Fyodor's Good Reading List
Hacker Howto. This excellent essay by Eric Raymond (ESR) gives
very insightful instruction on how to become a respected member of the
- The Risks of Key Recovery, Key
Escrow, and Trusted Third-Party Encryption A great paper
released 27 May 1997 by several of the biggest names in encryption and
computer security, including Steven Bellovin, Matt Blaze, Whitfield
Diffie, and John Gilmore. This describes exactly why we aren't
going to let the government backdoor our crypto programs.
- Smashing The Stack For Fun And
Profit A great paper on buffer overflows by Aleph One. It is from Phrack49.
- Mudge's tutorial on writing Buffer overflows. Another good paper.
- IP hijacking paper A paper by
Laurent Joncheray on the workings of IP hijacking.
- The Hacker Crackdown A
truly excellent book by Bruce Sterling about the early hackers. Mr. Sterling kindly
(and much to the dismay of his publisher) decided to release the book
freely over the internet.
- Approaching Zero Another hacker book in electronic form. This one is about British phreaks.
- Security Problems in the TCP/IP Protocol Suite An old but very interesting (and sadly, still applicable in many ways) paper by Steven Bellovin himself.
- Them and Us:Chapter 6 of Paul Taylor's hacker book (basically publishing his dissertation)
- cifs.txt *Hobbit*'s excellent CIFS
- Hacker Encyclopedia This is a huge
compendium of hacker/computer/science fiction information written by Logic
Bomb. It is not word wrapped, so you will probably want to read it
emacs rather than netscape
- Tamperproof Smart Cards This is
a very interesting paper by Ross J. Anderson <email@example.com> It brings up a number of very interesting issues about defeating smart card
- Murphy's Law and Computer Security A paper by Wietse Venema which details many often overlooked aspects of computer
security and program bugs. This paper is loaded with examples.
- Insertion, Evasion, and
Denial of Service: Eluding Network Intrusion Detection A classic
apper by Thomas Ptacek and Timothy Newsham on techniques for evading Intrusion
Detection Systems. This was written in '98, but much of it still rings
true in '01 :( . [PDF version]
Lighter Reading / Misc