I’m including links here to external sites that produce computer security and vulnerability advisories.
Canadian Centre for Cyber Security
Cybersecurity & Infrastructure Security Agency:
Latest CVE Advisories:
(feed from cvefeed.io)
National Vulnerability Database
Helpful information:
Web pages I’ve created to assist people in keeping their systems secure. I hope these continue to help people.
- Securing Passwords: (created 2000-10-13) A discussion of issues surrounding the perceived security of re-usable passwords.
- Securing Unix and Linux Systems: (created 2000-09-20) So you want to set up a Unix server, but you’d like to do it securely? Here’s a list of hopefully useful pointers to get you moving in the right direction.
Computer security advisories:
These advisories were written for the Concordia University community in Montreal, Canada, but were no doubt relevant to others as well:
- Melissa: (released 1999-03-29) Users of Microsoft Word-97 or Word-2000 may, under certain circumstances be affected by an email borne “virus” (it’s a worm, actually), that has numerous malicious effects.
- FrontPage Server Extensions: (released 1999-04-22) Web servers with FrontPage Server Extensions with incorrect configuration could permit remote users to gain access to privileged accounts on the system hosting the web server.
- Telephone Scam: (released 1999-06-07) On some business telephone systems, it may be possible for an outside caller to gain control of a telephone line and make calls charged to that line.
Historical incidents:
Although these are no longer current issues, they’re still interesting. These contain source code to incidents that affected people around the world:
- I LOVE YOU: (released 2000-05-04) Similar to Melissa (above), this email-borne worm-style virus carries multiple payloads. Formatted and commented source-code.
- Very Funny: (released 2000-05-04) Essentially a copy of the I LOVE YOU worm, with different file names.
- Very Funny (diff): See the differences between I LOVE YOU and Very Funny.
Links to Remote Documents:
- The Stanford SRP Authentication Project: by integrating secure password authentication into widely used protocols instead of adding security as an afterthought, SRP improves network security from the ground up.