What are some good sites to learn about hacking and computer security???
you warm the cockles of my demented heart.
- the biggest, most relevant security site out there. It's mailing lists are a goldmine. Subscribe to bugtraq and security-basics in digest form, right now, if you are interested seriously at all.
there are some problems with the bugtraq list being slow, so you may want to subscribe to Vulnwatch, Secunia security alerts, and/or Full-Disclosure as well.
- biggest public tool repository and something of a security zine repository. has LOTS of fun stuff and old journals to play with...
- best website for Linux/BSD security I've seen.
that should be a good start.
the best book on attacks/pen-testing out so far that I've seen are Hacking Exposed 4th Edition, Hacking Windows X (where X = version), and Hacking Linux Exposed 2nd Ed.
the stuff in there is just a start though... what you really want to do is learn how everything really works... be able to defend anything, discover and write your own exploits, etc...
a lot of it is just plain starting small and working your way up, which is what I am doing right now.
nobody will hold your hand learning this stuff, but if you try hard by yourself and get stuck, politely ask for help and you should get it.
thanks for the info guys. I am very much a beginner and have an interest in learning quite a bit.
2600 mag is good for getting ideas to start doing stuff with.
but if you want real deep technical meat, Phrack.org beats it hands down. Plus it's free.
the problem with 2600 is they have to appeal to a more mainstream technical audience since they are a print mag and have costs, etc. so they have to dumb down some stuff, although there's usually at least one hardcore tech article in there.
phrack is totally net based, so they don't have to do shit to please their audience, and they will make brutal fun of the more clueless newbies who talk to them in the loopback section.
what I would really like to find are some good articles on cell phone cracking/reversing... I want to learn how cell phones work on a protocol and hardware level, and I would like to write some machine code (not stuff on the phone's JVM) that would allow me to totally block the E911 service on my phone or reenable it at will on my phone.
I know you can be tracked by triangluation with cell phone towers when you have a cell phone on to within a mile/500 yards, but at least there is some fuzziness there.... E911 tells anyone with the emergency access codes exactly where you are....
also, I would advise you to only practice penetrating your own boxes.
the odds of you getting caught messing with someone else's box is very low, but it does exist.
the odds are exponentially higher you will get caught if you don't know what you are doing yet.
it's extremely easy to fuck things up when you are root on a *nix box... this applies to adminstrators AND attackers.
that's only the practical side.... I personally wouldn't appreciate someone messing with my system, so do unto others as you would have them do unto you, etc.
there's a law out that permits the death penalty for doing a hacking act that results in someone's death... this is probably not gonna happen anytime soon, but what happens if you accidently shut down a hospital's computer system by mistake during an major accident or epidemic?
by buying/scavenging old computers and putting a Unix variant on them, you can get a good test lab started pretty quickly.
you can also use programs like VMWare and Virtual PC to create virtual machines on your more modern and powerful machines, thereby getting the effect of many slower but still sufficent computers out of a modern one.
"also, I would advise you to only practice penetrating your own boxes."
Penetrate your own box, romo.
hey, my boxes are all bitches. I'm not the one who names my computers after Playgirl male models....
(realizes he shouldn't have revealed that he knows jgibson's computer naming system is based on Chippendales dancers)
(furiously loads the Defiler's Toolkit on jgibson's machines to destroy all forensic traces of Rob selling jgibson's bandwidth to spammers and disk space to warez kiddies)
(prepares alibi of blaming it all on the Welsh and/or Kevin Mitnick and/or the corrupting effects of marijuana if caught)
"(realizes he shouldn't have revealed that he knows jgibson's computer naming system is based on Chippendales dancers)"
How did you find out about Rob?
ok, that's just scary.
there were some good sites a while ago, closed down now, that had 1000's of articles on hacking. you pretty much had to already now wtf you were doing to understand most of it.
seems all the hacking is done in the unix world, because it's open architecture.
ice fortress used to be fun