Links

small blue-green world

publishing for IT security

LINKS

This is a slightly untidy, random security links page we put up, just so that you could have something useful to look at while we put this site together.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A
Anti-Spyware Coalition - http://www.antispywarecoalition.org/index.htm
Anti-Virus Information Exchange Network - http://www.avien.org/
Anti-Virus Information & Early Warning System (AVIEWS): http://www.aviews.net
AV-Test/University of Magdeburg - http://www.av-test.org/
AVAR (Association of anti Virus Asia Researchers) - http://www.aavar.org/

C
CARO (Computer Antivirus Research Organization) - http://www.caro.org/tiki-index.php
Center for Education and Research in Information Assurance and Security:
http://www.cerias.purdue.edu/
http://www.cerias.purdue.edu/tools_and_resources/hotlist/

CERTs etc.
AusCERT: http://www.auscert.org.au/
FrSirt: http://www.frsirt.com/english/mailing.php
National Infrastructure Security Co-ordination Centre (NISCC): http://www.niscc.gov.uk/niscc/index-en.html
http://www.niscc.gov.uk/niscc/alerts-en.html
http://www.niscc.gov.uk/niscc/briefings-en.html
http://www.niscc.gov.uk/niscc/techNotes-en.html
http://www.niscc.gov.uk/niscc/currentAdvice-en.html
http://www.niscc.gov.uk/niscc/warpInfo-en.html
http://www.warp.gov.uk/
http://www.itsafe.gov.uk
US CERT et al
http://www.us-cert.gov/nav/t01/ - tech users
http://www.us-cert.gov/nav//nt01/ - non-tech users
http://www.us-cert.gov/federal/ - US Govt. users
http://www.us-cert.gov/cas/signup.html - mailing lists
http://www.us-cert.gov/reading_room/ - publications
http://www.us-cert.gov/resources.html
INFOCON Mailing List: http://www.iwar.org.uk
http://www.iwar.org.uk
http://www.cert.org/nav/index.html
http://www.first.org/ Forum of Incident Response and Security Teams
http://www.cyberpartnership.org/ National Cyber Security Partnership

CME naming scheme - http://cme.mitre.org/
“provides single, common identifiers to new virus threats to reduce public confusions during malware outbreaks. CME is not an attempt to solve the challenges involved with naming schemes for viruses and other forms of malware, but instead aims to facilitate the adoption of a shared, neutral indexing capability for malware.”

Common Vulnerabilities and Exposures (CVE®) - http://www.cve.mitre.org/
“A list of standardized names for vulnerabilities and other information security exposures — CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.”

Common Criteria - http://www.commoncriteriaportal.org/public/consumer/

Computer Associates Virus Information Center - http://ca.com/virusinfo

E
EICAR (originally the European Institute for Computer Antivirus Research) http://www.eicar.org/
EICAR test file: http://www.eicar.org/anti_virus_test_file.htm
Elsevier eNews: http://books.elsevier.com/computerscience

F
FREEBSD security: http://www.freebsd.org/security/
F-Secure - http://www.f-secure.com/virus-info/; http://www.f-secure.com/weblog/

G
Sarah Gordon’s papers - http://www.badguys.org/papers.htm

I
ICSAlabs/Cybertrust - https://www.icsalabs.com/icsa/icsahome.php
IBM Antivirus Research - http://www.research.ibm.com/antivirus/
InfoSecurity Exhibition - http://www.infosec.co.uk
http://www.infosec.co.uk/page.cfm/Action=ExhibitorLibrary/libraryID=20/t=m

L
Linux: http://www.linuxsecurity.com/
http://www.linuxsecurity.com/content/blogcategory/0/76/ - advisories
http://www.linuxsecurity.com/content/view/101892/155/ - resources
http://www.linuxsecurity.com/content/view/86098/68/ - newsletters
http://packetstorm.linuxsecurity.com/
http://packetstorm.linuxsecurity.com/assess/
http://packetstorm.linuxsecurity.com/alladvisories/
http://packetstorm.linuxsecurity.com/papers/
http://www2.packetstormsecurity.org/cgi-bin/cbmc/forums.cgi

M
Mac -
http://www.securemac.com/
http://www.apple.com/support/security/
http://www.apple.com/macosx/features/security/
http://docs.info.apple.com/article.html?artnum=61798 [updates]
http://lists.apple.com/mailman/listinfo/security-announce
http://smallblue-greenworld.co.uk/
http://macvirus.com/

Microsoft -
http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
http://www.microsoft.com/security/default.mspx
http://www.microsoft.com/security/bulletins/alerts.mspx
http://www.microsoft.com/technet/security/bulletin/notify.mspx
http://www.microsoft.com/technet/security/default.mspx
http://msmvps.com/blogs/donna
http://msmvps.com/blogs/donpatterson
http://spaces.msn.com/members/safetycenter
http://spaces.msn.com/members/windowsonecare

N
Network tools
http://www.samspade.org/
http://www.samspade.org/d/tools.html
http://www.samspade.org/t
http://www.ripe.net
http://www.zoneedit.com/lookup.html?ad=goto&kw=nslookup
http://www.dnsstuff.com/
http://www.honeynet.org/
http://www.ripe.net/tools/
http://www.whois.net/
http://www.cymru.com/

NIST (National Institute of Standards & Technology)- http://csrc.nist.gov/publications/fips/index.html http://www.penetration-testing.com/?source=adwords

S
SANS -
http://www.sans.org/newsletters/
http://www.sans.org/rr/ - reading room
http://isc.sans.org/ - Internet Storm Center

SC Magazine -
http://content.hbpl.co.uk/subscribe1/?cmp=668
http://www.scmagazine.com/

SecurityFocus Newsletters-
http://www.securityfocus.com/newsletters (SFNews, Microsoft News, Linux News)

SecurityFocus virus papers -
http://www.securityfocus.com/virus
http://www.securityfocus.com/archive/1 - BugTraq archive
http://www.securityfocus.com/vulnerabilities
http://www.securityfocus.com/tools
http://www.securityfocus.com/columnists
http://www.securityfocus.com/archive - Mailing Lists

Sophos white papers - http://www.sophos.com/virusinfo/whitepapers/
Peter Szor’s papers – http://www.peterszor.com/

T
Team Anti-Virus - http://www.teamanti-virus.org/

V
VGrep -
http://www.virusbtn.com/resources/vgrep/index.xml [need to register on web site] “VGrep is a system designed to help clear up some of the confusion surrounding the naming of viruses. It works by running scanners across a large collection of virus-infected files, and parsing their output into a simple text database.”

Virus Bulletin -
http://www.virusbtn.com/
http://www.virusbtn.com/virusbulletin/subscriptions/index [Online magazine includes Spam Bulletin]
http://www.virusbtn.com/conference/overview/index [Conference]

Virus Research Unit, University of Tampere - http://www.uta.fi/laitokset/virus/ Virus Test Centre, University of Hamburg - http://agn-www.informatik.uni-hamburg.de/vtc/naveng.htm

VirusTotal -

http://www.virustotal.com/flash/index_en.html
“Virustotal offers a free service for scanning suspicious files using several antivirus engines. [snip]

Attach the file to be scanned. Such file must not exceed 10 MB in size. If the attached file is larger, the system will reject it automatically.
You will receive an email with a report of the file analysis. Response time will vary depending on the load of the system at the time of placing your request. “

http://virusscan.jotti.org/ offers a somewhat similar service to Virustotal.

Virus Information Databases -
F-Secure: Security Information Center - http://www.europe.f-secure.com/virus-info/
McAfee AVERT Virus Information Library - http://vil.nai.com/vil/default.asp
Sophos virus analyses - http://www.sophos.com/virusinfo/analyses/
Symantec Security Response - http://securityresponse.symantec.com/avcenter/vinfodb.html
Trend Micro Virus Encyclopedia - http://www.antivirus.com/vinfo/virusencyclo/

W
West Coast Labs/Checkmark Information Security Testing & Evaluation – http://www.westcoastlabs.org

Wildlist Organization International - http://www.wildlist.org/

This page was last updated on 26th June 2007.