Fyodor's Security Reading List

Fyodor's Good Reading List: "Fyodor's Good Reading List

• The Hacker Howto. This excellent essay by Eric Raymond (ESR) gives very insightful instruction on how to become a respected member of the hacker community.
  
• The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption A great paper released 27 May 1997 by several of the biggest names in encryption and computer security, including Steven Bellovin, Matt Blaze, Whitfield Diffie, and John Gilmore. This describes exactly why we aren't going to let the government backdoor our crypto programs.
  
• Smashing The Stack For Fun And Profit A great paper on buffer overflows by Aleph One. It is from Phrack49.
  
• Mudge's tutorial on writing Buffer overflows. Another good paper.
  
• IP hijacking paper A paper by Laurent Joncheray on the workings of IP hijacking.
  
• The Hacker Crackdown A truly excellent book by Bruce Sterling about the early hackers. Mr. Sterling kindly (and much to the dismay of his publisher) decided to release the book freely over the internet.
  
• Approaching Zero Another hacker book in electronic form. This one is about British phreaks.
  
• Security Problems in the TCP/IP Protocol Suite An old but very interesting (and sadly, still applicable in many ways) paper by Steven Bellovin himself.
  
• Them and Us:Chapter 6 of Paul Taylor's hacker book (basically publishing his dissertation)
  
• cifs.txt *Hobbit*'s excellent CIFS insecurities paper.
  
• Hacker Encyclopedia This is a huge compendium of hacker/computer/science fiction information written by Logic Bomb. It is not word wrapped, so you will probably want to read it with vi or emacs rather than netscape
  
• Tamperproof Smart Cards This is a very interesting paper by Ross J. Anderson It brings up a number of very interesting issues about defeating smart card security.
  
• Murphy's Law and Computer Security A paper by Wietse Venema which details many often overlooked aspects of computer security and program bugs. This paper is loaded with examples.
  
• Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection A classic apper by Thomas Ptacek and Timothy Newsham on techniques for evading Intrusion Detection Systems. This was written in '98, but much of it still rings true in '01 :( . [PDF version]
  

Lighter Reading / Misc

• What makes UNIX users so smart? An excellent essay on the relationship between literature and the powerful, flexible command-line interface to UNIX.
  
• Richard Stallman's excellent essay on the right to read. It is short and insightful. Take 2 minutes and read it!
  
• "The hollowing out of ourselves" an excellent essay by Stephen Talbott about the pathetic lack of real content on the web today and the pointlessness of embracing new technology for its own sake, rather than to achieve any actual ends.
  
• "Why Cryptography is Harder Than it Looks" an essay by Bruce Schneier describing the many problems unique to developing cryptosystems. It really is more interesting than it sounds.
  
• Concerning Hackers Who Break into Computer Systems by Dorothy E. Denning This is a somewhat dry, but rather interesting paper by someone best known for siding with the spooks and favoring export controls on cryptography. She interviewed many hackers and it is interesting to see things through her eyes.
• UNIX Wars A hilarious spoof on star wars involving the fight between common users and fascist administrators who seek to destroy all productivity.