Stuff which hasn't (yet) made the grade

1. I've not had time to look at or try out properly, if at all,
2. Is probably not useful to most people,
3. Is wrong or inaccurate - misinformation is a problem when it comes to unix security,
4. Is too trivial.

I have put some effort into separating the wheat from the chaff when putting together my page. If you are a beginner at unix security allow me to tell you that the files on the main page ARE useful, you should spend time trying to understand them before wasting your time here.

The criteria I tend to use for the main page is "will it enable me to break into unix computers?". If you think something here deserves to be on my main page please mail me to tell me.

• A cgi hole - details of a hole in a cgi that some WWW sites may use, includes exploit details (WWW holes aren't something I've looked at myself yet).
• S/key flaws - flaws with a system of one time use passwords.
• tcpip_smb.txt - Security Problems in the TCP/IP Protocol Suite by S.M.Bellovin. This is fairly old but many of the points raised may still be valid today. (Written at a time when people thought security was all about disabling finger and making sure your system wasn't vunnerable to the attacks used by the great Internet worm. Not forgetting orange book security classifications of course ;-) ).
• ox docs - a load of documents I found at ftp.ox.ac.uk, and no, I haven't had time to read them all. I no longer have these locally but you can still get them from ftp://ftp.ox.ac.uk/pub/comp/security/doc/
• Linux security - a page that someone has on Linux security (BTW I do recommend Linux).