Check out LinuxConfig.org it is a very nice wiki with alot of information about configuring a Linux system. Great for both newbies and old schoolers like me. The subjects covered are a bit advanced, so don't go there thinking you're gonna learn the basics. But, its a wiki! The point of a wiki is that people contribute! So as soon as I figure out what I want to contribute, I'll do it. Until then, you should just go check it out.
Something you might see in the realm of security is one-time pads. These are used alot in military operations and high-security outfits. Its basically a pad with a series of alphanumerical text chunks on it, each of which you will use to authenticate once then mark out. Once a block has been used once, it is not valid again. Ever. This page features a customizable one-time pad so you can play around with it and learn about the concept. It also has some good information on the process as well.
Many people worry about being tracked on the web. Whether its by their own government, another government, or any other 3rd party entity. There are plenty of reasons to stay anonymous, other than the conspiracy theory mumbo jumbo, too, and there are plenty of ways to make yourself *more* anonymous (no one is truly anonymous anymore).
The first method and probably the most popular amongst the popular crowd these days is The Onion Router, more commonly known as Tor. Tor takes advantage of open sourced technology originally developed by the US Naval Research Laboratory. It uses a peer to peer routing scheme that routes your communications through other Tor nodes to help protect your anonymity. There are vulnerabilities, however, and you can read about them on the Wikipedia article.
Another method is a little more old school, using SOCKS proxies. Usually, SOCKS is used in a LAN environment to proxy network communications through a single host on that LAN, but it can also be used on the Internet. You can find open socks proxies (LEGAL WARNING: be careful) and you can make your web communications look like they're coming from some other host. The reason I say be careful is, you never know exactly you're proxying through if you just find some random proxy on Google.
The final method I'll detail is web anonymizers. These are basically just websites that allow you to enter a URL, then that website goes to that page and caches it for you, then forwards ou that page that it just cached. You are probably already familiar with one of these, its called Google. Go to Google Image Search and search for anything, then click on an image and check the URL string in your browser, you'll notice that the TLD is still Google, and you have that Google frame. You're basically proxying through Google at that point.
Here are some more websites you should check out to learn more about being more anonymous on the net.
TOR Links
Anonymizer websites
No, sorry, I'm not giving you any SOCKS proxies, you can find them on your own and NOT hold me responsible for what you do with them :)
Yeah, right. Security on MySpace. The place *filled* with blindingly hideous profile pages, tons of women that are 'just looking for a good time', and phishing scams has never made me feel good about submitting any form data. It seems that others are not so worried though, here is a page that details a leak of 40,000 MySpace passwords and even tells you the frequency of the most commonly used passwords and what they actually are. Of course, it doesn't give you any usernames to go along with them but it wouldn't be hard for a devious individual to try some. Please, if you use MySpace and don't want your account to get hacked (again), go look. If you're using one of the passwords, or even one that's kinda similar, stop. Use a good password with random uppercase and lowercase letters and at least one number. And for God's sakes, don't use the same password on MySpace that you use on your banking websites or any other websites where you do financial transactions (like eBay).
As a long time lover of the hacker arts, something that has long gone neglected is the fine arts of Ascii Art. I just found this page that has some excellent Ascii Art works. Check it out Here
It should be noted that some of these images are NSFW, that is if your workplace prohibits images of nude women rendered in ASCII text.
The National Institute for Standards and Technology has a great online resource for learning about cryptography methodologies and algorithms. It covers everything from block ciphers to random number generation. A terrific resource for anyone learning about security systems and cryptographic mechanisms.
There is a great post over on Security Focus detailing the methods available to hackers to bypass your IDS systems and exploit your network. While many of the basic attacks this paper covers are already addressed with Snort rules (and other IDS systems), the methods can be made more elaborate to trick your IDS rules. As a security professional, its important to understand how session splicing, fragmentation, and shellcode attacks take place and this paper underlines how each work (and a few more).
OK, for some reason, the CRC press let the University of Waterloo give away all the chapters in the Handbook of Applied Cryptography for free. You can still buy the book on Amazon for $85 though, so if you like the book and find it useful you should go pay for it so the author can get some cash.
This is a great resource for anyone curious about cryptography, especially those that intend on getting a career in information security. Subject covered in the book include cryptographic mathematics, public key infrastructure, hash functions and data integrity, digital signatures and much more. Really interesting (and informative) stuff, I suggest you go check it out.
Cult of the Dead Cow (cDc) released a program and website called Goolag a few weeks ago, it provides an easy front end to running well known Google Dorks (Google hack strings) against your website to see if you have any of the common vulnerabilities indexed by Google. You can also find out quite a bit about your company's organization if you know what you're doing. It includes scans for server errors, well known files that contain password information, webcams, server errors, well known vulnerable files, and alot more. Unfortunately, the only binary available right now is for Windows but us Linux users can always just fire up a virtual machine and get it to work (it might work in Wine too, with a little tweaking). Its an interesting experiment in using Google to gather information about a target (of a LEGAL penetration test or vulnerability scan).
Johnny Long, of johnny.ihackstuff.com fame, has started a new charity foundation with his wife that enlists the aid of hackers to help with IT problems in the developing world, a place that honestly can't afford real IT guys. This is a really great thing for Johnny and the hacker community to take part in and it really does make a difference in the lives of people in various African countries.
In case you're a selfish asshole and don't have the desire to help people for the sake of help, there's something in it for you as well, especially if you need resume fodder. For each project you help complete, you are able to reference the project on your resume and you'll get a professional reference from Johnny Long on LinkedIn. For more details, watch his video on Google Video about No-Tech hacking, which really opened my eyes to some great techniques for seeing things important to security without the use of technology.
