Security, Privacy and Encryption

Security
Privacy
Cryptography

Security

EcomRISK: Objective of site is to create and maintain a comprehensive data resource of all possible types of E-Commerce misuse, in which E-Commerce risk cases and misuses are documented and collected to be analyzed (characterized) and classified for mining.
SANS Institute: Cooperative research and educational organization for security.
Security resources: From Computerworld.
Network Associations E-mail Security site: Mostly dealing with email issues.
International Computer Security Association: Certifies products and people.
Computer Virus Myths: Hoaxes of various sorts.
AVP Virus Encyclopedia: Virus tutorials, etc.
SAFE bill: Policy resources about SAFE, from Computerworld.
ACM Crypto Study: Nice report from the ACM.
Crypto Law Survey: Survey of cryptography law in various countries.
Digicrime: Lots of stuff about digital crime, some humerous, some not.
Web Spoofing: An Internet Co Game: Report from Princeton CS department about security risks on the Web.

Java and security

Crime and war

Information Warfare: The definitive site for information warfare.
"Toward a Functional Model of Information Warfare": by L. Scott Johnson.
Compuer Forensics: From Computerworld.
CIFS: Common Insecurities Fail Scrutiny: Description of some security flaws in Microsoft Windows NT.
Microsoft's Security Update Page: FAQs, bug fixes, etc.
Chaos Computer Club ActiveX Hack: A German computer club wrote an ActiveX applet that would transfer money from your Quicken account. Here are some news stories about it.
National Computer Security Association: Wealth of information about Computer Security.
Department of Defense Trusted Computer Systems Evaluation Criteria: The trusted computer system evaluation criteria defined in this document classify systems into four broad hierarchical divisions of enhanced security protection. They provide a basis for the evaluation of effectiveness of security controls built into automatic data processing system products.
Internet security survey: A survey of 2200 high-profile, commerce-oriented Web sites. Two-thirds had significant security problems; in a randomly-selected control group one-third had significant security problems.
CERT Coordination Center: The CERT Coordination Center is the organization that grew from the computer emergency response team formed by the Defense Advanced Research Projects Agency (DARPA) in November 1988 in response to the needs indentified during the Internet worm incident. The CERT charter is to work with the Internet community to facilitate its response to computer security events involving Internet hosts, to take proactive steps to raise the community's awareness of computer security issues, and to conduct research targeted at improving the security of existing systems.
Computer Incident Advisory Capability (CIAC): CIAC is the U.S. Department of Energy's Computer Incident Advisory Capability. Established in 1989, CIAC provides computer security services to employees and contractors of the United States Department of Energy. CIAC is an element of the Computer Security Technology Center (CSTC) and is located at the Lawrence Livermore National Laboratory.
LSE Computer Security Research Center: The goal of the centre is to study information systems security in order to develop understanding and knowledge of the subject and to disseminate the findings of the research among the academic and professional community.
Satan: Security Administrator's Tool for Analyzing Networks.
Security information on the Internet: A collection of resources compiled by Dan Farmer.
W3C Security Resources: This page contains links to various information pertaining to security on the World Wide Web.
Black Forest Group Top Level Security Issues: The BFG has recently identified the security of computer mediated communications as a critical need both for the internal protection of essential business processes and the protection of individuals who plan to use the global information infrastructure.
Ross Anderson's homepage: Very interesting set of papers on security issues. Also contains links to back issues of `Computer and Communications Security Reviews', a journal that provides abstracts in this area.
Peter Neumann's homepage: Lots of interesting security/risk links and papers.

Privacy

Economics of privacy: Web page with links to material related to the economics of privacy.
International Trade Administration Electronic Commerce Task Force: Web page describing Commerce Department's work to develop a "safe harbor" that would help U.S. organizations comply with the European Union's Directive on Data Protection.
Privacy Journal: Devoted to resources about privacy.
Privacy and Self-Regulation in the Information Age: NTIA report on privacy policy.
Articles, monographs, etc about privacy etc from OTA: Many useful surveys, overviews, etc.
LawResearch's privacy page: Privacy and Information Law Directory
Privacy and the NII: Useful whitepaper by the NTIA.
eTRUST: eTRUST's seeks to promote the mass adoption of electronic commerce by creating an infrastructure to establish and evolve guidelines on issues such as privacy, security and authentication.
Privacy Rights Clearinghouse: The Privacy Rights Clearinghouse (PRC) is a non-profit consumer education and research program administered by the University of San Diego's Center for Public Interest Law.
Center for Democracy and Technology Privacy Issues Page: Includes an interesting demonstration.
Michael Froomkin's homepage: Lots of useful papers and links.
EFF's Privacy / Online Commerce - Digital Money & Transactions Archives: From the Electronic Frontier Foundation.
Secure Electornic Transactions (SET): From Computerworld.
Smart cards: From Computerworld.
Anonymous Credit Cards: Along with its followup article Collusion with Anonymous Credit Cards.
CAFE project.: Conditional Access for Europe project to develop a secure electronic payment system and other applications which protects the privacy of the user.
PGPfone - Pretty Good Privacy Phone: PGPfone (Pretty Good Privacy Phone) is a software package that turns your desktop or notebook computer into a secure telephone. It uses speech compression and strong cryptography protocols to give you the ability to have a real-time secure telephone conversation via a modem-to-modem connection.
Signum Technologies Ltd: FBI = Fingerprinting Binary Images. Copyright management scheme.
National ID cards Policy: This is a Web page containing FAQs about the privacy issues raised by national ID cards.

Cryptography

"Risks of Key Recovery, Key Escrow and Trusted Third-Party Encryption: A white paper.
Steganography: Lots of resources about steganography (communicating in a way which hides the existence of the communication).
Digital signatures: From Computerworld.
International Developments Affecting Digital Signatures: An article by Stewart A. Baker, of lawfirm Steptoe and Johnson.
Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security: A study from Bell Labs about what length keys will suffice for security during the next few decades. Also available in ascii.
Encryption Policy Resource Page: Lots of links and information.
Encryption Policy: From Computerworld.
The risks of key recovery, key escrow, and trusted third-party encryption: Leading cryptographers and computer scientists report says government encryption plan is risky and impractical.
Commercial Encryption Export Controls: This page is intended to serve as a resource to exporters regarding encryption items transferred from the United States Munitions List (USML) to the Commerce Control List (CCL).
Brian Gladman's homepage: Contains information, critique, discussion about UK Encryption Policy.
Cryptography Policy and the Information Economy: Overview by Matt Blaze (Bell Labs). PostScript version also available.
TIS Worldwide Survey of Cryptographic Products: In order to determine how widespread cryptography is in the world, _Trusted Information Systems_ has been conducting a survey of products employing cryptography both within and outside the U.S. Some amount of information about specific products here and there was available, but no one has ever assembled a comprehensive database with, where possible, verification of product availability.
Links to Cryptography and Security Resources: Maintained by Ronald L. Rivest.
Computer Science and Telecommunications Board: In particular, look at their "Cryptography's Role in Securing the Information Society" section.
Cryptography export controls: An index/archive of numerous cryptography export related documents.
Cyphernomicon FAQ: An elaborate collection of ideas about cryptography, privacy, and their legal repercussions.
Cryptographic Policy: Cryptographic policy news from EPIC.
The Cryptography Project: By Dorothy Denning. The purpose of the Cryptography Project is to promote the development and use of encryption products that meet the security and privacy needs of users and the public safety, law enforcement, and national security needs of nations.
Steptoe and Johnson LLP: Law firm dealing with encryption and other legal issues involving the Internet.
Electronic Postmarks: Service offered by US Post Office.