When learning about networking and security, you'll see alot of references to RFCs which are documents that basically describe the operation and features of protocols, ports, standards and practices.  They can be rather cryptically written but with the right guide, you can easily find the information you need.  The RFC Sourcebook is this guide.  With it, you can quickly find out about any RFC or standard relating to TCP/IP, data encapsulation, PPP, etc.  It also contains nice reference guides to the stuff you never use but may need in an extreme situation of diagnosing a network problem, like ICMP codes.  Detailed information can be found regarding anything you can think of related to networking, encryption, authors of RFCs, organizations related to the computing world (like IANA, EFF, ICANN, etc), protocols, etc.

So if you've ever been in need of a quick reference for RFCs, I'd give RFC Sourcebook a serious look.

As you may have noticed, I've had that widget promoting free security magazines and whitepapers through Tradepub.  This is a great site that you can go to and get free subscriptions to all sorts of magazines like Network World, Security Magazine, and Dr. Dobb's Journal, among many more,  There is also a plethora of free whitepapers, webcasts, newsletters, case studies, etc all for free.  This is how I get all my trade publications.  Not only can you get all the IT related material you want, there are lots of other categories with free subscriptions to trade publications for those areas as well.  Oh, and recently Electronic Gaming Monthly started offering free subscriptions there.

One of my favorite magazines is absolutely free all the time, its called INSECURE magazine.  This is one of the better security publications I've ever read.  It is packed full of great information regarding practices, software, information security management, and lots of other security and network related articles.  It is only released bi-monthly so there's a while to wait between issues but there are 16 issues to keep you occupied till the next one comes out.

There is alot of great info to be found in both these resources and you should use them to your advantage.  The more you read and the more you learn, the better equipped you are.

I've read many a programming tutorial and if you've read some, you'll agree that the great majority of them suck. They all just try to tell you what a variable or loop is written in that particular language and that may be useful information for some people, some of us would like a little more contextual relevance. I love tutorials that actually write a program and explain things along the way. This way you get to write a real program, which may or may not be useful to you, and learn how things are really done in that language. This is especially useful if you're treading unfamiliar waters such as learning GUI programming when you're accustomed to CLI programming or learning game programming when you're used to writing database programs.

I've been learning C# lately, just out of the need to know Windows programming so I can make myself more marketable in the job market. I have been following this tutorial which walks you through creating a game in C#. Sure, knowing how to write a game is completely useless in the IT world but this particular tutorial walks you through the Microsoft way of coding C#. It explains and gives examples and hands on exercises with methods (aka functions), classes, AI, polymorphic programming, arrays, and more. This is how a tutorial should be written. Not only is it very informative and comprehensive, its also interesting and rather fun. It really helps when learning a new language to have a) a definite goal and b) an interesting instructor/learning aid.

I'm constantly on the lookout for tutorials of any programming language that follows this archetype. If you know of any, please let me know in the comments.

One of the most important things to do when a program is finished is to run checks to be as sure as possible that there are no memory leaks or buffer overflows/underruns.  Not only does this lower the chance for your program to crash, it lowers the chance of someone finding an exploitable vulnerability that could do any number of things from crashing the program to providing access to the system.  In the programming world of open source and Linux, there are several options for checking your code against this type of flaw.

These errors are caused by programming mistakes, and they happen.  No one writes perfect code 100% of the time so everyone should run some type of tests against their programs.  I've recently been testing a program with valgrind and electric fence to try and find the cause of a specific error that occurs on a specific platform.  Alas, the problem has not been found but I did learn quite a bit about how to test for programming flaws. 

Valgrind should be run on all your program code.  It checks for memory leaks and helps you determine where the errors may be.  Using this is pretty straightforward, Just run valgrind <binary> and it will log all the memory leaks as they happen.

If you know your program has some flaws and you just can't find them, electric fence may be able to lend a hand. Electric fence is used in combination with gcc and gdb to attempt to find the exact line of code where a malloc() overrun or underrun occurs.  While it doesn't always provide a sure-fire explanation of what's going on, it can provide some valuable information about where the problem could reside.  To use electric fence, link efence with -efence in your build line.  The code is then compiled and a binary is created.  Then call gdb <binary> and type run at the gdb shell and recreate the conditions that cause your program to crash. 

There are other options as well.  gcc has its own malloc() debugger built in, but I won't be documenting it here.  If you need more information, a quick Google search can provide much more information about either of these solutions.  Valgrind and electric fence have been highly recommended to me lately and they've been very useful.  Perhaps you can find them as useful as I have.

There have been tools available for many years that allowed you to hide information in everything from text files, images, and audio files, a practice known as steganography.  Before finding MSU StegoVideo, I had never heard of a video steganography solution.

With the increasing volume of video on the net, and the already existing abundance of images and audio, one has to wonder just how much of it is implanted with hidden information.

One of the most important things you can do while studying to be an ethical hacker or security professional of any kind is practice offensive security.  As we all know, we can't do anything illegal but we can still have wargames.  The trick is to find some like-minded people to get together and set up a sandbox network with servers, network connectivity devices, workstations, whatever else you can think of and then the attack machines of the people participating.

Then you can start having wargames.  You should set things up in such a way that people rotate between offensive and defensive roles between each session.  While some people are attacking, some should be trying to defend but you always want to rotate so everyone gets a taste of both sides.  You should then find some good tutorials on the subject and read up on the methodologies and techniques you need to use.  Then have at it.

There are some really good posts 1 2 3 4 on the Anti-online forums.  There is a plethora of good information there and can get you started with your own Wargame sessions.  If you get something like this going, leave a comment and tell us about it!

Want to get into a security career but have no experience hacking into systems?  Head on over to De-ICE.net and download the penetration testing livecds.  They are preconfigured environments that you'll fire up on a machine in your network (has to be a 192.168.1.0 subnet) and attack with your favorite penetration testing tools (Backtrack 2 Final is recommended).  I just finished the first disk and I gotta say, while its a bit simple, its pretty fun.  Its also a great starting point for anyone who has no experience penetrating linux systems.

There are two cds for level one and one cd so far for level 2, its still under development.  You will need a fairly advanced understanding of linux commands and tools to successfully complete any of these disks, but there is good help on the De-ICE forums.  These disks are great fun and very educational if you're interested in Linux security.

Hackosis has put into words the true definition of a hacker.  Many have tried before, but most failed.  The ones that came close told of a similar concept but didn't elaborate enough for most people to understand.  The following questions are put forth, so ask yourself:

1. Do you experience a never ending hunger for information?
2. Do you enjoy solving problems?
3. Do you shoot to kill?
4. Are you never bored?
5. Do you embrace free spirit?
6. Are you compassionate about what you do?
7. Do you do what you enjoy and enjoy what you do?

So?  How do you stack up?  Hacking isn't about breaking into computers and networks.  That's just how the media has sullied the word.  A hacker is someone who is intrigued by how things work and enjoys learning how they work, which is sometimes a difficult task.  Hackers fall into a lifestyle a friend of mine coined a few years ago, "intellectual hedonism".  We enjoy picking apart what most people would consider the most innane systems just to learn how they operate.  Because of this, hackers enjoy a life of accomplishment, whether its known to the world or not.

By the way, this Hackosis blog is amazing.  I've seen alot of hacker blogs around but this is one of the best I've ever seen.  No fluff on this one, it just gets right down to business.

If you plan on being any sort of security professional, you need to know about more than just Windows machines.  Linux is a powerhouse in the network environment and its use will continue to grow.  There are plenty of ways to learn Linux.  For one, you can just go download any distribution and use it for a while.  Keep in mind though that the ones used in production environments tend to be the Redhat/Fedora, SuSE, and Debian distributions or derivatives.

HP has had this website up for a while but their TestDrive service lets you get an account and use one of multiple Linux and UNIX systems, open source AND commercial,  over the internet so you don't even have to do anything to your PC.  The good thing about this is you can jump right in and start using a *nix system and learning about it.  The bad part is you don't get the experience of installing it.  Which could be very easy with the mainstream distributions or very tricky with the less well-known things.  Regardless, you should take steps to learn these systems inside and out.

Defensive and Offensive security go hand in hand.  If you're defending a network, you better know your systems and how to secure and properly configure them.  If you're conducting penetration tests on a network, you better know how to exploit flaws in anything you can get your hands on, including the more obscure OSes like OpenVMS and HP-UX.

There is more than enough information in online forums, IRC channels, and mailing lists to give you the knowledge you need to learn these systems so get going.  If you're like me, you'll appreciate the challenge of any new operating system anyway.

There are some really crappy SQL injection tutorials out on the net that don't really tell you what you need to know nor how to fix vulnerabilities. The main thing to remember when preventing SQL injections is to cleanse HTML tags and quotes from untrusted user input. And of course, depending on which language you're using there will be a different method for doing that.

Most tutorials show you the basic method of finding if a site or form is vulnerable, the old ' or 1=1-- trick which should return the first record in the database. This is fine and dandy but quite useless if you don't know what to do after that. The most important part of SQL injection is SQL, obviously, and if you don't know SQL you're not going to get very far. I'm not going to teach you SQL here, but I will tell you that the Uncommon SQL Injection whitepaper by N3T D3VIL is a good place to start learning about SQL queries you might find useful.

Now I'll tell you how to sanitize your inputs with PHP. Anywhere your users can enter data should be sanitized, including login forms, registration forms, and comment forms. Basically any form that talks to a database should be sanitized.

PHP comes standard with functions to do this, htmlentities(), and addslashes(). htmlentities() changes and special characters to the html equivalent. Say if someone entered a <SCRIPT> tag into a comment form, your sanitization code would turn it into &lt;SCRIPT&gt;. addslashes() adds slashes behind any quotes to escape those quotes before they can be used to hijack your SQL queries on the backend. These are good basic practices when using forms on a public website that can accept untrusted user data that speaks to a database.

While this is enough for some people, some people like to go a step further and limit the characters used to a specific set and feed any user input through a function to strip any characters that are not part of that set. This tutorial over at Nucleotide shows you how to use Regular Expressions to do just that. This would be perfect for login and registration forms and if you didn't care about letting users create anchor links on comments, it'd work there too.

If you DO want to allow users to create links on comments, you should think about implementing a WYSIWYG editor into your comment forms. The industry standard at this point is TinyMCE and it works really well. It is the default on many content management systems and blog platforms. If for some reason you don't like TinyMCE, there are several other solutions that a quick Google search with turn up.

Whether you're coding for yourself or a client, you should always use safe coding practices. If not for financial liability reasons, then just for not having the headache of restoring everything when a hacker destroys your data.