Jericho's Writings: Security

• 11.11.23 - DDoS: The Message is Often Lost in the Noise (Infosec Island)
• 11.08.30 - Data Breaches Harder to Understand (credant.com)
• 11.05.27 - A Curmudgeonly Reply to an Anti-Curmudgeon Rant (in two parts) (Attrition.org)
• 10.07.02 - InfoSec, Sun Tzu and the Art of Whore (Attrition.org)
• 09.08.11 - Reporting terrorism, affect your credit? (we're doomed) (Attrition.org)
• 08.07.28 - A Decade of Oracle Security (Attrition.org)
• 08.07.25 - Brief analysis of "Analyzing Websites for User-Visible Security Design Flaws" (Attrition.org)
• 08.06.11 - Useless Compensation for Data Loss Incidents (Attrition.org)
• 07.07.20 - What The Hell Was He Thinking? (Attrition.org)
• 07.02.07 - "We recovered the laptop!" ... so what? (Attrition.org)
• 06.05.23 - Social Implications of Keysigning (Attrition.org)
• 06.01.02 - US-CERT: A disgrace to vulnerability statistics
• 05.11.14 - Disclosure or Advertising (Sydney Morning Herald)
• 05.03.24 - Random Comments on the Symantec Internet Threat Report 2005 (Attrition.org)
• 04.01.28 - Anti-Virus Companies: Tenacious Spammers (Attrition.org/The Register)
• 03.11.13 - My Own PR Assault against Microsoft (Attrition.org)
• 03.07.12 - Deconstructing the Defacer Challenge Hoax/FUD (Attrition.org)
• 03.02.06 - Richard Clarke: American Grandstand (Attrition.org)
• 01.11.10 - Microsoft's Responsible Vulnerability Disclosure, The New Non-Issue (Attrition.org)
• 01.04.29 - Cyberwar with China: Self-fulfilling Prophecy (Attrition.org)
• 01.04.20 - Cashing in on Vaporware (Attrition.org)
• 01.02.01 - Should you spy on your employees? (IBM Developer Works)
• 00.12.01 - A Note on Security Disclosures [PDF] (;Login Magazine [print])
• 00.10.25 - Convict them all! A new breed of ambulance chasers (Attrition.org)
• 00.09.28 - Screw the thief. Convict the state department morons.. (Attrition.org)
• 00.08.21 - The Not-So-Scientific Process (Attrition.org)
• 00.07.22 - Another brick in the wall: Fighting a losing battle... (IBM Developer Works)
• 00.07.04 - Hacker Attacks Welcomed... (Attrition.org)
• 00.06.22 - Securing your network: Your startup's survival depends on it (IBM Developer Works)
• 00.06.09 - Social aspects of the Love Bug virus (Sunworld)
• 00.05.17 - CERT Rides the Short Bus (Attrition.org)
• 00.05.17 - "It Is Good Beating Proud Folks.." (Attrition.org)
• 00.04.27 - Full Disclosure - Effective or Excuse? (The Synthesis)
• 00.04.01 - Untitled (Ex-Game Magazine [print])
• 00.02.11 - Placing the Blame (Newstrolls)
• 00.02.10 - Have Script, Will Destroy (Lessons in DoS) (Hacker News Network)
• 00.02.09 - The Crime of Punishment (The Synthesis) [Local Copy]
• 00.02.01 - Deconstructing the Hype (eEye.com)
• 00.02.01 - Hacking: a game for the 90's? (Ex-Game Magazine [print]) [.doc Copy]
• 00.01.29 - Why Linux Security Will Succeed (secure.linux.com)
• 99.12.15 - Setting Standards in Security (Aviary Mag)
• 99.12.08 - Comptuer Crime Legal Resources (Aviary Mag)
• 99.12.08 - Not Just a Game Anymore (Hacker News Network)
• 99.12.01 - The Wrong Approach (Aviary Mag)
• 99.11.22 - Is it worth it? Dispelling the myths of law enforcement and hacking (Hacker News Network)
• 99.11.10 - In Response To: Computer Crime-Abetting Sites... (Aviary Mag)
• 99.11.04 - In Response To: Bring in the Cyber Police (Aviary Mag)
• 99.10.27 - And You Thought You Were Safe! (Aviary Mag)
• 99.10.20 - Building a Global IDS (Aviary Mag)
• 99.10.13 - Defacto Damage: Unusual Trends in Loss Figures (Aviary Mag)
• 99.10.06 - In Response To: The Phonemasters and I (Aviary Mag)
• 99.10.06 - The Last Line of Defense, Broken (SecurityFocus)
• 99.10.04 - Why your network is still vulnerable (Hacker News Network)
• 99.10.03 - Subversion of Information Attacks (Aviary Mag)
• 99.08.15 - How to Get That Security Budget (SecurityFocus)
• 99.08.06 - The Newbie's Guide to Fear, Uncertainty, and Doubt (Hacker News Network)
• 99.08.03 - Life in and around 6 South, 626 (Aviary Mag)
• 99.06.10 - In Response To: Hackers in the Workplace (Hacker News Network)
• 99.05.15 - State of the Net (Hacker News Network)
• 99.04.16 - Ulterior Motives (a look at shoddy journalism) (Hacker News Network)
• 99.03.20 - mv index.new index.html (a look at web defacement) (Hacker News Network)
• 99.??.?? - Distributed Computing challenges (Aviary Mag)
• 99.??.?? - Chain of Command (reporting net abuse) (Aviary Mag)

Security Misc

• Practical Sendmail Routing Attack (Phrack)
• Possible problems with 'sudo' package (Bugtraq)
• Remote login/password disclosure in Greymatter (OSVDB 4081)
• Network Solutions Inc. Security Problem (Attrition.org)
• TBP Mozilla Extension Arbitrary HREF Information Disclosure (OSVDB 8323)
• Barracuda Networks Spam Firewall Multiple (OSVDB 20878, 20879)
• IntraLearn 2.1 Multiple (OSVDB 42988 - 42993)

Security News

• Phrack World News (Issue 49)
• Phrack World News (Issue 50)
• Phrack World News (Issue 51)
• Phrack World News (Issue 52)
• Phrack World News (Issue 53)
• Phrack World News (Issue 54)
• Phrack World News (Issue 55)

Book Reviews

• Computer Security for the Home and Small Office
• Security Warrior
• Hack Attacks Revealed
• Hack Attacks Denied
• EDI Security, Audit and Control
• Hacking Exposed
• Complete Idiot's Guide to Protecting Yourself Online
• At Large
• Cyber Crime
• Ethical and Social Issues in the Information Age
• Time Based Security
• Investigating Computer Crime
• Happy Hacker
• High-Tech Crimes Revealed