---

Related Topics and Resources of Interest...

Last updated: sometime in 2000. (some of this stuff if fairly stale, sorry)
This is stuff I myself use occasionally, more or less, your mileage may vary...

Table of contents...

• Crypto/Security/Privacy Services & Tools
• Crypto Technology & Security
• Security-oriented Email Distribution List Archives
• Analyst Organizations
• Certification Organizations
• Free Software/Open Source
• Internet-enabled Financial & Monetary Systems & Info
• Journals
• Technology, Science, Society, and Law
• News
• Bibliographies

Crypto/Security/Privacy Services & Tools (& some news) Resources ((mostly) commercial; see also Bibliographies, below)...

• AdSubtract (by Internet Mute, Inc.) (block ads, cookies, mobile code, etc whilst surfing the web; see also JunkBusters)
• Anonymizer.com (nagware, but comes in handy)
• @Stake (Dan Geer + L0pht !)
• C2Net (crypto-enhanced Apache web servers)
• Card Technology Magazine (a Chicago-based magazine that covers the smart card industry.)
• Cerberus Information Security (A Uk-based info sec company)
• Computer Securty Institute - CSI
• Counterpane Internet Security (Bruce Schneier's Managed Security Monitoring firm)
• Cryptography Research (Paul Kocher (a SSL co-author) et al.)
• CyberCop (Intrusion Detection suite, part of NAI's suite of PGP-based products)
• Entrust Technologies (PKI implementation provider who is also quite active in the IETF, ITU X, etc. standards groups)
• Forum of Incident Response and Security Teams - FIRST
• Freedom.net
• Granite Island Group ("Technical Surveilance Countermeasures" - very innaresting stuff)
• ICSA.net (Reston, VA -based security consultancy, publishers of InfoSecurityMag, formerly National Computer Security Association - NCSA)
• Integrity Sciences (David Jablon's firm, a good source for information on Simple Password-authenticated Exponential Key Exchange (SPEKE) and various other variants of strong password authentication)
  
• JunkBusters (ditto to AdSubtract)
• Kroll O'Gara (Taher Elgamal & co.)
• LinuxSecurity.com (overall linux security resources & news)
• L0pht Heavy Industries (Mudge & co.)
• Lucent Personalized Web Assistant
• Onion-Routing (anonymous hot'n'cold running bits, militarily-sponsored project)
• PGP.Com (aka PGP Security, nee CyberCop (aka NAI), see CyberCop above)
• Publius (Censorship Resistant Publishing System)
• RSA Data Security (the Microsoft of the crypto world?)
• System Administrators' Guild - SAGE (affiliated with USENIX)
• System Administration, Networking, and Security (SANS) Institute (sysad & security education, training, and certification)
• SecuriTeam
• SecurityFocus
• Smart Card Developer Association
• VeriSign (the Microsoft of the PKI world?)
• Xcert (a PKI solutions provider)
• ZDNet Enterprise --Security News
• Zedz Consultants (was: Replay Associates (Netherlands))
• Zero Knowledge Systems - ZKS, also FreeCrypto.Org (ZKS's news & info site it seems)

• Advanced Encryption Standard (AES) Development Effort
• Advanced Web Programming (Richard Smith's site with mucho info on Privacy & Security on the Internet)
• Anonymous Communications on the Internet (a special project of the Science and Policy Programs Directorate of the AAAS)
• Attrition.org
• Authorization and Trust Management Toolkits
  • Generic Authorization and Access control API (GAA-API)
  • Keynote Trust Management System (see also the Keynote page at UPenn Dept of Computer & Info Science)
  • OpenGroup Authorization API ("aznAPI" submitted by DASCOM)
• Because-We-Can.Com
• Black Hat Briefings (conference series)
• Bugtraq (the email distribution list for detailed discussion of security and exploits thereof)
• Center for Quantum Computation (at the bleeding edge of science and technology, with crypto applications)
• Center for Secure Information Systems (in the Information and Software Engineering Dept. at George Mason University)
• Common Data Secuity Architecture (CDSA; Intel's security abstraction layer. )
• Computer Emergency Response Team (CERT) (part of the Software Engineering Institute of CMU)
• Computer Incident Advisory Capability (CIAC) ("Keeping DOE secure")
• Computer Security Institute
• Crowds (an AT&T research project)
• Crypto Law Survey (a project of Bert-Jaap Koops)
• Cypher.Net
• CryptoGram (Bruce Schneier's free cryto-news and -opinion newsletter. a must read, imho)
• Cryptix (an international volunteer effort to produce robust, open-source cryptographic software libraries.)
• Cryptlib (a widely-available crypto-library implementation by Peter Gutmann, free for non-commercial use, licenseable for commercial use)
• Crypto++ (a widely-available crypto-library implementation by Wei Dai, with minimal no-cost license requirements)
• Cryptosavvy (very eye-opening research on the plausible longevity of the "security" of present typical key sizes)
• Cypherpunks Tonga
• DEFCON (hacker/cracker/cypherpunk convention & info source extrodinaire)
• Diceware.com (how to generate secure passphrases (aka passwords) yerself, includes many references to supporting material)
• Dis.org (a somewhat tight (?) hacker group with some innaresting info on their page. Check out their hilarious FAQ)
• Domain Name Buyer's Guide (look here before deciding which registrar to use to register that spiffy new domain name you just thought up)
• eEye Digital Security
• Encryption and Security-related Resources (by Peter Gutmann)
• ERights.Org
• Extranet World
• The Freenet Project (anonymous Internet publishing & communications)
• GNU's Not Unix! (world-famous open-source freeware underlying many, many systems and products in cyberspace, including GNU/Linux, including GNU Privacy Guard, which is an implementation of PGP)
• Interactive Infosec (comprehensive, catagorized security & hacking linkset, apparently actively updated (ca. Jan-2001))
• International Association for Cryptologic Research (IACR)
• International Financial Cryptography Association (IFCA)
• Insecure.org (exploits, vulnerabilities, news, security-oriented email list archives, etc.)
• MINDSEC
• National Infrastructure Protection Center (NIPC; Brought to you by the FBI et al)
• National Institute of Standards and Technology (NIST)
• OpenSSH
• OpenSSL
• ORBS -- Open Relay Behaviour-modification System (Blowing the whistle on insecure mailservers worldwide.)
• Packet Storm - Internet Security Solutions
• The International Pretty Good Privacy (PGP) Home Page
• The Prehistory of Public Key Cryptography by Steven Bellovin.
• Ron Rivest's: Overall Cryptography Resource Page
• RTFM.Com (security consutancy, home of PureTLS)
• Bruce Schneier's Crypto Links page
• SecurityGeeks (Security, Crypto, and Privacy news brought to you by The Shmoo Group)
• Security Laboratory, CS Dept, Stanford University
• Security Management (magazine)
• Security Portal (security-oriented webzine, newletter publisher, and overall resource)
• Smartcard Developer Association
• Speak Freely (free, open source, encrypted-audio-over-the-Internet app)
• Stunnel (Universal SSL Wrapper -- build yer own VPN (but VPNs are not a panacea, see: UWashington Network Security Credo))
• Team Anti-Virus
• Zedz -- formerly Replay Associates

Miscelaneous Organizations

• Business Software Alliance (BSA)
  - has info on business use of crypto technologies, recommendations on handling keys, key lengths, etc.
• North American Network Operators' Group (NANOG)
  - has archives of the nanog@merit.edu list (see below)

Security-oriented Email Distribution List Archives

• Cryptography@metzdowd.com <-- this is the current incarnation of this list. The immediately prior incarnation of this list was: Cryptography@wasabisystems.com, and the original incarnation of the list was: Cryptography@c2.net. (The archives for all list incarnations are ensconsed at the The Mail Archive, a generously free email list archive site)
• Firewall Wizards (web-based archive of moderated email discussion list)
• Insecure.org (exploits, vulnerabilities, news, security-oriented email list archives, etc.)
• North American Network Operators' Group (NANOG list archive)
• SecurePoint.com (archive of several security-oriented email distribution lists)
• UK-crypto (email distribution list archive)
• Cypherpunks mailing list hyperarchive

Analyst Organizations (mostly commercial)...

• The Burton Group (TBG) (distributed systems)
• Forrester Research (internet commerce)
• Jupiter Communications (internet commerce)
• METAGroup (distributed systems)

Certification Organizations

• Computer Security Institute (CSI)
• International Information Systems Security Certification Consortium (ISC)²

Free Software/Open Source Resources...

• Apache.Org
• BSD.Org
• FreePatents.Org
• Free Software Foundation
• Internet Software Consortium
• Linux International
• Linux Online
• Mozilla.Org (open source, Netscape-derived WWW browser)
• Nerd's Heaven (not only "open source", but also pretty-good-price, etc)
• OpenLDAP (public domain, open source, standalone, LDAP-based Directory Server, and development community)
• OpenSource.Org
• Project Gutenberg (making books-in-the-public-domain available-in-the-Internet-quadrant-of-the-public-sphere)
• Sendmail.Org
• SourceForge.Net (an awesome information/repository/development/sharing resource)

• CyberCash
• The Internet Bearer Underwriting Corporation
• E-Gold

• ACM Transactions on Information and System Security
  (A great resource of in-depth, peer-reviewed papers)
• Cyberspace Law Jounal
• f ¡ ® s T - m o ñ d @ ¥
  (peer-reviewed Internet-based journal, from folks at the University of Illinois @Chicago Libraries)
• Harvard Business Review (from Harvard, duh)
• Highwire Press

(overall Internet resource for scientific journals, including Science, from folks at Stanford University Libraries)
• The Information Society (a referreed journal)
• Nature (The Nature)
• Stanford Technology Law Review
• Technology Review (from MIT)

• Berkman Center for Internet and Society
  (at Harvard Law School)
• Crypto Law Survey (a project of Bert-Jaap Koops)
• Cyberspace Law Institute
  (an independent organization, but with ties to prominent law schools including Georgetown University Law Center)
• Interesting-People
  (an email distribution list project of Dave Farber's at the Computer and Information Science Department of UPenn)
• Internet Law
  (a class at University of Miami School of Law, taught by Prof. Michael Froomkin)
• Law News Network
• The OpenLaw project
• Politech
  ( Declan McCullagh's email distribution list and web page for info about tech, science, society, & law)
• QuickLinks
  (a project of Richard Swetenham's. "Internet, information society, information content , Legal and regulatory aspects, market and technology")
• Red Rock Eater News Service
  (a project of Phil Agre's at the UCLA Department of Information Studies)
• Samsara's Web Server
  (Maintained by and for Peter D. Junger, a Law Professor at Case Western Reserve University. Has a multitude of links to further resources, including much info on court cases testing the notion of computer software as 1st Amendment-protected speech.)
• School of Information Management & Systems

(at University of California, Berkeley)
• Center for   Social Informatics at Indiana University
  (has good set of links to related research efforts at other universities. Also note the Scholarly Communication and Information Technology project there. Rob Kling is the PI/Director of all.)
• Stanford Encyclopedia of Philosophy (a cool example of a "dynamic reference work" and of use of Internet-based distributed authoring)
• Stanford Law and Technology Policy Center
  (at Stanford Law School)
• Tasty Bits from the Technology Front
  (a project of Keith Dawson's. "Timely news of the bellwethers in computer and communications technology that will affect electronic commerce.")
• The UCLA Online Institute for Cyberspace Law and Policy
• Unit for Internet Studies

(an independent organization with ties to European and American universities and companies)

• Chronicle of Higher Education
• Cluebot.com (politics, technology, privacy, free speech, antitrust, the role of gummint)
• The Daily Howler (great site critically analyzing the lame inaccuracies in the mass media's political coverage)
• Doctor Dobbs' Jounal (geek out)
• Domainz Global News (news petaining to the Domain Name System, the Internet's glue)
• DNSPolicy.Net (ditto to Domainz Global News. In Slashdot style.)
• The Economist
• The Edge (where various pundits, cyber elitists, cybernetic totalists, and anti-<all foregoing> hang out and mouth off)
• Federal Computer Week
• FEED
• FreeBSD Rocks
• Freshmeat
• Hacker News Network (a good source for security'n'hackin' happenin's)
• Intellectual Capital
• Kuro5hin.org ("technology & culture, from the trenches")
• Law News Network
• Mother Jones Interactive
• Need To Know
• Network Analysis Times (a pretty geeky sheet)
• NewsForge (a Slashdot sister-site)
• NPR.org (great news resource, includes audio archives of Morning Edition and All Things Considered)
• OSALL (great resource on security and privacy and news re crackers' doin's)
• PBS.org (great news resource, includes free transcripts of the News Hour program)
• phrack (another cracker/hacker mag (now defunct? circa Sep-2000?))
• The Progressive Review
• Red Herring
• Rootprompt.org
• RTMark
• The Register
• This is True
• Salon
• Seattle Weekly
• Segfault.Org
• Slashdot.Org
• Technocrat.net (focusing on technology policy)
• Technology Review (from MIT)
• Telecom Digest
• User Friendly
• VMyths (virus myths and such)
• VooDoo
• Wired News

• Bruce Schneier's..
  • Index of Cryptography Papers Available Online
  • Index of Online Bibliographies
• The Collection of Computer Science Bibliographies
• Cryptology ePrint Archive (non-referreed repository at UCSD)
• Dictionary of Algorithms, Data Structures, and Problems
• The Hypertext Bibliography Project
• The Network Bibliography (a project of Henning Schulzrinne)
• Network Security Library (a good resource for a variety of security-oriented docs)
• ResearchIndex (a project by NEC Research Institute)
• The Unified Modeling Language (UML) Bibliography
• Useability of Computer Security: A Bibliography

Publishers

• Springer-Verlag
  • Lecture Notes In Computer Science (LNCS)
  • LNCS WWW-database (by subscription only, it seems)