Stuff which hasn't (yet) made the grade
You should only be reading this after you are sure you've read everything else
to skip my warning.
This is where I've put stuff that,
Read at your own risk. This section isn't even complete, I certainly
have files that I haven't bothered to move to here. On the other hand
just because something is here doesn't mean its poor, it might mean I
just haven't had time to look at it or that I couldn't quite decide.
Similarly stuff on my main page may be duplicated here.
- I've not had time to look at or try out properly, if at all,
- Is probably not useful to most people,
- Is wrong or inaccurate - misinformation is a problem when it comes to unix
- Is too trivial.
I have put some effort into separating the wheat from the chaff when putting
together my page. If you are a beginner at unix security allow me to tell
you that the files on the main page ARE useful, you should
spend time trying to understand them before wasting your time here.
The criteria I tend to use for the main page is "will it enable me to break
into unix computers?". If you think something here deserves to be on
my main page please
to tell me.
You're on your own now, don't even believe everything that I say! ;-)
A cgi hole
- details of a hole in a cgi that some WWW sites may use, includes
exploit details (WWW holes aren't something I've looked at myself yet).
- flaws with a system of one time use passwords.
- Security Problems in the TCP/IP Protocol Suite by S.M.Bellovin. This is
fairly old but many of the points raised may still be valid today. (Written
at a time when people thought security was all about disabling finger and
making sure your system wasn't vunnerable to the attacks used by the great
Internet worm. Not forgetting orange book security classifications of course
- a load of documents I found at ftp.ox.ac.uk, and no, I haven't had time
to read them all. I no longer have these locally but you can still get them
- a page that someone has on Linux security (BTW I do
unix/net/hack page main index