ush.it - a beautiful place

Security directory

January 17, 2007 at 4:23 am - 2603 words, reading time ~8 minutes

Finally it's done (hem, just started, sorry :)): a web directory about security and high quality links in general that we'd like you. If you don't know what a "web directory" is please read the following description.

A web directory is a directory on the World Wide Web. It specializes in linking to other web sites and categorizing those links. [..] A web directory is not a search engine, and does not display lists of web pages based on keywords, instead it lists web sites by category and subcategory. The categorization is usually based on the whole web site, rather than one page or a set of keywords, and sites are often limited to inclusion in only one or two categories. (definition of "web directory" from wikipedia)

Choose a section of interest

Current top list
The Hall of Fame, a very opinable selection from all links contained in the directory.
Captcha
Tools and knowledge-base to defeat/improve Captcha.
People we like
Really really smart people.
Italian projects we (morally) support
Yes, there are cool projects in Italy too.
Cool hacking projects
Projects related to computer security and hacking.
Useful services
The resources a security researcher can't live without.
International projects we (morally) support
As said.
THP (The Hackers Place) Network
Our network, quality and unique contents.
Funsec
Fun as in Phun and Sec as in Security.

Current top list (Hall of Fame) (back to top)

  • http://sam.zoy.org/
  • http://www.tty64.org/

Captcha (back to top)

  • http://sam.zoy.org/pwntcha/
  • http://www.cs.sfu.ca/~mori/research/gimpy/
  • http://www.brains-n-brawn.com/default.aspx?vDir=aicaptcha

Cool techniques (back to top)

  • ZK-SSH - A Zero Knowledge Implementation for OpenSSH SSH provides a secure way of accessing remote systems. This goal can only be achieved if it incorporates user authentication which ensures the identity of a user. Several methods like public key, password and hostbased authentication methods are implemented in OpenSSH. Public key systems like RSA and DSA provide a reasonable level of security in regard to properties like transferability and impersonation. Nevertheless, these challenge response methods leak in polynomial time information to a third party making it easier to impersonate another party. Although this is nothing to be really afraid of, this problem does not exist when a zero knowledge user authentication protocol is used. Therefore, a zero knowledge protocol was chosen (by Ohta-Okamoto) and implemented for usage with OpenSSH.
  • Saint Jude (deprecated, dead project) The Saint Jude Project is a Project to develop Kernel-Level IDS mechinisms to protect the integrity of host systems.

People we like (back to top)

  • 0xdeadbeef Marco Ivaldi's (raptor) web site.
  • Thor Larholm Thor Larholm's blog about 0day vulnerabilities
  • Delirandom One monkey between 0 and infinite is lucky (vecna on the net)
  • invisiblethings Joanna Rutkowska has been involved in computer security research for several years.
  • Rasta Software jaromil's free software.
  • Richard Stallman's Personal Page Founder of GNU Project and Free Software Foundation, father and current maintainer of the One True Emacs.
  • todome Homepage of yet another *NIX sys stooge (our friend named slippery, a perl monk[ey] :D).
  • lonerunners Alessandro "jekil" Tanasi blog.
  • Tim Newsham is a computer consultant specializing in computer security and operating systems. He lives in Hawaii on the island of Oahu.
  • Luigi Auriemma Luigi Auriemma's blog.
  • Belch Blog Daniele Bellucci's blog.
  • Belch Blog Daniele Bellucci's blog.
  • nothink Matteo Cantoni
  • ikkisoft Luca "ikki" Carettoni

Italian projects we (morally) support (back to top)

  • http://www.autistici.org/it/
  • http://www.freaknet.org/
  • http://www.olografix.org/
  • http://www.s0ftpj.org/
  • http://www.sikurezza.org/
  • http://www.antifork.org/
  • http://www.blackhats.it/ Italian Black Hats and (http://www.whitehats.it/)
  • http://www.quequero.org/
  • IT Militia (A page specially created for CCC Congress 2006, 23C3) Hello to hell, this page has the goal to bring some usual information to all Italian interested in participating to 23' Chaos Communication Congress. As you can see it's in Italian cause it's first of all a "discussion spot" for all Italians interested in that adventure and it's really much easy for us!
  • Italian Embassy (A page specially created for CCC Congress 2007, 24C3) Yes, we are the Italian embassy. We say that only because we're IT hackers interested in building relationships with other hacker cultures throughout the world.

Cool hacking and security projects (back to top)

  • http://www.phrack.org/ PHRACK REBORN, LONG LIVE PHRACK 'N' ROLL
  • http://kernelfun.blogspot.com/
  • http://ikwt.dyndns.org/
  • http://www_ush_it/
  • http://sam.zoy.org/
  • http://www.tty64.org/
  • http://www.remote-exploit.org/
  • http://www.wisec.it/
  • http://www.caughq.org/ and http://druid.caughq.org/
  • http://www.milw0rm.com/
  • http://rumblingsofaconfusedmind.blogspot.com/
  • http://www.pagetable.com/
  • http://www.scadasec.net/secwiki/
  • http://sla.ckers.org/forum/
  • http://www.2600.com/
  • http://en.hakin9.org/
  • http://www.insecuremag.com/
  • http://uninformed.org/
  • http://www.cellphonehacks.com/
  • http://www.owasp.org/
  • http://www.nologin.org/
  • http://www.hick.org/

Useful services (back to top)

  • http://www.google.com/codesearch
  • http://www.easyvmx.com/

International projects we (morally) support (back to top)

  • The Free Software Foundation (FSF), established in 1985, is dedicated to promoting computer users' rights to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free software, particularly the GNU operating system, used widely in its GNU/Linux variant.
  • The GNU Project was launched in 1984 to develop a complete UNIX-like operating system which is free software: the GNU system. Variants of the GNU operating system, which use the kernel called Linux, are now widely used; though these systems are often referred to as ?Linux?, they are more accurately called GNU/Linux systems.
  • Data retention is no solution! The European ministers of Justice and the European Commission want to keep all telephone and internet traffic data of all 450 million Europeans. If you are concerned about this plan, please sign the petition.
  • Digital Civil Rights in Europe European Digital Rights was founded in June 2002. Members of European Digital Rights have joined forces to defend civil rights in the information society. The need for cooperation among European organizations is increasing as more regulation regarding the internet, copyright and privacy is originating from the European Union.
  • XS4ALL The famous provider. XS4ALL (access for all) was founded in 1993 as the first internet provider for the private market in the Netherlands. Since then our ambition has been to be the best, most innovative and socially committed internet provider in the Netherlands.
  • OpenBSD Journal From 2000 to April 1st 2004, this journal was well known as deadly.org. The administrators and editors James (Jim) Phillips and Jose Nazario did a great job, providing a valuable service for the OpenBSD community for years. On April 1st 2004, much to the surprise and confusion of most readers, they announced the retirement of the journal. Initially, people didn't realize they weren't just pulling an April's fool joke, but were dead serious.
  • http://www.perlmonks.org/
  • http://www.wulffmorgenthaler.com/
  • http://www.openbsd.org/
  • http://www.kernel.org/

Code review (back to top)

  • RATS - Rough Auditing Tool for Security is an open source tool developed and maintained by Secure Software security engineers. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions.
  • Flawfinder is a program that examines source code and reports possible security weaknesses (flaws) sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public.
  • CodeCollaborator enables peer review of source code changes before or after files are checked into version control. Automate audit trails and metrics, enforce workflow rules, and generate reports. Integrates with SCM, issue-tracking, reporting, and other external systems.
  • ColdFusion Code Review Tool is an application for automating code reviews. The tool comes with over 30 built-in rules that check for security, performance, accessibility, style, and bug related issues. In addition to the built in rules you can easily create your own rules, in just 4 lines of CFML code.
  • Hammurapi is an automated code review system.
  • Codestriker is an open-sourced web application which supports online code reviewing. Traditional document reviews are supported, as well as reviewing diffs generated by an SCM (Source Code Management) system and plain unidiff patches. There are integration points with CVS, Subversion, Clearcase, Perforce, Visual SourceSafe and Bugzilla. There is a plug-in architecture for supporting other SCMs and issue tracking systems.
  • Inspection/Review Tools, Source/Binary Code Static Analyzers
  • The freeware program SourceMonitor lets you see inside your software source code to find out how much code you have and to identify the relative complexity of your modules. For example, you can use SourceMonitor to identify the code that is most likely to contain defects and thus warrants formal review. SourceMonitor, written in C++, runs through your code at high speed, typically at least 10,000 lines of code per second.
  • Code review is systematic examination (often as peer review) of computer source code intended to find and fix mistakes overlooked in the initial development phase, improving overall quality of software and can also be used as a tool to better develop skills at the same time.

Conferences and events (back to top)

  • Chaos Computer Club e.V.
  • CanSecWest is a conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.
  • http://www.hackmeeting.org/
  • http://twiki.fazan.org/bin/view/Transhackmeeting
  • http://ph-neutral.darklab.org/
  • http://www.olografix.org/ MOCA/MOCM/MOHP by Metro Olografix

THP (The Hackers Place) Network (back to top)

  • USH ush.it is "a beautiful place", a large site about "hacker's stuff" like security, privacy and development driven by a staff of smart guys, i can assure :) (Available in both English and Italian version. Disponibile in versione Inglese e Italiana.)
  • Wisec The WIse SECurity is the other big project, focused on web application security. It's driven by another staff of smart guys! (Available in both English and Italian version. Disponibile in versione Inglese e Italiana.)
  • DigitalBullets
  • TheHackersPlace
  • THP Network

Scandals (back to top)

Funsec (back to top)

  • http://geekz.co.uk/lovesraymond
  • http://www.xkcd.com/
  • Not really security related but useful for losing time: viceland.com, totallycrap.com, bash.org

Permalink Comments
THP USH Wisec DigitalBullets