Grey Hat SitesInsecure.orgCheck out the online home of the well-known security researcher Fyodor, who authored nmap,the best port scanning tool available. From this site you can download nmap and 74 othersecurity tools from others, many of them excellent. Insecure.org serves as a repository fornumerous other security lists which may not have an archive of their own (such asFullDisclosure). If you don't want to junk up your Favorites with every security list (BugTraq,FullDisclosure, Pen Test, etc.) bookmark this one site and you can find them all from here.Governmentsecurity.orgDespite its name, this site is not sponsored by a government. Like many of the other sites we'verecommended, it archives daily security news. But our favorite feature is the moderated securityforums, where you can discuss relevant topics (ranging from general network security, to howto compile and run specific exploits) with other network administrators.Microsoft TechNetIT professionals running a Windows network look here for the latest Microsoft security bulletins.Pro: Authoritative source for Microsoft security fixes. Con: Microsoft's alerts minimize the trulybad implications of some vulnerabilities, sometimes unfairly. Bring a suspicious mind to thepart of each alert that talks about "mitigating factors" that supposedly reduce risk. Net: If youuse Windows, you've got to visit here at least monthly.CERT.orgThis government-funded source of security advisories describes itself as "a center to coordinatecommunication among experts during security emergencies and to help prevent futureincidents." Pro: CERT does an excellent job of coordinating information when vulnerabilities arefound in the most commonly-used Internet resources. Con: Because their work is "official" andbecause so many vendors can have a say in CERT's advisories, this is often the last entity to issuea security advisory. Net: Pretty much the final word on anything Internet-related and notowned by a private vendor. A must for your arsenal of resources.Grey Hat SitesWe characterize these security researchers as "grey hats" because, unlike white hats, they might notinform the appropriate manufacturer before publicly revealing their findings and posting exploit code(often passed off euphemistically as "proof of concept" code). Technically they're not breaking laws oracting maliciously, like "black hats." But announcing security holes before vendors can fix them is likegiving an army a map of the castle they're attacking, with a big red arrow marking the secret entrance.Grey hats commonly claim their behavior contributes to overall security by making vendors watchthemselves more diligently. Whether that is true is a battle we'll leave to someone else.Nonetheless, "grey hat" sites are worth inspecting when you want to understand more about how a particularvulnerability works. These sites are often the first to reveal new vulnerabilities, much sooner thanyou'll get the info from the appropriate vendor. When trying to prioritize how urgently you need topatch flawed software on your network, flaws where the exploit code is publicly posted should go to thetop of your list. To learn whether exploit code is publicly available, monitor our LiveSecurity alerts, andcheck some of the following sites.Unpatched Internet Explorer BugsResearchers have found numerous security flaws in Internet Explorer that Microsoft has notpatched yet. Some holes are serious (for example, one enables a hacker who has lured you tohis malicious Web site to silently install and execute code on your computer). Liu Die Yu's site80 <strong>WatchGuard</strong> System Manager
Other Web Sitesmaintains a list of these unresolved flaws. Many of his descriptions include workarounds thatminimize the vulnerability while we all wait for Microsoft's patch.Packetstormsecurity.orgThis site offers a repository of the Top 20 security tools, advisories, and exploits, updatedthroughout the week.K-otik.comThis French site is usually the first place you’ll find significant exploit code. They also archivenotable white papers in various languages, so multilingual administrators can get a world ofsecurity instruction here.2600.comThis Web site supplements the printed journal 2600 , the seminal, well-known "hacker'squarterly," where programmers inform one another of new flaws, exploits, and attacks oneverything from networks to phone systems. Worth a read so you can realistically assess thestrength of your countermeasures.Other Web Siteswww.howstuffworks.comSimple explanations of how all kinds of things, including system and network components,work.www.zebra.org/zebra/index.htmlOnline gnu zebra configuration document for Firebox users using dynamic routing protocols.www.watchguard.com/support/advancedfaqs/log_sniffing.aspCheck here for information on a useful Network Packet Analyzer.www.iana.orgLook here for lists of protocol number assignments and TCP and UDP port numbers.www.telusplanet.com/public/sparkman/netcalc.htmA network calculator.www.winguides.com/registry/A good site for information about the Windows registry.www.watchguard.com/glossary/?nav=icOnline glossary of security terms.vmyths.comSome viruses you hear about are not real. Though each of virus vendor has a “virux hoax” page,when we have to prove to a hysterical user that a problem doesn’t really exist, we like the writeupshere.slashdot.orgFor fun, no self-respecting geek should miss viewing science, pop culture, and the world ofcomputers through the perspective of the IT-minded community (millions strong!) whocontribut to Slashdot.<strong>Reference</strong> <strong>Guide</strong> 81