Threats & Exploits Reference Materials

| Background | Updates & Advisories  | Hacker/Anti-Hacker Tools |
| Malicious Code | Hidden Data |

1. Information Systems- the source of the vulnerabilities that can be exploited

2. Cyber Crimes- the threats created by those who want to exploit the vulnerabilities

3. Risk Management- the strategies and tactics used by an organization to manage the risks created by the combination of vulnerabilities and threats

4. Incident Investigations- the "response" mode in the risk management strategy in which investigations are conducted and prosecution is pursued.

Computer crimes involve computer technology as either

• the target or

• the tool

of those who wish to commit a crime. In situations where a perpetrator is not an authorized user of the technology, the perpetrator tries to exploit the technology's inherent vulnerabilities and in the process creates risks that must be managed.

Background Information on Computer Crime & Exploits

• Underground and Hacker Web Sites- by SearchSecurity.com

• CyberArmy Headquarters- portal for "independent" Internet users

• Hacking FAQs- by Phaster

• 2600, The Hacker Quarterly

Updates & Advisories

• Computer Incident Advisory Capability, U.S. Department of Energy

• Security News Portal- for information security professionals

• The Internet Storm Center- SANS report of current exploits

• VirusList.com- updates and a virus encyclopedia

• CSI/FBI Computer Crime and Security Survey, 2003- the most recent report

• Network Abuse Clearinghouse- guidance for dealing with abuse and abusive users

Hacker and AntiHacker Tools

• How to Become a Hacker- how much more of a description do you need?

• PasswordPortal- web site with links to password cracking, recovery, and management tools and services

• Remote OS detection via TCP/IP Stack FingerPrinting- identify the OS and know its vulnerabilities

• The Anti-Hacker Tool Kit- web site to accompany the very informative book

• Wardriving.com- links to resources used to manage/hack wireless networks

Malicious Code

• Macro Viruses- the Virus Encyclopedia has info on them all (viruses, Trojan Horses, and Worms)

Hidden Data

• FAQ: Alternative Data Streams in NTFS- explanations and search tool

• The Dark Side of NTFS- alternative data streams

• First Steganographic Image in the Wild- good example

Other Threats

• Email Spoofing and Forgery

• Nigerian Money Laundering Scam, a.k.a., 419 Fraud

• Web Page Redirection