CBLCyberbanking & Law

Institut für Rechtsinformatik

Facultad Libre de Derecho de Monterrey
Latest Entries
Hacking in General

  • BMWi - Sicherheit im Internet
    Eine Initiative des Bundesministeriums für Wirtschaft und Technologie, des Bundesministeriums des Innern und des Bundesamtes für Sicherheit in der Informationstechnik. Diese Initiative möchte Ihnen durch praktische Tips und Branchenlösungen, verständlich aufbereitete Einführungen und fundierte Quellensammlungen den Zugang zu einem sicheren Internet erleichtern.

  • CERT Coordination Center
    Originally, their work was almost exclusively incident response. Since then, they have worked to help start other incident response teams, coordinate the efforts of teams when responding to large-scale incidents, provide training to incident response professionals, and research the causes of security vulnerabilities, prevention of vulnerabilities, system security improvement, and survivability of large-scale networks.

  • Computer Crime and Intellectual Property Section
    An American governmental site with the goal to challenge unlawful conduct involving the use of the Internet.

  • CVE
    The Common Vulnerabilities and Exposures (CVE) list is: A list of standardized names for vulnerabilities and other information security exposures.CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. A dictionary, not a database. The goal of CVE is to make it easier to share data across separate vulnerability databases and security tools. While CVE may make it easier to search for information in other databases, CVE should not be considered as a vulnerability database on its own merit.

  • FIRST
    This coalition, the Forum of Incident Response and Security Teams (FIRST), brings together a variety of computer security incident response teams from government, commercial, and academic organizations. FIRST aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large. Currently FIRST has nearly 70 members.

  • NIPC
    The National Infrastructure Protection Center serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity, providing timely warnings and comprehensive analysis.

  • p@sswort.de
    Die essential media GmbH startet den Web-basierten deutschsprachigen Dienst für Internet-Sicherheit. passwort.de ist so strukturiert, daß es den verschiedensten Ansprüchen von professionellen Anwendern und Entscheidern gerecht wird. Sie können unter Stichwörtern wie E-Commerce, Firewalls, Viren oder Verschlüsselung suchen, wenn sie aktuelle Informationen zu bestimmten Themenbereichen finden wollen.

  • Princeton's Secure Internet Programming
    The Department of Computer Science of Princeton University studies problems in computer security, especially mobile code systems such as Java, ActiveX, and JavaScript. They try to understand how security breaks down, and to develop technology to address the underlying causes of security problems.

Secure Transmission

  • Crypto Software
    Listing of servers offering free crypto software.
    (via jya.com)

  • fideAS mail
    The German firm APSEC proposes a product called fideASmail allowing PKI secure mail communications between users with different clients, through an implementation under winsock.

  • FINJAN
    A leader in mobile code security.

  • HBCI
    Im Auftrag der Spitzenverbände der deutschen Kreditwirtschaft wurde die Schnittstellenspezifikation HBCI (Homebanking Computer Interface) als ein neuer Standard für zukunftsweisendes Homebanking entwickelt.HBCI ist eine multibankfähige Homebanking-Schnittstelle und beschreibt die Schnittstelle zwischen Kundenprodukt und Kreditinstitutssystem. Mit der mehrsprachigen Ausrichtung von HBCI wird der Forderung nach einem internationalen Homebanking-Standard Rechnung getragen.

  • HBCI-Kernel
    Der HBCI-Kernel unterstützt die schnelle und einfache Entwicklung von Homebanking-Anwendungen, indem er gemeinsam verwendete, geschäftsvorfallsunabhängige Komponenten, wie zum Beispiel Dialogablauf, Signatur und Verschlüsselung von der HBCI-Anwendung trennt und über ein einheitliches API zugänglich macht. Der Kernel unterstützt den Entwickler beim Einhalten der Schnittstellenspezifikation und vereinfacht die Durchführung von Transaktionen mit dem Institutsrechner.

  • Java Security API
    Java has been developped by Sun, which maintains its own page about security issues, especially concerning applets.
    (via Java Technology)

  • Papers on cryptography
    This page is dedicated to governemental papers on cryptography
    (via jya.com)

  • Publius
    Publius is based on proxi-servers and encrypted files making censorship nearly impossible. Developed by the Computer Science Department New-York University Waldman,it can be seen as a robust, tamper-evident, censorship-resistant Web publishing system.

  • Quantum Cryptography Tutorial
    Quantum cryptography is an effort to allow users of a channel to share secret information. Its advantage over traditional key exchange methods consists in showing that the exchange is secure in a very strong sense.

  • S.W.I.F.T.
    S.W.I.F.T. is the bank-owned cooperative supplying secure messaging services and interface software to over 7,600 financial institutions in ckose to 200 countries. S.W.I.F.T.'s global network carried over one billion messages in 1999. The average daily value of payment messages is above USD 5 trillion.

  • SafeX for UN/EDIFACT
    SafeX allows encryption and e-signature (AUTACK) in Edifact messages and supports PAYMUL.

  • Secure HTTP
    Secure HTTP is an extension to HTTP which provides a number of security features, including Authentification, Encryption, Nonrepudiation.
    (via Terisa Systems Inc.)

  • SSL-Talk FAQ
    Past discussions included issues of software development, cryptanalysis of the protocol and of its various implementations, testing, etc.
    (via Consensus Development Corporation)

  • Visa - New Technologies
    Internet shopping with VISA : credit cards, smart cards, Visacash.
    (via Visa International)

Specific topics

  • ADK Exploit to PGP
    On August 24, 2000, the German researcher R. Sendereck announced the discovery of an exploit in Pretty Good Privacy through the Additional Decryption Key.
    (via Sans Institute).

  • Anti-Phishing Working Group
    The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing and email spoofing of all types.

  • Attack-resistant trust metrics for public key certification
    This paper investigates the role of trust metrics in attack-resistant public key certification. The authors present an analytical framework for understanding the effectiveness of trust metrics in resisting attacks, including a characterization of the space of possible attacks. Within this framework, the authors establish the theoretical best case for a trust metric. Finally, they present a practical trust metric based on network flow that meets this theoretical bound.
    (Levien & Aiken, 1998)

  • Flash attacks against smartcards
    Researchers at the University of Cambridge have found a way to use a camera flash and microscope to extract data from smart cards.
    (2002, via slashdot)

  • Intrusion Detection Systems
    A NIST Special Publication on IDS.
    (Bace & Mell, 2001)

  • Java und ActiveX - Gefahr aus dem Internet ?
    Beschreibung der Technologien und die Gefahrenpotentiale.
    (Koke, 1998, via BSI)

  • NymIP
    The goal of NymIP is to create a set of standardized protocols for pseudonymity and anonymity at the IP layer, and a community of operators using those protocols.
    (via Sourceforge)

  • Results of the Security in ActiveX Workshop
    On August 2-23, 2000 the CERT hosted a workshop in Pittsburgh, Pennsylvania, for twenty invited experts to address security issues related to ActiveX controls. The primary goal was to identify the situations under which ActiveX and related technologies may be used safely and to produce a paper describing security concerns and configuration guidance.
    (via CERT)

  • RSA Algorithm Javascript Page
    Design of a model of RSA public-key crtosystem designed by C. Sullivan and R. Makmur.
    (via Oregon State University)

  • Security Tradeoffs: Java vs. ActiveX
    An unofficial view from the Princeton Secure Internet Programming Team.
    (via University of Princeton)

  • Steganography
    Selective papers dealing with the topic.
    (via jjtc.com)

  • The End of SSL and SSH ?
    Since the release of dsniff exploiting fundemental flaws in SSL and SSH, it seems that these two encryption protocols offer no more the necessary security in regard to e-commerce.
    (Seifried, 2001, via Security Portal)

  • www.trojaner-info.de
    Von einer privaten Person erstellten Site die sehr komplett über die Trojaner berichtet.

Latest Entries
Statutes
Decisions
Papers
Security Issues
Bibliography
Sites

News
Editorial
CBL - Journal


Editorial Board
Partners
Sponsors
Disclaimer

[ Latest Entries ] [ Statutes ] [ Decisions ] [ Papers ] [ Security Issues ] [ Bibliography ] [ Sites ]

[ News ] [ Editorial ] [ CBL - Journal ]

[ Editorial Board ] [ Partners ] [ Sponsors ] [ Disclaimer ] [ Index ]

(c) 1999-2000 J. Graham, M. Stefan
(c) 2001-2002 Cyberbanking & Law
All rights reserved
 cbl@jurix.jura.uni-sb.de