Web Spoofing
Web spoofing allows an attacker to create a “shadow copy” of a website.
Accesses to the shadow Web are funneled through the attacker’s machine,
allowing the attacker to monitor all of the victim’s activities including
any passwords or account numbers the victim enters.
In short, the attacker observes and controls everything the victim does on the Web.
Click here->Web Spoofing White Paper
Open-Source Security Testing Methodology Manual
ISECOM, the Institute for Security and Open Methodologies is a Non-Profit
Organization seeking to exceed international legislation and regulations
regarding security as well as those from many participating organizations
to assure compliancy.
Click here->
ISECOM Manual |
ISECOM Website
Securing Your Web Browser
This paper will help you configure your web browser for safer internet surfing.
It is written for home computer users, students, small business workers, and any other
person who works with limited Information Technology (IT) support and broadband (cable modem, DSL)
or dial-up connectivity
Click here->Securing Your Web Browser
Vendor Vulnerability Announcements
Click here->Cisco Security Advisories
Click here->Microsoft Security Advisories
Click here->Oracle Database Patches
Click here->Sun Patches and Updates
Computer Security News Sites
The Register
The Register offers daily news
affecting the internet, IT and
security industries. They typically
offer a dose of dry wit in all of
their stories, while still providing
an informative news coverage.
Click here->
http://www.theregister.co.uk/
Security Focus
SecurityFocus.com is designed to
facilitate discussion on security
related topics, create security
awareness, and to provide one of the
Internet's largest and most
comprehensive database of security
knowledge and resources to the
public.
Click here->http://www.securityfocus.com/
Secunia
This is a nice site that keeps track
of the latest viruses, threats and
vulnerabilities.
Click here->http://secunia.com/advisories/
Infosec Writers
Infosec Writers are online
publishers of information security
papers and projects, working with
established and un-established
writers in the industry. The overall
community has the opportunity to
rate submissions and partake in
related forum discussions.
Click here->http://www.infosecwriters.com/
Start Plaza
A large compilation of security
links including Security News sites,
Security Advisory sites, Security
Scanners, Programming sites,
Anti-virus, Phishing sites, E-Zine
sites, and more. All sites are rated
for quality.
Click here->http://www.startplaza.nu/
Secure Mac
SecureMac.com contains Macintosh
security news, reviews, advisories,
and security tools for Mac OS and OS X.
Click here->http://www.securemac.com/
WindowSecurity.com
Windows security site which provides
Windows security news, articles,
tutorials, software listings and
reviews for information security
professionals covering topics such
as firewalls, viruses, intrusion
detection and other security topics.
Click here->http://www.windowsecurity.com/
Help Net Security
Help Net Security has been online
since 1998. Initially conceived as a
download archive, the site has grown
into a daily updated security
related news site with lots of
additional content.
Click here->http://net-security.org/
SecurityTracker
Security Tracker is a site devoted to tracking security
vulnerabilities, and nothing else.
Click here->http://www.securitytracker.com/
Computer Emergency Response Team
The CERT Coordination Center is part
of the Survivable Systems Initiative
at the Software Engineering
Institute, a federally funded
research and development center at
Carnegie Mellon University.
Originally started by DARPA in 1988,
their primary focus is on incident
response.
Click here->http://www.cert.org/
Government Computer Security Sites
Computer Crime and Intellectual Property Section
CCIPS focuses exclusively on the
issues raised by computer and
intellectual property crime. They
advise federal prosecutors and law
enforcement agents; comment upon and
propose legislation; coordinate
international efforts to combat
computer crime; litigate cases; and
train all law enforcement groups.
Click here->
http://www.cybercrime.gov/
US-Cert
United States Computer Emergency
Readiness Team (US-CERT) is a
partnership between the Department
of Homeland Security and the public
and private sectors. Established in
2003 to protect the nation's
Internet infrastructure, US-CERT
coordinates defense against and
responses to cyber attacks across
the nation.
Click here->
http://www.us-cert.gov/
CSRC
CSRC
is designed to collect and
disseminate computer security
information and resources to help
users, systems administrators,
managers, and security professionals
better protect their data and
systems.
Click here->
http://csrc.nist.gov/
National Vulnerability Database
The NVD is the U.S.
government repository of standards
based vulnerability management data.
This data enables automation of
vulnerability management, security
measurement, and compliance
Click here->
http://nvd.nist.gov/nvd.cfm
