Acest text este depozitat (și) aici din motive de siguranță. Recomandarea noastră este să respectați dorința autorului exprimată în secțiunea 1.1
This is an online book about computer, network, technical, physical, information and cryptographic security. It is a labor of love, incomplete until the day I am finished.
The books that help you most are those which make you think the most. The hardest way of learning is that of easy reading; but a great book that comes from a great thinker is a ship of thought, deep freighted with truth and beauty.
— Theodore Parker
When I picture a perfect reader, I always picture a monster of courage and curiosity, also something supple, cunning, cautious, a born adventurer and discoverer.
— Friedreich Nietzsche
- Admissibility (is the remote node trustworthy?)
- Authentication (who are you?)
- Authorization (what are you allowed to do?)
- Availability (is the data accessible?)
- Authenticity (is the data intact?)
- Secure to whom? A web site may be secure (to its owners) against unauthorized control, but may employ no encryption when collecting information from customers.
- Secure from whom? A site may be secure against outsiders, but not insiders.
- Computer Security Models
- Bell-LaPadula Model
- Biba Integrity Model
- Brewer-Nash Model
- Graham-Denning Model
- Take-Grant Model
- Clark-Wilson Model
- Harrison-Ruzzo-Ullman Model
- Non-interference Model
There is no security on this earth, there is only opportunity.
— General Douglas MacArthur (1880-1964)
As far as the laws of mathematics refer to reality, they are not certain; and as far as they are certain, they do not refer to reality.
— Albert Einstein
- network security
- application/database security
- OS security
- hardware security
- physical security
- Anonymous, remote systems
- Authenticated remote systems
- Local unprivileged user (UID > 0)
- Administrator (UID 0)
- Kernel (privileged mode, ring 0)
- Hardware (TPM, ring -1, hypervisors, trojaned hardware)
A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application. The term “vulnerability” is often used very loosely. However, here we need to distinguish threats, attacks, and countermeasures.
— OWASP Vulnerabilities Category (http://www.owasp.org/index.php/Category:Vulnerability)
NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
— NVD Home Page
- National Vulnerability Database (http://nvd.nist.gov/)
International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures.
CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.
— CVE Home Page
- Common Vulnerabilities and Exposures (http://cve.mitre.org/)
The Common Weakness Enumeration Specification (CWE) provides a common language of discourse for discussing, finding and dealing with the causes of software security vulnerabilities as they are found in code, design, or system architecture. Each individual CWE represents a single vulnerability type. CWE is currently maintained by the MITRE Corporation with support from the National Cyber Security Division (DHS). A detailed CWE list is currently available at the MITRE website; this list provides a detailed definition for each individual CWE.
— CWE Home Page
- Common Weakness Enumeration (http://cwe.mitre.org/)
OSVDB is an independent and open source database created by and for the community. Our goal is to provide accurate, detailed, current, and unbiased technical information.
— OSVDB Home Page
- The Open Source Vulnerability Database (http://osvdb.org/)
On two occasions I have been asked, “Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?” In one case a member of the Upper, and in the other a member of the Lower, House put this question. I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question.
— Charles Babbage
- Wikipedia article on Rice’s Theorem (http://en.wikipedia.org/wiki/Rice%27s_theorem)
- WEP Security + Pringles-Can = $1B TJX Loss?
- TJX’s failure to secure Wi-Fi could cost $1B
- Report of an Investigation into the Security, Collection and Retention of Personal Information
- Slashdot article (http://it.slashdot.org/story/09/06/09/1422200/Security-Flaw-Hits-VAserv-Head-of-LxLabs-Found-Hanged)
- LxLabs boss found hanged after vuln wipes websites (http://www.theregister.co.uk/2009/06/09/lxlabs_funder_death/)
- Webhost hack wipes out data for 100,000 sites (http://www.theregister.co.uk/2009/06/08/webhost_attack/)
- CardSystems Solutions Settles FTC Charges (http://www.ftc.gov/opa/2006/02/cardsystems_r.shtm)
Egghead was hurt by a December 2000 revelation that hackers had accessed its systems and potentially compromised customer credit card data. The company filed for bankruptcy in August 2001. After a deal to sell the company to Fry’s Electronics for $10 million fell through, its assets were acquired by Amazon.com for $6.1 million.
In December 2000, the company’s IIS-based servers were compromised, potentially releasing credit card data of over 3.6 million people. In addition to poor timing near the Christmas season, the handling of the breach by publicly denying that there was a problem, then notifying Visa, who in turn notified banks, who notified consumers, caused the breach to escalate into a full blown scandal.
- Wikipedia article on Egghead Software (http://en.wikipedia.org/wiki/Egghead_Software)
- Heartland sued over data breach (http://news.cnet.com/8301-1009_3-10151961-83.html)
- Verizon Business 2009 Data Breach Study Finds Significant Rise in Targeted Attacks, Organized Crime Involvement (http://newscenter.verizon.com/press-releases/verizon/2009/verizon-business-2009-data.html)
- Web Site (http://datalossdb.org/)
If you know the enemy and know yourself, you need not fear the result of a hundred battles.
If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.
If you know neither the enemy nor yourself, you will succumb in every battle.
— Sun Tzu, The Art of War (http://en.wikipedia.org/wiki/The_Art_of_War)
- Overly different; if you looked at grapes all day, you’d know a hundred different kinds, and naturally think them very different. But they all squish when you step on them, they are all fruits and frankly, not terribly different at all. So too we are conditioned to see people as different because the things that matter most to us, like finding an appropriate mate or trusting people, cannot be discerned with questions like “do you like breathing?”. An interesting experiment showed that a description of how they felt by people who had gone through a process is more accurate in predicting how a person will feel after the process than a description of the process itself. Put another way, people assume that the experience of others is too dependent on the minor differences between humans that we mentally exaggerate.
- Overly similar; people assume that others are motivated by the same things they are motivated by; we project onto them a reflection of our self. If a financier or accountant has ever climbed mount Everest, I am not aware of it. Surely it is a cost center, yes?
If they were capable, honest, and hard-working, they wouldn’t need to steal.
Men of sense often learn from their enemies. It is from their foes, not their friends, that cities learn the lesson of building high walls and ships of war.
CPE is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name.
— CPE Home Page
- Common Platform Enumeration (http://cpe.mitre.org/)
- A Taxonomy of Privacy (http://www.concurringopinions.com/archives/2006/03/a_taxonomy_of_p.html)
- secondary use
- breach of confidentiality
- increased accessibility
- decisional interference
- Information disclosure
- Denial of service
- Elevation of privilege
- Wikipedia on STRIDE (http://en.wikipedia.org/wiki/STRIDE_(security))
- Uncover Security Design Flaws Using The STRIDE Approach (http://msdn.microsoft.com/en-us/magazine/cc163519.aspx)
- Damage potential
- Affected users
Gnothi Seauton (“Know Thyself”)
— ancient Greek aphorism (http://en.wikipedia.org/wiki/Know_thyself)
- Malware Distribution through Physical Media a Growing Concern (http://it.slashdot.org/article.pl?sid=08/01/13/1533243)
- usbroken, a USB fuzzer based on Arduino (http://code.google.com/p/usbroken/)
- Schneier Hacking Computers over USB (http://www.schneier.com/blog/archives/2006/06/hacking_compute.html)
- USB Devices can Crack Windows (http://www.eweek.com/c/a/Security/USB-Devices-Can-Crack-Windows/)
- psgroove, a jailbreak exploit for PS3 (http://github.com/psgroove/psgroove)
- Wikipedia on Attack Tree (http://en.wikipedia.org/wiki/Attack_tree)
- Schneier on Attack Trees (http://www.schneier.com/paper-attacktrees-ddj-ft.html)
- Microsoft on Attack Trees (http://msdn.microsoft.com/en-us/library/ff648644.aspx)
Amdahl’s law, also known as Amdahl’s argument, is named after computer architect Gene Amdahl, and is used to find the maximum expected improvement to an overall system when only part of the system is improved.
— Wikipedia (http://en.wikipedia.org/wiki/Amdahl%27s_law)
You are the weakest link, goodbye!
— The Weakest Link (TV series)
- Wikipedia article on Physical Security (http://en.wikipedia.org/wiki/Physical_security)
While the locks are getting tougher, the door and frame are getting weaker. A well-placed kick usually does the trick.
— a burglar
I know what your computer did last summer.
- A Guide to Understanding Data Remanence in Automated Information Systems (Ver.2 09/91) (http://www.fas.org/irp/nsa/rainbow/tg025-2.htm)
- National Security Agency/CSS Degausser Products List 25 Sep 2001 (http://www.fas.org/irp/nsa/degausse.pdf)
- Hard drive’s data survives shuttle explosion (http://blocksandfiles.com/article/5056)
- German firm probes final World Trade Center deals (http://www.prisonplanet.com/german_firm_probes_final_world_trade_center_deals.htm)
- Wikipedia entry on Data Recovery (http://en.wikipedia.org/wiki/Data_recovery)
- 200 ways to recover your data (http://btjunkie.org/torrent/200-Ways-To-Recover-Revive-Your-Hard-Drive/4358cd27083f53a0d4dc3a7ec8354d22b61574534c96)
- Data Recovery blog (http://datarecovery-hddrecovery.blogspot.com/)
- BoingBoing video demonstration (http://www.boingboing.net/2008/05/12/bbtv-hacker-howto-co.html)
- On A New Way to Read Data from Memory (http://www.cl.cam.ac.uk/~rja14/Papers/SISW02.pdf)
- Real-address mode (http://en.wikipedia.org/wiki/Real_mode)
- Protected Mode (http://en.wikipedia.org/wiki/Protected_mode)
- System Management Mode (http://en.wikipedia.org/wiki/System_Management_Mode)
- Virtual 8086 Mode (http://en.wikipedia.org/wiki/Virtual_8086_mode)
The NX bit, which stands for No eXecute, is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (or code) or for storage of data, a feature normally only found in Harvard architecture processors. However, the NX bit is being increasingly used in conventional von Neumann architecture processors, for security reasons.
An operating system with support for the NX bit may mark certain areas of memory as non-executable. The processor will then refuse to execute any code residing in these areas of memory. The general technique, known as executable space protection, is used to prevent certain types of malicious software from taking over computers by inserting their code into another program’s data storage area and running their own code from within this section; this is known as a buffer overflow attack.
- Wikipedia entry on NX bit (http://en.wikipedia.org/wiki/NX_bit)
- Supervisory Program (http://en.wikipedia.org/wiki/Supervisory_program)
- Hypervisor (http://en.wikipedia.org/wiki/Hypervisor)
- Trusted Platform Module (http://en.wikipedia.org/wiki/Trusted_Platform_Module)
- Trusted Computing: The Mother(board) of All Big Brothers (http://www.cypherpunks.to/TCPA_DEFCON_10.pdf)
- Trusted Computing Group (http://en.wikipedia.org/wiki/Trusted_Computing_Group)
- Intel TCPA Overview (http://yuan.ecom.cmu.edu/trust/cd/Presentations/Intel%20TCPA%20Overview.ppt)
- Trusted Computing Group homepage (http://www.trustedcomputinggroup.org/)
- EFF: Trusted Computing: Promise and Risk (http://www.eff.org/wp/trusted-computing-promise-and-risk)
- Ross Anderson’s TCPA FAQ (http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html)
- FSF: Can You Trust Trusted Computing (http://www.gnu.org/philosophy/can-you-trust.html)
- OpenTC project (http://www.opentc.net/)
- IBM TCPA Group (http://www.research.ibm.com/gsal/tcpa/)
- Infineon TPM chip hacked (http://www.flylogic.net/blog/?tag=infineon)
- Intel vPro (http://en.wikipedia.org/wiki/Intel_vPro)
- Big Brother Potentially Exists Right Now (http://www.tgdaily.com/hardware-opinion/39455-big-brother-potentially-exists-right-now-in-our-pcs-compliments-of-intels-vpr) (note: he is wrong about what ECHELON is)
- f00f bug (http://en.wikipedia.org/wiki/F00f)
- Cyrix Coma Bug (http://en.wikipedia.org/wiki/Cyrix_coma_bug)
- Using CPU System Management Mode to Circumvent Operating System Security Functions (http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf)
- Attacking SMM Memory via Intel CPU Cache Poisoning (http://theinvisiblethings.blogspot.com/2009/03/attacking-smm-memory-via-intel-cpu.html)
- Attacking Intel Trusted Execution Technology (http://www.blackhat.com/presentations/bh-dc-09/Wojtczuk_Rutkowska/BlackHat-DC-09-Rutkowska-Attacking-Intel-TXT-slides.pdf)
- Blue Pill (http://en.wikipedia.org/wiki/Blue_Pill_(malware))
- SMM Rootkits: A New Breed of OS Independent Malware (http://www.eecs.ucf.edu/%7Eczou/research/SMM-Rootkits-Securecom08.pdf)
- Subverting the Xen Hypervisor (http://invisiblethingslab.com/resources/bh08/)
- TPM Reset Attack (http://www.cs.dartmouth.edu/~pkilab/sparks/)
- Trusted networks were internal to your corporation.
- An untrusted network may be the Internet, or a wifi network, or any network with open, public access.
- Demilitarized zones (DMZs) were originally defined as an area for placing machines that must talk to nodes on both trusted and untrusted networks. At first they were placed outside the firewall but inside a border router, then as a separate leg of the firewall, and now in are defined and protected in a variety of ways.
- nmap (http://www.nmap.org/)
- GNU netcat (http://netcat.sourceforge.net/)
- firewalk (http://www.packetfactory.net/projects/firewalk/)
- IDS (http://en.wikipedia.org/wiki/Intrusion-detection_system)
- Snort IDS (http://www.snort.org/)
All cryptography lets you do is create trust relationships across untrustworthy media; the problem is still trust between endpoints and transitive trust.
— Marcus Ranum
Humans are incapable of securely storing high-quality cryptographic keys, and they have unacceptable speed and accuracy when performing cryptographic operations. (They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations).
— Network Security / PRIVATE Communication in a PUBLIC World by Charlie Kaufman, Radia Perlman, & Mike Speciner (Prentice Hall 2002; p.237)
- Wikipedia article on DNS cache poisoning (http://en.wikipedia.org/wiki/DNS_cache_poisoning)
- Spoofing replies – transaction ID predictability (http://www.net-security.org/dl/articles/Attacking_the_DNS_Protocol.pdf, http://www.securityfocus.com/bid/30131)
- Maybe you are querying a DNS server the adversary controls (i.e. your ISP)
- AT&T Invents Programming Language for Mass Surveillance (http://blog.wired.com/27bstroke6/2007/10/att-invents-pro.html)
- Dan Kaminski’s web site (http://www.doxpara.com/)
Sometimes I suspect I’m not who I think I am.
— Ghost in the Shell
- Kim Cameron’s “The Laws of Identity” (http://www.identityblog.com/?p=354)
- Ben Laurie’s “Selective Disclosure” (http://www.links.org/files/selective-disclosure.pdf)
In cyberspace everyone will be anonymous for 15 minutes.
— Graham Greenleaf
- Randomly-Chosen Identity
- Fictitious Identity
- Stolen Identity
Does it follow that I reject all authority? Far from me such a thought. In the matter of boots, I refer to the authority of the bootmaker; concerning houses, canals, or railroads, I consult that of the architect or the engineer.
— Mikhail Bakunin, What is Authority? 1882 (http://www.panarchy.org/bakunin/authority.1871.html)
My voice is my passport; verify me.
— Sneakers, the motion picture
- Strong Passwords Not As Good As You Think (http://it.slashdot.org/article.pl?sid=09/07/13/1336235)
- Strong Web Passwords (http://www.schneier.com/blog/archives/2009/07/strong_web_pass.html)
- Do Strong Web Passwords Accomplish Anything? (http://www.usenix.org/event/hotsec07/tech/full_papers/florencio/florencio.pdf)
- Real World Passwords (http://www.schneier.com/blog/archives/2006/12/realworld_passw.html)
- Choosing Secure Passwords (http://www.schneier.com/blog/archives/2007/01/choosing_secure.html)
- The adversary takes control of the system you’re sitting at, where your ssh key is stored, in which case he could impersonate you anyway (he may have to wait for you to log in to sniff the reusable passphrase, or to hijack an existing connection, but I think it’s not worth worrying about the details; if they have root on your console, you’re hosed).
- The adversary guesses your 4096-bit private RSA key, possibly without access to the public key. In this case, he could probably use the same technique against the encryption used to protect the SSH or IPsec sessions you’re using to communicate over anyway (host keys are often much smaller than 4096-bit), and in the alternate scenario (no direct root logins, but allowing reusable passphrases) he would get access to the reusable passphrases (and all other communication).
- Someone guesses the login and password. Login names are not secrets, and never have been treated as secrets (e.g. they’re often in your email address). They may not even be encrypted in the SSH login procedure. Passwords may be something guessable to your adversary but not you; for example, a word in a dictionary you don’t have, an “alternative spelling” that you didn’t think of, or perhaps the user uses the same passphrase to access a web site (perhaps even via unencrypted HTTP).
- Encrypted storage; this is like using encryption to communicate with your future self. Obviously, you must reuse the same key, or somehow re-encrypt the disk. One could, theoretically, disallow direct access to the key used to encrypt the storage, and re-encrypt it each time with a different passphrase, but to protect it from the administrator you’d need to use some sort of hardware decryption device, and to protect it against someone with physical access you’d need tamper-resistant hardware (e.g. TPM).
- Authenticating to the system you’re sitting at; even then, one could use S/Key or another system for one-time authenticators written down and stored in your wallet, combined with a memorized passphrase.
- Authenticating People By Their Typing Patterns (http://www.schneier.com/blog/archives/2005/11/authenticating.html)
- PSYLock: a typing behavior based psychometrical authentication method (http://pc50461.uni-regensburg.de/ibi/de/leistungen/research/projekte/risk/psylock_english.htm)
- Simple Authentication and Security Layer (http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) is a three-layer library (interface, mechanism, method) that supports multiple authentication methods for various systems; LDAP, SMTP AUTH, etc.
- Guide to Lock Picking http://www.lysator.liu.se/mit-guide/mit-guide.html
- Free Lock Picking Guide http://www.free-lock-picking-guide.com/