Security Problems

This page is a subsection of the Crypto link farm. Links to further crypto and security-related information can be found there.

$10,000 DES Challenge: RSADSI's encryption-breaking challenge.
AccentSoft Series Utilities: Password recovery for MS Office, Access, Word, Excel, Money.
Accidental Trojan Horses: How to run arbitrary code on a Windows machine via email or the web.
ActiveX - Conceptual Security Flaw: Using ActiveX to steal money via fake bank transfers.
ActiveX security check page: Sampling of dangerous ActiveX controls which can be used to run arbitrary code on your machine.
AirSnort Homepage: WEP encryption key recovery tools.
aLoNg3x'S hOmEpAgE: Links to assorted cracking and hacking sites and resources.
Analysis of DVD ContentsScrambling System: Cryptanalysis of CSS.
AOL-Security Pages: AOL security problems (some fairly scary).
Architectural considerations for cryptanalytic hardware: Breaking RC4, A5, DES, and CDMF with FPGA's.
Archive of Hacked Websites: Various web pages which have been altered by hackers.
Armageddon: Packet sniffing and spoofing.
Ars Technica: Wireless Security Blackpaper - Page 1 - (7/2002): Problems with 802.11 wireless security.
ATTRITION Mirrored Sites: Mirror of defaced web pages.
Back Orifice: Backdoor access to Windows machines which allows them to be controlled from anywhere via the net.
Back Orifice Removal - BORED: Tool to scan for and remove Back Orifice.
Basement Research: SMB session sniffer, NT TCP/IP connection killer.
Bioinformatics and Data Analysis Products at Paracel: Data filtering hardware originally designed for NSA/Echelon use.
BO2K - Back Orifice 2000: Windows trojan allowing remote control of a machine, file transfer, keystroke logging, registry access, and user plugins.
Bokler's Guide to "CRACKER" Software: Programs to break the "encryption" on a number of DOS and Windows programs.
Buchanan International: Password recovery (apparently they're just a reseller for Access Data).
BugNet: Wintel PC bugs, including occasional security problems and holes.
Bugtraq Archives for July 1995 - present: Security vulnerability archives.
Bugtraq mailing list archives: Security vulnerability archives, 1993-present.
CCC klont D2 Kundenkarte: CCC cloning of GSM SIM's and software SIM emulator (in German).
CCD : software cablecrypt decoder: Decoder for cablecrypt-enrypted PAL TV signals.
Cellular-Cables.com - Sim Readers ::: SIM cloning gear.
Cellular Telephone Experimentors Kit: Completely control an OKI900 through a computer (including many neat things you're not supposed to be able to do).
Channel 1 File Library:Unprotects: Unprotects for a large amount of software.
Chaos Computer Club
cfDecrypt: Code to decrypt Cold Fusion templates.
Cmos, LILO, NT passwords - Antivirus: Edit NTFS partitions, reset NT/CMOS/LILO passwords.
Computer Crime Reference Index: Organisations, publications, legal resources, security advisories, mailing lists.
Computer Security Information: Information on password cracking, denial-of-service attacks, and NT security holes.
Cookie Jar: Control which web servers can get cookies.
CooL_MoDe's Kewl World: Exploit files for a wide variety of Unix security problems.
Craaack Labs: "We make the things that break the things that you make".
CRAK Software: Password-recovery software for Word, Excel, 123, Quattro Pro, WordPerfect, Quicken, etc.
Crash Netscape: This URL will crash Netscape (and make Windows unusable for Win 3.x) when connected to.
Crashing IE4: Combines the MSIE res security hole and the Pentium F00F bug to lock up any Pentium machine running MSIE.
Cursor: Cellular phone tracking technology.
Crypto & Hacker Linkz: Links to crypto and password-recovery pages.
Cryptography Research - Differential Power Analysis: Powerful noninvasive analysis technique for recovering information (eg encryption keys) from smart cards.
Cybercrime on the Internet: Cyberciminals and cybercrime buzzword buzzword hacking buzzword fnord child pornography buzzword fnord.
Cypherpunks Key Cracking Ring: The cypherpunks attack crippled US export-approved encryption.
Cypherpunks SSL challenge broken: The cypherpunks break crippled US export-approved encryption.
Death by ActiveX: More ActiveX security holes.
Decompilation of Binary Programs - dcc: Decompiler for reverse-engineering 80x86 software.
DeCSS Gallery: DeCSS as C source, in Standard ML and Scheme, as a GIF image, in (non-compilable) pseudocode, in English, as a haiku, photo of a t-shirt, recordings of a dramatic reading and a song version, as a film, steganographically encoded in various images, etc etc.
Default Password List: Default passwords for systems, network gear, printers, embedded devices.
Default usernames and password for Routers/Switches/Hubs and others: Collection of default passwords used in assorted commercial equipment.
Defiants Eurosat.com: Pay TV and smart card hacking information.
Déjà Vu All Over Again: BYTE article in plethora of NT security holes.
DES Challenge Coordinated Effort: SolNET RSADSI DES challenge.
DES Challenge Attack: Distributed software attack on DES
Denial-of-Service FAQ: The denial-of-service FAQ.
Device Object Security: Problems with Windows NT device object security.
Digital Signals Monitoring with your scanner: Monitoring trunked radio nets with scanners.
distributed.net - Node Zero: Distributed computing applications (such as encryption breaking).
DMZ Services, Inc.: Dictionary generator for brute-force password crackers.
D.O.E. SysWorks: Links and information on security weaknesses, password recovery, key recovery tools, reverse engineering. Of particular interest is the information on the large number of snake oil crypto programs out there.
Electronic Voting: Problems with electronic voting.
Ericsson Unlock Devices: Unlock and generally mess with Ericsson GSM and PCN phones.
ERL PTT: Monitoring Inmarsat: Inmarsat interception using standard commercial gear, with an example of interception of sensitive political information and electronics smuggling to the Iraqi internal security organisation.
Eye Tech Surveillance = Products Page: Transmitters, phone taps, listening devices, computer bugs.
Factorization of RSA-130
Firewall Test, Port Scan and Security Test at Auditmypc.com - research open ports online.: Scan your PC for open ports and privacy leaks.
Flaws in Java Implementations: Catalogue of and analysis of security flaws in Java implementations.
floydsoft.com - Free NT/IIS Utilities: IIS SSL key password recovery tool.
Forbes ASAP: Hack Attack: Hackers test the gullibility of a Forbes reporter.
Forbes addendum: EMP weapons: Calling Victor von Doom: Debunking some of the more outrageous parts of the Forbes story.
Forbes addendum: The Netly News - EMP Gun: Another writeup on the EMP gun urban legend.
Fravia's page of reverse engineering: Much information on reverse-engineering software.
Fravia's Steganography Starting Page: Stego information, including how to defeat various steganography-based watermarking techniques.
Fun and Games with PGP: Potential PGP weaknesses and problems.
Fuzz Testing of Application Reliability: Relability testing of applications in the presence of random input (most apps crash or hang).
Fyodor's Exploit World, Exploits for many Operating Systems including Linux,Solaris,Microsoft,Macintosh. For Hackers, Hacking, Computer Security auditing & testing: Catalogue of security holes and exploits for Windows and various Unixen.
GB_SOFTWARE(English): Red and blue box software, IR car door unlocker for the Gameboy.
Georgia SoftWorks - Windows NT Password Guard!: NT password grabber.
Greg Miller's Home Page: Crypto, AI, and Networking: Netware-related security problems and issues.
GSM cellphone cloning: The Smartcard Developers Association proves that GSM security isn't nearly as good as the vendors claim.
GSM Cloning: The ISAAC group's page on the GSM security breach.
Gullibility Virus: Frightening new virus running rampant on the net.
Hack Watch News: Satellite TV security and insecurities
Hacker's Encyclopedia CDROM: CDROM full of files on every aspect of computer security and how to bypass it.
Hacking: Keystroke loggers/sniffers, password crackers, etc.
Hacking Novell Netware FAQ
Hacking Texts: Various texts related to hacking and security.
HackZone: Information on viruses, trojans, denial-of-service problems, and other security weaknesses.
HAM Radio Software: POCSAG decoder for monitoring pager messages.
Hardware Hacks: Hardware hacks, mainly mag.card related.
Hardware Security Links: Links to information and equipment suppliers for TEMPEST and hardware penetration attacks.
Home of Mnemonix - Welcome!: Various NT security problems.
Hostile Applets Home Page: Various hostile Java applets.
H/P/C/V Utilities: Password crackers, carding, war diallers, key generators, hex editors, links to related sites.
Hyperlink Spoofing: SSL server authentication attack.
ICKiller can be deadly: Warning about ICQ toolz/ICKiller, which installs nasty trojans in your system.
Infilsec - Vulnerabilities: Vulnerabilities database for various OS's.
Inmarsat zapping: DIY Echelon.
(In)Security of the WEP algorithm: Security problems in 802.11 wireless LANs.
Inside the Windows 95 Registration Wizard: What the Windows 95 Registration Wizard is *really* doing with your system.
Internet Attacks: A (very complete) taxonomy of Internet attacks.
Internet browser access to your hard drive: How to access your local hard drive with a web browser.
Internet Explorer Expoit #4: IE security hole which allows your logon username and password hash to be grabbed over the net, regardless of firewalls or use of "strong" passwords. 14,000 passwords grabbed so far by this site alone, with no apparent attempt by MS to fix it.
IOPUS Internet and Security Software: Stealth activity monitor, Windows PWL password recovery.
IOPUS Software: Automatic, invisible POP3 / SMTP email sender sender: Secretly monitor and mail files to other machines.
ISS NT Security Library: Links to sites covering NT security issues.
Java Code Engineering: engineer & reverse engineer Java class files: Links to books and articles, disassemblers, decompilers, and deobfuscators.
John the Ripper: Unix password cracker, including MMX version which is 30% faster than the standard one.
K^KakO^B Cracking Tools Page: Password breakers for Trumpet Winsock, Eudora, Win95 screen saver, Netscape mail, Win95 shared items, Pegasus mail.
Key Code Generators: Key and unlock code generators for large amounts of software.
Key Recovery Alliance: Communicate secure in the knowledge that only the US government is listening.
Key Recovery Technologies: How to implement espionage-enabled software.
Key Recovery Utilities and Resources: Key recovery utilities, tutorials, programs (including ones to break Arj, BIOS passwords, Compuserve, Contraband 9G, Crypt-o-Text, Cryptic Writer, CuteFTP, CyberSitter, Encrypt-It, Eudora, MS Access, MS Word, MS Excel, Norton Diskreet, Novell Netware, RAR, 40-bit S/MIME, Stacker, Turbo Encrypto, Wincrypt, Windows NT password, WordPerfect, WS_FTP, and Zip), and resources.
KSR[T] Security Advisories: Unix security problems and advisories.
Kyler Laird's PDF utilities: How to print "unprintable" PDFs.
Locraker: Brute-force combination lock breaker.
M2mike's Corner of the Web: Information on breaking various security systems used by schools (mostly Win95-related - this is "security" for very small values of security).
Mailtunnel: Tunnel anything (telnet, ssh, file transfers, etc) through firewalls via email.
Maximum Security: Updates on Internet and Internet software security problems.
MDT Monitor for Windows: Software to decode police mobile data terminal messages.
Microsoft CD Key Authentication Revealed!
Microsoft FrontPage 98 Security Hell: The infinite security holes in FP for Unix.
Microsoft IIS Web Server Security Bugs: Security holes and bugs in Microsofts Internet Information Server.
Microsoft Password Recovery Software: Recover passwords for MS Word, Excel, Access, Money, and VBA projects.
Microsoft's Really Hidden Files: Summary of the information about user activities secretly logged by MSIE and Outlook, and how to get rid of it.
MS Word & Excel security weakness: Recover passwords for all newer versions of Word and Excel.
Mini-FAQ: NT Password Attack & defences: NT password cracking FAQ.
Money Protocols: Things which can go wrong with smart cards.
MOSIACs CSDU: Cellular signal destruction unit (in other words a GSM jammer).
Netbus: Windows backdoor access server.
Netscape Security Problems: Security flaws in Netscape.
Netware/Windows NT/Web Hack FAQ: Security problems in Netware, NT, web servers and browsers.
Neverness: Hacking, kracking, phreaking, crypto.
New Media Laboratories - Crypto: Distributed attack on RC5.
No First Virtual: Security problems with First Virtual.
Nortek Computers Ltd: ThinkPad Password Solutions: ThinkPad power-on and hard drive password removal.
Norton Internet Security 2000: Symantec's be-your-own-victim Internet security check (requires Win95, MSIE, Java, ActiveX, active scripting, cookies, and firewalling disabled).
(Not only) Russian Password Crackers: Good collection of password breakers and crackers for a variety of programs.
Novell Remote.NLM Password Decryption Algorithm: How to decrypt Remote.NLM passwords for Netware 4 and 5.
Nowhere to Run: TEMPEST monitoring.
NSClean information: Clean up various Netscape files which record information on you and your net activity.
NTAccess: Change the Windows NT administrator password.
NTBugtraq - NTBugtraq Home: Mailing list covering Windows security holes and problems.
NT Crack: Very effective NT password cracker.
NT Exploits: Windows NT security holes and exploits.
NT Internals: Not directly security-related, but contains a lot of useful technical information and source code to bypass or upset NT's security controls.
NT offline pw-util, bootdisk: Password change and general system editing utility for NT.
NT Security Home: NT security issues and concerns, security tools.
Nurse your Net Nanny!: How to disable various Internet blockers (and these things are supposed to be childproof!).
Offline NT Password & Registry Editor: NT password recovery.
Omen project tls cbc attack on Openssl: Password-recovery attack for SSL/TLS.
On the topic of Firewall Testing: mjr on firewall testing and certification.
OptOut -- Internet Spyware Detection and Removal: Remove some common Windows spyware programs.
Outlook Redemption: Plugin to allow your code to bypass MS Outlook security measures.
Palmtop plunder: Breaking into cars using a PalmPilot.
pan1k?: Assorted information on security problems and programs (AOL, Netware, boxing, carding, encryption, password-cracking, virii, satellite TV, text files).
Pandora: Reverse-engineering Novell's directory services (includes Novell password breaker).
Paradox Specs: Decode Paradox tables without knowing the password.
Password Removal Tactics: How to remove/bypass password/"encryption" protection for a variety of software.
Password recovery software: Password recovery software for NT, Zip, Arj, RAR, ACE, all MS Office programs along with MS Money, Project, and Backup, VBA, Quicken/QuickBooks, Lotus SmartSuite, Acrobat/PDF, Paradox.
Password recovery tools: Password recovery tools and services for MS Office and WinZip.
Pavel Semjanov's Home Page: Assorted key and password breakers (partially in Russian).
PC Keyboard Bug: Hardware keyboard bug which records 2,500 keystrokes.
PHENOELIT: Tools and info for getting into HTTP, FTP, POP, IMAP, LDAP, telnet servers.
Phrack Magazine Home Page: Security problems, hacking, hacker conferences, general news.
Phrozen Crew - News: Various Win32-related security utilities.
PIC16C84 Security: How to bypass the 16C84 security fuse.
Ping o' Death Page: Problems with remote machines crashing whens sent long ping packets (this affects Unix systems, Macs, Netware, routers, printers, ...).
PIR8 Underground : Home Of KeyGenz: Crackz, Keygenz, and other things ending in z (including cracks for a large number of copy protection schemes like Vbox, SalesAgent, softSENTRY, TimeLock, and many others).
PkCrack - Breaking PkZip-encryption: An implementation of the Biham/Kocher paper (complexity 2^38).
PKI and Smart Cards: Security holes in a large smart-card based PKI project.
PPN: Phone punx network.
Products / Flash / Unlock / Repair Boxes: Cellphone "unlockers".
Products / SIM Cards Backups: SIM cloning gear, blank cards.
Projects - fakeAP: 802.11 access point spoofer.
PROTOS - Security Testing of Protocol Implementations: Automated black-box testing of protocol implementations (most recently used to find numerous flaws in WAP and LDAP implementations).
Pwdump2: Dump NT password hashes even with Syskey installed.
qnxdecrypt: Decrypt any QNX password.
. r a i n . f o r e s t . p u p p y .: Rain.Forest.Puppy's collection of NT security holes and information.
Random Credit Card/Check Card Fraud with Small Charges: Warnig about an online credit card fraud technique.
Random Input Processing Flaws of System Programs: What happens when you feed MS command-line apps garbage input.
Read text/HTML file with Internet Explorer: Demo of MSIE bug which allows arbitrary files to be read from your machine.
Reverse Engineering the LEGO RCX: Tutorial on reverse-engineering a microcontroller.
RISKS Forum Archives: Archives of the ACM forum on risks to the public in computers and related systems (use the arrow icons to move to other risks volumes).
Risks Of "Key Recovery," "Key Escrow," And "Trusted Third-Party" Encryption: Report on GAK risks by noted cryptographers.
Risks of the Passport Single Signon Protocol: Problems with Microsoft's Passport protocol.
RISKS Search results for Explorer,MSIE,MS IE,ActiveX: Security and other problems in MSIE.
Robin Keir's Software - FireHole: Bypassing outgoing connection restrictions in personal firewalls.
rootshell.com: Searchable archive of Windows and Unix security problems.
RSA Challenge '97--Break the Key: RSA encryption-breaking challenge (40 bits in 3.5 hours, 48 bits in 13 days).
Satellite Code Network: Network of ~300 sites devoted to satellite TV hacking and related topics (eg smart cards, decoders, smart card programming).
SatHack HomePage: Satellite TV hacking, cards, software, programmers, and codes.
School Security Flaws: Collection of typical security problems and holes in school computers.
Scott Schnoll's Unofficial Microsoft Internet Explorer Security FAQ: Bugs and design flaws in MS Internet Explorer.
Sécurité & Piratage: French security page with information on security problems, backdoors, and patches.
Security Survey of Key Internet Hosts: Security survey which found that two thirds of the WWW hosts checked had security problems.
SecurID Weaknesses: Paper on potential weaknesses in SecurID.
Sekcia bugs: Large collection of security bugs in most major OS's.
ShareSniffer: Windows' lack of security turned into a feature: "ShareSniffer is an honest peer-to-peer venture that brings out the full potential of Windows' networking features".
Shutdown Windows: Shut down Windows 95/98 from Java. So much for the sandbox.
S/MIME Screen Saver: Screen saver which breaks 40-bit S/MIME encryption.
SnadBoy Software - Revelation: Recovers Windows saved passwords.
Snake Oil FAQ: Snake oil warning signs - encryption software to avoid.
Snoopie, a TCP login tracer for DOS-machines: TCP/IP login tracer which sniffs logins for FTP, telnet, POP3 connections.
SQL Server Security: SQL server security issues and problems.
SSL implementation bugs: List of known SSL implemetation bugs.
Stack Smashing Security Vulnerabilities: Resources related to stack-overwriting security holes.
Stealth Keyboard Interceptor: Completely invisible interceptor which logs keystrokes, URL's, executed, dates, times, mouse click events, etc, with optional encryption.
StealthLogger official homepage: Windows 95 and NT keystroke logger.
Stone's WebNote: Windows PE compressors, deprotectors, unwrappers, anti-debugging/tracing, executable encrypters, and other useful Windows programming/hacking tools.
Weaknesses in Euro-Clipper: More weaknesses in Euro-Clipper.
swaptec: Broadcast everything in your home all over the neighbourhood, secured with 40-bit crypto.
The BioArchive: Novell Netware, cellular phone, and other security problems.
The Codebreakers: Assorted virii, including a PGP keyfile-stealing virus.
The Hacker's Choice - Official HomePage: THC home page.
T H E · L E G A C Y: Hacking/phreaking information and links. Load this one with Java disabled.
The Reversal of NetNanny: Reverse-engineering and cryptanalysis of NetNanny.
The Sanctuary: Satellite TV hacking info: D2Mac, Eurocrypt, Videocrypt, Multimac, etc.
"The Stalker's Home Page": What others can find out about you using online search engines.
The TEMPEST Information page: Much information on TEMPEST eavesdropping and its prevention.
The Toolbox: Various Windows security tools (port scanner, find processes listening on ports, obtain various privileges on a system).
Threats to your security on the Internet: Information on various NT trojans (Back Orifice, Netbus, etc).
Tools!: Crackers for MS Office, Excel, Word Perfect, Word, Pkzip, and other programs.
Twenty Most Critical Internet Security Vulnerabilities: SANS/FBI list of the top twenty Internet security vulnerabilities.
Ultra Zip Password Cracker: Fast Zip password cracker.
Underground Railroad: Filez! Warez! D00D!&lt
unix / net / hack page: Unix security problems, software, documentation, RFC's.
Vacation War Driving, 802.11b Access Point Mapping: 802.11 war driving in Pasadena.
VBA Key: VBA password recovery (allows viewing of VBA source code).
Vendors Of GSM Mobile Location Positioning: GSM tracking technology vendors.
Visual Domain - Homepage of Erwin van den Berg: How to remove the region coding of Creative Labs DVD drives - choose the "Documentation" link.
Vulnerability Database: Database of common security vulnerabilities in RPC's, sendmail, firewalls, and various other categories.
Web Pages we�..