general-purpose distributed computing project. Founded in 1997, the network has grown to include thousands of users around the world donating the power of their home computers to academic research and public-interest projects.

Integrity Sciences, Inc. SPEKE Password Verification

Bill Stallings: Home Page

Writes some great books on Crypto, PGP, and Computer Security.

Farcaster.com: BAL's Home Page

ScramDisk - Free Disk Encryption Software

We are proud to announce that Shaun Hollingworth, author of "ScramDisk", Paul Le Roux, author of "E4M", and Wilfried Hafner, security consultant, created a new advanced disk encryption system that succeeds both ScramDisk and E4M. The product offers a huge increase in features, performance and stability over its predecessor's products. The new product named "DriveCrypt" offers unparalleled benefits to consumers over competing products such as incorporation of the latest standards (AES, SHA256) state-of-the-art steganograpy (information hiding) capabilities, volume resizing, console lockout functionalities, hotkey support and much more!

Replay Associates

Okay, it isn't really Replay any more. Still, it has good resources, and deserves the mention. This site is now www.zedz.net (they moved from www.replay.net some time ago). They aren't quite what they used to be, but better than nothing, I suppose. I miss the old replay.

Crypto++ 2.3 - a C++ Class Library of Cryptographic Primitives

Privacy

Electronic Privacy Information Center

EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values. EPIC works in association with Privacy International, an international human rights group based in London, UK and is also a member of the Global Internet Liberty Campaign, the Internet Free Expression Alliance, the Internet Privacy Coalition, the Internet Democracy Project, and the Trans Atlantic Consumer Dialogue (TACD).

The Electronic Frontier Foundation

The Electronic Frontier Foundation (EFF) was created to defend our rights to think, speak, and share our ideas, thoughts, and needs using new technologies, such as the Internet and the World Wide Web. EFF is the first to identify threats to our basic rights online and to advocate on behalf of free expression in the digital age.

Based in San Francisco, EFF is a donor-supported membership organization working to protect our fundamental rights regardless of technology; to educate the press, policymakers and the general public about civil liberties issues related to technology; and to act as a defender of those liberties. Among our various activities, EFF opposes misguided legislation, initiates and defends court cases preserving individuals' rights, launches global public campaigns, introduces leading edge proposals and papers, hosts frequent educational events, engages the press regularly, and publishes a comprehensive archive of digital civil liberties information at one of the most linked-to websites in the world: http://www.eff.org.

Go read the story of their founding, and then contemplate how easy it is to lose everything.

GnuPG - The GNU Privacy Guard

Mixmaster Remailer

Mixmaster is an anonymous remailer. Remailers provide protection against traffic analysis and allow sending electronic mail anonymously or pseudonymously. Mixmaster consists of both client and server installations. At one time, the home of Mixmaster was http://www.obscura.com/, but it is now hosted at Sourceforge. There's also a mailing list.

FreeS/WAN Project: Home Page

The DataHaven Project

Both FreeS/Wan and DataHaven are really over. I just kept them here out of sentiment. The pages are still there; FreeS/Wan bowed out gracefully. DHP hasn't been updated since 2004.

Security Sites

Intrusion Detection

SNORT

The Lightweight Network Intrusion Detection System. Need I say more?

Common Intrusion Detection Framework

The Common Intrusion Detection Framework (CIDF) was an effort to develop protocols and application programming interfaces so that intrusion detection research projects can share information and resources and so that intrusion detection components can be reused in other systems. It was a good idea; pity it didn't take. The data is still there, however.

Structural Versus Operational Intrusion Detection

Interesting concept paper from John Kozubik of Network Command.

Port Sentry

If you run nothing else, you should use this. Portsentry, and its lesser known cousins Logwatch and Logsentry, were graciously released into the open source community by Cisco when the acquired Psionic.

Computer Associates ... SessionWall3 (fka AbirNet)

AbirNet - The Next Generation in Network Protection Technology. Recently purchased by MEMCO, yet another leading provider of information security software. Even more recently acquired by Computer Associates. Who can keep up with the implosion? Now they're calling it eTrust Intrusion Detection. Whatever.

Multi-Purpose Security Sites

Talisker's Network Security Tools

This independent site lists every known commercial; Intrusion Detection System, Vulnerability Scanner and Personal Firewall plus a few other seasoned freeware campaigners. Lovely site, nasty java. Really one of the best, and very well-maintained and current. Recently made famous by providing a backdrop during a trip by some politicians to the NSA.

PacketStorm Security (formerly managed by Ken Williams -aka- Tattooman)

Well, they've moved again. Kudos to the rescuers. Whatever you were thinking of, it's here. This is the best collection of stuff that I know of. The ezine that was known as Confidence Remains High is hosted here, along with every single piece of security information you need to know to survive.

VulnWatch

VulnWatch was created because the involved individuals felt the need for a forum which didn't currently exist: a non-discussion, non-patch, all-vulnerability annoucement list supported and run by a community of volunteer moderators distributed around the world.

VulnWatch is a computer security vulnerability disclosure mailing list. It is an announcement list, not a discussion list. The contents of the list are submitted by security researchers or product vendors to alert the Internet community of security issues that may effect them.

Security Focus

SecurityFocus.com is designed to facilitate discussion on security related topics, create security awareness, and to provide the Internet's largest and most comprehensive database of security knowledge and resources to the public...One of the backbones of SecurityFocus.com includes the Bugtraq mailing list - one of the most read security mailing lists on the Internet. Security Focus was acquired by Symantec (see @stake).

The Shmoo Group

The Shmoo Group was formed on or about March 1999 utilizing several ice cold Guinesses and some youthful idealism. We're a group of security, system, and network professionals who all have a bit too little free time and a few too many ambitions. To that end, we decided to start up a security resource on the web that would pretty much be a free-form, hippy-love event. What we ended up with is what you see here. Pretty successful for a hobby.

InfoSysSec

The security portal for information system security professionals. The most comprehensive computer and network security resource on the internet for information system security professionals. Well, maybe, but it is a nice site.

Center for Education and Research in Information Assurance and Security

CERIAS is the world's foremost university center for multidisciplinary research and education in areas of information security (computer security, network security, and communications security), and information assurance.

COAST: Computer Operations, Audit, and Security Technology

A multiple project, multiple investigator laboratory in computer security research in the Computer Sciences Department at Purdue University. Computer Security, Law and Privacy. Subsumed by CERIAS (see above).

SHADOW (formerly CIDER)

SHADOW was the result of a project that was originally called the Cooperative Intrusion Detection Evaluation and Response (CIDER) project, which was an effort to locate, document, and improve freely available security software. It's a bit long in the tooth, but interesting still.

ISAAC: Internet Security, Applications, Authentication and Cryptography

This was a small, but very influential, research group in the Computer Science Division at the University of California, Berkeley.

Emergent Chaos

Emergent Chaos is a group blog on security, privacy, liberty, and economics. We declared ourselves the Emergent Chaos jazz combo here.

CIAC Security Website

Computer Incident Advisory Capability. They frequently duplicate CERT and others, but have great information on Virii, and on hoaxes.

Computer Virus Myths home page

Read all about computer virus myths & hoaxes. P.T. Barnum was too kind. Send this link to anyone who sends you email about yet another Good Times variant. This used to be at http://www.kumite.com/myths/, but it's still the same trusty, amusing folk. Guess it's been around the block a few times. It's a wait and see game, for now (no updates in a while).

Wietse's collection of tools and papers

This is the newish site for Mr. Venema. All the stuff from the original at Eindhoven University, but more secure. If you don't use anything else, you should at least get tcp wrappers from here.

CERT (Computer Emergency Response Team)

The CERT* Coordination Center studies Internet security vulnerabilities, provides incident response services to sites that have been the victims of attack, publishes a variety of security alerts, researches security and survivability in wide-area-networked computing, and develops information to help you improve security at your site. (But you'll probably see it in Bugtraq or Packetstorm first.)

United States Computer Emergency Readiness Team

Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation. Brought to you by the same folk who bring you CERT (see above).

Odds and Ends

FIRST

The Forum of Incident Response and Security Teams (FIRST), brings together a variety of computer security incident response teams from government, commercial, and academic organizations.

Vendor Security Contacts

Just what it says. It's a list of security contacts for various vendors. I don't know when it was last updated, but it's still nice. Originally written by Aleph One. I've replaced the original with a local copy, but consider it historical information, only.

FTP Security Extensions

RFCs and thoughts on how to make FTP more secure.

Tools

WWDSI's Saint Information

On July 1, 1998, the Security Administrator's Integrated Network Tool was released to the public. There is absolutely no cost for this product. Finally, the son of Satan.Satan modules that you've written can be imported into this, by the way.

SRP: Secure Password Authentication for the Net

SRP stands for the Secure Remote Password protocol, and it represents a new mechanism for performing secure password-based authentication and key exchange over any type of network.

Other Commercial

SystemExperts Corporation

They provide practical, effective solutions for securing their clients' enterprise computing infrastructures. They develop network security architectures, perform network penetration testing, develop security policies, and provide emergency response to hacker attacks.

@stake

Split into two segments, the research arm occupied the vacuum left by the implosion of the l0pht. A little infighting here, a little dirty laundry there. An interesting event was the alliance with crypto and security luminary Bruce Schneier and Counterpane. Of course, it was acquired by Symantec (@stake, not Counterpane).

ISC2 CISSP Home Page

International Information Systems Security Certification Consortium. If you want certifications, this is the one to get.

Winn Schwartau's InfoWar.Com

InfoWar.Com is the premier resource on Information Warfare in its many guises. Well, maybe. There are lots of nasty graphics ... You've been warned (I hate animated GIFS and JavaScript).

Virus Scanners

You already know about Norton and McAfee. No sense even mentioning them. Here's a bunch you didn't know about (in no particular order).

Trend Micro

Award-winning virus protection plus firewall, anti-spyware and much more!

Trend Micro Incorporated is a global leader in network antivirus and Internet content security software and services. Founded in 1988 by Steve Chang, the company led the migration of virus protection from the desktop to the network server and the Internet gateway, gaining a reputation for vision and technological innovation along the way. Trend Micro focuses on outbreak prevention and on providing customers with a comprehensive approach to managing the outbreak lifecycle and the impact of network worms and virus threats to productivity and information, through such initiatives as Trend Micro Enterprise Protection Strategy.

Kaspersky Labs

We develop, produce and distribute information security solutions that protect our customers from IT threats and allow enterprises to manage risk. We provide products that protect information from viruses, hackers and spam for home users and enterprises and offer consulting services and technical support.

Founded in 1997, Kaspersky Lab is an international information security software vendor. Kaspersky Lab is headquartered in Moscow, Russia and has regional offices in the UK, France, Germany, the Netherlands, Poland, Japan, China, and the United States. Further expanding the company's reach is its large partner network comprising over 500 companies globally.

Our products are certified by West Coast Labs and regularly receive awards from leading IT publications and testing labs. In 2003 we received the Microsoft Gold Certified Partner status for Security Solutions. Kaspersky Lab is also a proud partner of SUSE and Red Hat. Experts from Kaspersky Lab are active in IT associations such as CARO (Computer Antivirus Research Organization) and ICSA (International Computer Security Association).

Clam Anti Virus

Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. Most importantly, the virus database is kept up to date.

Fortinet

Fortinet was founded in 2000 by Ken Xie, the visionary founder and former president and CEO of NetScreen, later sold to Juniper for more than $3.5 billion. The company is privately held and headquartered in Sunnyvale, California, with customer support, development and sales facilities throughout North America, Europe and Asia to ensure continuous customer success.

Using Fortinet's ASIC innovation and performance acceleration capabilities, FortiGate Systems detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance. Fortinet's FortiGate systems provide the industry's broadest suite of security protections in a single platform - including firewall, VPN, antivirus, intrusion prevention (IPS), Web filtering, antispam, antispyware, and traffic shaping. These products and subscription services have won the industry's largest number of awards and certifications, and continue to lead the performance benchmarks for either individual 'best in class security applications' or as an integrated Unified Threat Management (UTM) solution

Panda Security

Founded in 1990 in Bilbao, Spain, Panda Software is privately owned and has been self-financed from the start. With a strong focus on innovation and research, it became a market leader in Spain in 1995 and started its international expansion in 1996. Today the company maintains its international headquarters in Bilbao and Madrid, and counts on a network of 3 subsidiaries (USA, Spain, France), a joint-venture in China and 46 exclusive franchises in as many countries around the world. The company sells its products and services to consumers and businesses in over 200 countries around the world.

Panda Software is a leading developer and provider of integrated security solutions to combat viruses, hackers, Trojans, spyware, phishing, spam and other Internet threats . With its state-of-the-art TruPrevent(tm) Technologies, Panda Software's innovative solutions offer a higher return on investment by keeping customers protected even against new threats which have not yet been identified. PandaLabs, the fastest laboratory in the industry in releasing complete updates to users, provides 24x7, year round response to malware worldwide.

Sophos

Founded in 1985, Sophos is a privately owned company, based in newly built 32 million pounds global headquarters in Abingdon, close to Oxford, in the UK. It has subsidiaries and branch offices in the USA, Australia, Canada, France, Germany, Italy, Japan and Singapore.

Built over 20 years, our expertise in countering evolving threats, and our visibility of emerging threats through our worldwide network of SophosLabs(tm) allow us to be the most responsive of the major security companies in detecting and resolving new threats.

ActiveState, a division of Sophos, is the leading provider of tools and services for dynamic languages such as Perl, PHP, Python, Tcl and XSLT. Over two million developers rely on ActiveState's professional development tools, high-quality language distributions and enterprise services. For more information, visit the ActiveState website.

Sybari: Antigen

Sybari Software, Inc., provides enterprise class protection of messaging and collaboration infrastructures for over 9,000 organizations around the world. With over 9 million users currently protected by Sybari technologies, including 20 percent of Fortune 500 companies worldwide, Sybari continues to be a force in the secure messaging space. Sybari solutions have been selected by many of the largest and most complex messaging infrastructures globally for their scalability and inherent network protection. Sybari's proven experience and breadth of products empower the leading financial, government, healthcare, service providers, and educational institutions by delivering solutions that optimize communications and employee productivity.

Using a Microsoft-approved method, Antigen (c) for SMTP Gateways scans inbound and outbound messages at the SMTP stack in real time. It provides a multi-layered approach to protecting the infrastructure from viruses at the gateway, relay, and routing servers, keeping threats out of the more vulnerable areas of the network.

Okay, you're just going to have to trust me on this one. Even though the description above is for SMTP gateways, Antigen comes in all flavors. Hit the web site for more info.

F-Secure

F-Secure Anti-Virus Client Security provides centrally managed threat protection by integrating antivirus, firewall, intrusion prevention and antispyware for corporate desktop and laptop computers.

This list is by no means complete, but at least you have a few more choices than the same old two.

Security Conferences

Usenix Events Calendar

Search for security. There's always something (and don't forget LISA).

The RSA Conference

The RSA (c) Conference provides a forum for information security professionals to learn, network and grow professionally with thousands of your peers, industry experts and leaders, all under one roof. The largest and most comprehensive of its kind, the RSA Conference brings together like minds and visionaries to exchange and collaborate in a dynamic, authoritative setting.

SANS ... System Administration and Network Security

The SANS Institute is a cooperative research and education organization through which more than 26,000 system administrators, security professionals, and network administrators share the lessons they are learning and find solutions for challenges they face. They have LOTS of conferences

National Information Systems Security Conference

Presented by the National Institute of Standards and Technology, National Computer Security Center. These conferences are no more, but the archives from 1977 to 2000 are still available.

The Black Hat Briefings

Brought to you by the same folk who bring you DefCon.

The Feds (Why Not?)

Central Intelligence Agency

The Central Intelligence Agency was created in 1947 with the signing of the National Security Act by President Harry S. Truman. The act also created a Director of Central Intelligence (DCI) to serve as head of the United States intelligence community; act as the principal adviser to the President for intelligence matters related to the national security; and serve as head of the Central Intelligence Agency. The Intelligence Reform and Terrorism Prevention Act of 2004 amended the National Security Act to provide for a Director of National Intelligence who would assume some of the roles formerly fulfilled by the DCI, with a separate Director of the Central Intelligence Agency.

Defense Information Systems Agency (DISA)

Core Services: Acquisition, Computing Services, Enterprise Services, NetOps, Network Services, and Net-Centric Enterprise Services.

Defense Intelligence Agency (DIA)

The mission of the DIA is to provide timely, objective, and cogent military intelligence to warfighters, defense planners, and defense and national security policymakers.

Their vision is the integration of highly skilled intelligence professionals with leading edge technology to discover information and create knowledge that provides warning, identifies opportunities, and delivers overwhelming advantage to our warfighters, defense planners, and defense and national security policymakers.

National Security Agency/Central Security Service (NSA/CSS)

The National Security Agency/Central Security Service is America's cryptologic organization. It coordinates, directs, and performs highly specialized activities to protect U.S. government information systems and produce foreign signals intelligence information. A high technology organization, NSA is on the frontiers of communications and data processing. It is also one of the most important centers of foreign language analysis and research within the government. For more information, try the about NSA page.

Federal Bureau of Investigation (FBI)

The mission of the Intelligence Program is to optimally position the FBI to meet current and emerging national security and criminal threats by:

• Aiming core investigative work proactively against threats to U.S. interests,
• Building and sustaining enterprise-wide intelligence policies and capabilities, and
• Providing useful, appropriate, and timely information and analysis to the national security, homeland security and law enforcement communities.

The very heart of FBI operations lies in our investigations--which serve, as our mission states, "to protect and defend the United States against terrorist and foreign intelligence threats and to enforce the criminal laws of the United States."

Publishers

Paladin Press

Paladin Press has been called "the most dangerous press in America." Replaced Index Publishing Group (NOTE: many of our books contain information on products, techniques, and technologies which may be considered immoral or even illegal.) Unsuccessful defender against a recent lawsuit.

Information Security Magazine

Hey, I don't recommend 'em, but some of the stuff's not too bad. Besides, they're free. The also have a Daily News Wire from InfoSecMag.