IT Security News...


Viruses, Worms, Trojans, Spyware and Spam

Anti-Virus Information Exchange Network (AVIEN)
Anti-Virus Information & Early Warning System
International on-line communities dedicated to a cooperative, grassroots information sharing effort to reduce the impact of malicious code and other related vulnerabilities.
http://www.avien.org

F-Secure Computer Virus Information Center
Considered the industry standard source for up-to-date information on new viruses and hoax alerts.
http://www.f-secure.com/v-descs

Symantec Security Response
A synopsis of the latest virus-related threats discovered by Symantec Security Response.
http://securityresponse.symantec.com/

Viruslist
Contains a large collection of virus signatures.
http://www.viruslist.com

The Spyware Guide
Provides an all inclusive and updated resource on spy ware applications, what they do and how they’re used. It also includes an extensive database of all known spy software and adware applications and contact information as well as other privacy related products.
http://www.spywareguide.com

Anti-Phishing Working Group (APWG)
APWG is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing and email spoofing of all types.
http://www.antiphishing.org/index.html

SPAMHAUS
Spamhaus tracks the Internet's Spammers, Spam Gangs and Spam Services, provides dependable realtime anti-spam protection for Internet networks, and works with Law Enforcement to identify and pursue spammers worldwide.
http://www.spamhaus.org/index.lasso

BlueJackQ
The world's first and most authoritative website dedicated to bluejacking.
http://www.bluejackq.com/

Federal and Private Resource Centers

Forum of Incident Response and Security Team (FIRST)
FIRST is the premier organization and recognized global leader in incident response. Membership in FIRST enables incident response teams to more effectively respond to security incidents - reactive as well as proactive.
http://first.org

US Department of Justice
The Computer Crime and Intellectual Property Section (CCIPS)
CCIPS focus exclusively on the issues raised by computer and intellectual property crime.
http://www.cybercrime.gov

National Security Agency (NSA) Security Recommendation Guides
These guides are currently being used throughout the government and by numerous entities as a security baseline for their computers systems.
http://www.nsa.gov/snac

NIST Federal Agency Security Practices (FASP)
The FASP effort was initiated to identify, evaluate, and disseminate best practices for CIP and security.
http://csrc.nist.gov/fasp

National Institute of Standards and Technology (NIST)
Computer Security Resource Center (CSRC)
The mission of NIST's CSRC is to improve information systems security by raising awareness of IT risks, researching, studying, advising agencies of IT vulnerabilities, developing standards, metrics, tests and validation programs and developing guidance to increase secure IT planning, implementation, management and operation.
http://csrc.nist.gov

The US Computer Emergency Readiness Team (US-CERT)
US-CERT is a partnership between the Department of Homeland Security and the public and private sectors. Established to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.
http://www.us-cert.gov

The Computer Emergency Response Team Coordination Center (CERT/CC)
The CERT/CC is a major reporting center for Internet security problems. It also analyzes product vulnerabilities, publishes technical documents, and presents training courses.
http://www.cert.org

E-Liberty
E-Liberty is dedicated to the advancement of computer information security and the unbiased propagation of such knowledge to professionals and novices alike. To achieve this goal, E-Liberty is committed to aggregating all information related to computer information security and making it readily available to anyone interested.
http://www.e-liberty.org

The Open Web Application Security Project (OWASP)
OWASP is an all-volunteer group that produces free, professional-quality, open-source documentation, tools, and standards. The OWASP community facilitates conferences, local chapters, articles, papers, and message forums.
http://www.owasp.org/index.jsp

Federal Information Security Management Act (FISMA) Implementation Project
Protecting the Nation's Critical Information Infrastructure. The Project mission is to promote the development of standards and guidelines to support the Federal Information Security Management Act (FISMA).
http://csrc.nist.gov/sec-cert

AntiOnline
AO is a worldwide community of security, network and computer professionals, students and keen amateurs who come here to learn the principles and details of computer/network security.
http://antionline.com

The Common Criteria Evaluation and Validation Scheme (CCEVS)
The focus of the CCEVS is to establish a national program for the evaluation of information technology products for conformance to the International Common Criteria for Information Technology Security Evaluation.
http://niap.nist.gov/cc-scheme

The Internet Crime Complaint Center
IC3's mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations.
http://www.ic3.gov/

Microsoft Security
The Microsoft Windows security update addresses newly discovered issues with Microsoft programs.
http://www.microsoft.com/security

Multi-State Information Sharing and Analysis Center (MS-ISAC)
The MS-ISAC provides a central resource for gathering information on cyber threats to critical infrastructure from the states and providing two-way sharing of information between and among the states and with local government..
http://www.msisac.org/

Malware Threat Center
The data produced on this site is automatically generated each morning, and summarizes our latest observations of malware activity. We provide you this data as is, and without warranty, for your personal research purposes.
http://www.mtc.sri.com/

The Institute for Security and Open Methodologies (ISECOM)
ISECOM is an open-source collaborative community since January 2001 with non-profit status in the USA and Spain providing practical security awareness, research, certification and business integrity.
http://www.isecom.org/

OnGuard Online
OnGuardOnline.gov provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.
http://onguardonline.gov/index.html

Build Security In
Build Security In (BSI) contains and links to best practices, tools, guidelines, rules, principles, and other resources that software developers, architects, and security practitioners can use to build security into software in every phase of its development.
https://buildsecurityin.us-cert.gov/daisy/bsi/home.html

newStopBadware.org
StopBadware.org is a partnership among academic institutions, technology industry leaders, and volunteers, all of whom are committed to protecting Internet and computer users from the threats to privacy and security that are caused by bad software.
http://stopbadware.org/

newEuropean Network and Information Security Agency (ENISA)
The objective is to make ENISA’s web site the European ‘hub’ for exchange of information, best practices and knowledge in the field of Information Security.
http://www.enisa.europa.eu/

Vulnerability Assessment/Penetration Testing and Security Tools

Search for Vulnerabilities
Enter vendor, software, or keyword

SANS TOP 20 LIST
The Twenty Most Critical Internet Security Vulnerabilities
Four years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list, and the expanded Top-20 lists that followed one, two, and three years later, to prioritize their efforts so they could close the most dangerous holes first. The vulnerable services that led to worms like Blaster, Slammer, and Code Red have been on these lists.

CIS
Benchmarks and Scoring Tools
CIS Benchmarks enumerate security configuration settings and actions that "harden" your systems.
http://www.cisecurity.org/

Web Application Security Consortium (WASC)
WASC is an international group of experts, industry practitioners, and organizational representatives who produce open source and widely agreed upon best-practice security standards for the World Wide Web..
http://www.webappsec.org

NIST National Vulnerability Database (NVD)
NVD is a comprehensive cyber security vulnerability database that integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources. It is based on the CVE vulnerability naming standard.
http://nvd.nist.gov

Metasploit
Metasploit provides useful information to people who perform penetration testing, IDS signature development, and exploit research.
http://www.metasploit.com/

Top 100 Network Security Tools
From the creator of NMAP this is list of 100 Network Security Tools.
http://sectools.org/

The Secunia Personal Software Inspector (PSI)
The Secunia PSI is the FREE security tool that is designed with the sole purpose of helping you secure your computer from software vulnerabilities.
https://psi.secunia.com/

Nessus*
The "Nessus" Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner.
http://www.nessus.org

Nmap*
Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing.
http://www.insecure.org

Snort
Snort is an Open Source Network Intrusion Detection System.
http://www.snort.org

Cheops*
Cheops-ng is a Network management tool for mapping and monitoring your network. It has host/network discovery functionality as well as OS detection of hosts.
http://cheops-ng.sourceforge.net

newSecunia Personal Software Inspector*
The Secunia PSI is an invaluable tool for you to use when assessing the security patch state of software installed on your system.
http://secunia.com/vulnerability_scanning/personal/

Wireshark*
Wireshark is an award-winning network protocol analyzer developed by an international team of networking experts.
http://www.wireshark.org

PhoneSweep
Phonesweep was the world's first commercial wardialer. It's the most popular commercial telephone scanner in the world today.
http://www.phonesweep.com

Security Auditor's Research Assistant (SARA)*
SARA is a third generation Unix-based security analysis tool.
http://www-arc.com/sara

Super Scan*
Super Scan is a powerful connect-based TCP port scanner, pinger and hostname resolver. Perform ping scans and port scans using any IP range or specify a text file to extract addresses from. Scan any port range from a built in list or specified range. Resolve and reverse-lookup any IP address or range.
http://www.snapfiles.com/get/superscan.html

Bot Hunter*
BotHunter is a passive network monitoring tool designed to recognize the communication patterns of malware-infected computers within your network perimeter.
http://www.bothunter.org/

WinCap*
WinPcap is an architecture for packet capture and network analysis for the Win32 platforms.
http://winpcap.polito.it

LogWatch*
Logwatch is a customizable log analysis system. Logwatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require.
http://www.logwatch.org

John the Ripper*
John the Ripper is a fast password cracker, currently available for many flavors of Unix.  Its primary purpose is to detect weak Unix passwords.
http://www.openwall.com/john

OpenSSH*
OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods.
http://www.openssh.com

PuTTY*
PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator.
http://www.chiark.greenend.org.uk/~sgtatham/putty/

Tripwire*
Tripwire software is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc.
http://www.tripwire.org

Kismet*
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
http://www.kismetwireless.net

NetStumbler*
NetStumbler is a Windows tool that allows you to discover 802.11b (and 802.11a, if using Windows XP) wireless LANs. It includes GPS integration and a simple, intuitive user interface.
http://www.stumbler.net

AirSnort*
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
http://airsnort.shmoo.com

DShield.org
DShield.org is an attempt to collect data about cracker activity from all over the internet. This data will be cataloged and summarized. It can be used to discover trends in activity and prepare better firewall rules.
http://www.dshield.org/

Sophos FREE Tools*
These tools can be used by everyone to reduce vulnerabilities and threats in their systems. They are free downloads that utilize our most up-to-date technologies and information.
http://www.sophos.com/products/free-tools/

The Multi Router Traffic Grapher (MRTG)*
MRTG is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing graphical images which provide a LIVE visual representation of this traffic. It is based on Perl and C and works under UNIX and Windows NT.
http://www.mrtg.org

Common Vulnerabilities and Exposures
A list of standardized names for vulnerabilities and other information security exposures.
http://www.cve.mitre.org

Packet Storm Security
Packet Storm offers an abundant resource of up-to-date and historical security tools comprised of security professionals that are dedicated to providing the information necessary to secure the networks world-wide
http://packetstormsecurity.org

Password Safe*
Password Safe protects passwords with the Blowfish encryption algorithm, a fast, free alternative to DES. The program's security has been thoroughly verified by Counterpane Labs under the supervision of Bruce Schneier, author of Applied Cryptography and creator of the Blowfish algorithm.
http://www.schneier.com/passsafe.html

Netcraft Toolbar
An Internet Explorer toolbar, which protects users against phishing sites. Whether a phishing site is reported via the toolbar or through some other channel, Netcraft blocks access for everyone using the Netcraft toolbar..
http://toolbar.netcraft.com/

Education and Training

Forward Edge II
Forward Edge is an interactive, computer based training program which takes the next step in training law enforcement officers to conduct electronic crime investigations.
http://www.forwardedge2.usss.gov/default.aspx

Educause
Educause is a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology.
http://www.educause.edu/Browse/645?parent_id=702

GetNetWise
GetNetWise represents the collective efforts of a broad-based coalition of companies, public interest organizations, non-profits and trade associations all committed to empowering Internet users with the tools they need to keep their Internet experience positive, safe and secure.
http://getnetwise.org

Federal Information Systems Security Educators’ Association (FISSEA)
FISSEA’s mission is to encourage the professional development of members to result in an elevated level of information systems security awareness, training, and education; and facilitate a meaningful exchange of related information.
http://csrc.nist.gov/organizations/fissea/index.html

Department of Defense Cyber Crime Center (DC3)
DC3 was created to better address the proliferation of computer crimes within or directed at the United States Department of Defense. The DC3 has three main programs. The DoD Computer Forensics Laboratory (DCFL), DoD Computer Investigations Training Program (DCITP) and DoD Cyber Crime Institute (DCCI).
http://www.dc3.mil

SANS' Information Security Reading Room
Featuring over 1,000 original computer security white papers in 70 different categories.
http://www.sans.org/rr

ZDNet IT Directory
ZDNet IT Directory is the Web's largest library of technical white papers, Webcasts, and case studies.
http://itpapers.zdnet.com/?tag=zd.ft.fs.whitepapers

The Center for Education and Research in Information Assurance and Security (CERIAS)
CERIAS is currently viewed as one of the world's leading centers for research and education in areas of information security that are crucial to the protection of critical computing and communication infrastructure.
http://www.cerias.purdue.edu

The Honeynet Project
The Honeynet Project is a non-profit research organization of security professionals dedicated to information security.
http://www.honeynet.org

Department of Defense Information Assurance Support Environment (DoD IA)
The DoD IA Portal provides a customized, personalized, ever-changing mix of news, resources and tools/applications for everyone in the DoD IA.
http://iase.disa.mil/index2.html

Government Security – Network Security Resources
The site is a resource for government and military employees to learn security tactics and information.
http://governmentsecurity.org

Open Source Vulnerability Database (OSVDB)
OSVDB is an independent and open source database created by and for the community. Their goal is to provide accurate, detailed, current, and unbiased technical information.
http://www.osvdb.org

The Center for Internet Security
CIS provides methods and tools to improve, measure, monitor, and compare the security status of your Internet-connected systems and appliances.
http://www.cisecurity.org

ITToolbox Security Knowledge Base
ITtoolbox is a collaborative network of IT best practices and knowledge, powered by the world’s largest community of IT and business professionals. As a community-driven network, ITtoolbox is uniquely positioned to provide the most accurate picture of the IT market in a professional, unbiased format.
http://security.ittoolbox.com/

Information System Security  - InfoSysSec
Comprehensive computer and network security resource for Information System Security Professionals.
http://www.infosyssec.org/infosyssec/index.html

International Information Systems Security Certification Consortium, Inc. (ISC2)
ISC2 is the non-profit international leader dedicated to training, qualifying and certifying information security professionals worldwide.
https://www.isc2.org

The Computer Security Institute (CSI)
CSI is the world's leading membership organization specifically dedicated to serving and training the information, computer and network security professional.
http://www.gocsi.com

InfraGard
InfraGard’s goal is to improve and extend information sharing between private industry and the government, particularly the FBI, when it comes to critical national infrastructures.
http://www.infragard.net

The Hacker’s Choice (THC)
THC is a group of international experts involved in network and system security. The major focus of THC is to investigate and analyze common security solutions and propose concepts for circumventing security mechanisms.
http://www.thc.org

Operating Systems Security

Linux Security
The site is designed to serve as the primary Internet-based source of information, insight and news relating to Linux and Open Source security issues, and is driven by the security needs of the users of the site.
http://www.linuxsecurity.com

Internet Tools

Internet Firewall (ZoneAlarm©)*
ZoneAlarm blocks dangerous Internet threats, guarding your PC from many of the tactics used by hackers and data thieves.
http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=home_zainf

Nikto*
Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 2600 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers.
http://www.cirt.net/code/nikto.shtml

K9 Web Protection
Free Internet filtering and control solution for the home. K9 puts YOU in control of the Internet so you can protect your kids.
http://www1.k9webprotection.com/

Virtual Network Computing (VNC)*
VNC is a remote control software which allows you to view and interact with one computer (the "server") using a simple program (the "viewer") on another computer anywhere on the Internet.
http://www.realvnc.com

BrowserSpy*
BrowserSpy can tell you all kinds of detailed information about you and your browser. Furthermore it can provide you detailed information about JavaScript, Java, Plug-ins, Components, Bandwidth, Language, Screen, Hardware, IP, Cookies, Web Server, and much more.
http://gemal.dk/browserspy

GuideScope*
GuideScope is a service that works with your browser to help you block out ads and Web bugs.
http://www.guidescope.com/home/

SpoofStick*
SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites.
http://www.corestreet.com/spoofstick/index.html

StegoArchive.Com*
The site contains an archive of steganography tools. These tools can hide any type of file in bitmap images, text files, HTML files or Adobe PDF files.
http://www.stegoarchive.com

Snow*
The program snow is used to conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. And if the built-in encryption is used, the message cannot be read even if it is detected.
http://www.darkside.com.au/snow

Blogs, News and Publications

Security Fix
This blog authored by Brian Krebs offer pointers on how stay safe online, updating you on computer security developments as they arise -- Internet scams, innovative viruses and worms, useful security tools and resources, and important security patches for popular software titless.
http://blog.washingtonpost.com/securityfix/

Security Pipeline
A publication for IT professionals that delivers breaking news, security alerts, reviews, product announcements, in-depth product research tools, expert advice and analysis, insights into industry trends, and hands-on how-to details.
http://www.securitypipeline.com

Computerworld Security Knowledge Center
Delivering up-to date information on computer security, products and industry trends.
http://www.computerworld.com/securitytopics/security

War Driving
Delivering news and information about wireless networks.
http://www.wardriving.com

SNP Security News Portal
The security news portal for information system security professionals.
http://www.securitynewsportal.com/index.shtml

Infosec Writers
Most of the site’s content is generated by people willing to share their knowledge and experiences on the various aspects of security/hacking via original white papers, articles and projects.
http://www.infosecwriters.com

Other Interesting Sites

Stay Safe Online 
This website gives you the information needed to secure your computer. You’ll find tips on how to safeguard your system, a self-guided cyber security test educational materials and other Internet resources, as well as valuable information from our supporting organizations.
http://www.staysafeonline.info/

Federal and State Public Records
http://crimetime.com

Spam Mimic
This site gives you access to a program that will encrypt a short message into spam. Basically, the sentences it outputs vary depending on the message you are encoding. Your messages will be safe and nobody will know they're encrypted!
http://spammimic.com

* = FREE.

Thanks to the National Institute of Standards and Technology (NIST) for their inclusion of our website in its Federal Agency Security Practices (FASP) website.
Please visit: http://csrc.nist.gov/pcig/ppsp.html for more information.

SPECIAL THANKS TO THE FOLLOWING ORGANIZATIONS and INDIVIDUALS
FOR THEIR SUPPORT

felix

Updated 10/10/09
Disclaimer
New Websites Added


Email: felix@uribe100.com

 
VIRUS ALERT

VIRUS MAP
EN ESPAñOL

Como Proteger su Computadora en Contra de "Hackers" y Programas Maliciosos

Articulo en PDF

Open Source/Freeware
FREE Network Access Control
FREE IDS/IPS Systems

Uribe100.com is Sponsored by



and

 

 

Send me One Million FREE Guaranteed Visitors

 

Protecting your Personal Computer


(PDF File)

 

 

 

Use OpenOffice.org 

  

NEW YORK RESIDENTS!

MERCY
Now offering in New York:
Information Assurance and Security
BS/MS Degrees... Visit us now!

 

Comments?
felix@uribe100.com

Let's Talk!
OUR BLOG!

 
 

"People shouldn't be afraid of their Governments, Governments should be afraid of their People"