Honeypots and Other Deception-based Security Tools

One of the principles of  crime prevention is that you are attempting to increase the perceived risk to illegitimate users and decrease the perceived risk to legitimate users. This is kind of entrapment and it is often used in Intrusion detection via honeypots. Honeypots is highly recommended security tool for several reasons

First of all it changes the dynamic of the attack in favor of defender. In this case the intruder must attempt the intrusion before being able to discover if they can attack the vulnerable server or this is a trap. Thus we increase the perceived risk and hopefully the intruder tries his skills somewhere else.

The simplest form of honeypot is so called honeyport -- as IP interface connected to snort or other network IDS but that has no other legitimate purpose. In this case scans detected on this port (or better several of them) can be correlated with scans of actual servers.

One of the earliest honeypots was "The deception toolkit" It  presented a system that appears to have well known vulnerabilities (i.e. old Sendmail etc). The system does not actually have these vulnerabilities, but the attacker cannot discover this from an 'innocent scan' they must actually attempt to exercise the vulnerability

root6 ([email protected])
Fri, 1 Jan 1999 18:56:08 -0800

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Tomas Halgas: "nmap can crash microsoft telnetd"
Previous message: Troy Davis: "Re: netscan.org - broadcast ICMP list"

A quick note to say that Deception Toolkit (DTK) is now running on my SCO Open Server 5.0.2 and 5.0.4 machines with Perl5.0004_4, thanks to  the generous (and patient) assistance of the author, Dr. Fred Cohen, who states that future releases will include SCO support.

This DTK is remarkable. Within three hours of successful installation, I was able to interdict a vexious (and peristent) little ankle-biter who has been troubling me for weeks.

Installation on SCO entailed generating a socket.ph.SCO file on the basis of socket.h, and editing Configure to reflect SCO as an option. After that, it was a snap.

A word of thanks is due Dr. Cohen for making this valuable tool freely available. Check it out, at http://all.net/dtk/dtk.html

Another classical case of deception are Trojan horses.  Fake su, for example, can be a useful Trojan horse.  Fake chmod is another, but it can break some scripts.

NEWS CONTENTS

• 20110404 : how-to-set-up-kippo-ssh-honeypot-on-centos-5 ( how-to-set-up-kippo-ssh-honeypot-on-centos-5, Apr 04, 2011 )
• 20070727 : freshmeat.net Project details for MITRE Honeyclient Project ( freshmeat.net Project details for MITRE Honeyclient Project, Jul 27, 2007 )
• 20070727 : Kojoney ( Kojoney, Dec 20. 2006 )
• 20060930 : Honeypot Forensics ( Honeypot Forensics, Sep 30, 2006 )
• 20060930 : An Investigation of a Compromised Host on a Honeynet Being Used to ... ( An Investigation of a Compromised Host on a Honeynet Being Used to ..., Sep 30, 2006 )
• 20060930 : Modelling the costs and benefits of Honeynets ( Modelling the costs and benefits of Honeynets, Sep 30, 2006 )
• 20060605 : Centralized Surveillance of Unused Address Space by using Virtual ... ( Centralized Surveillance of Unused Address Space by using Virtual ..., Jun 5, 2006 )
• 20010307 : CNN.com - Technology - Decoy nets gain backers in battle against hackers - by Ellen Messmer ( CNN.com - Technology - 'Decoy nets' gain backers in battle against hackers - , Mar 07, 2001 )
• 20000320 : Feature: Building a Honeypot by Lance Spitzner ( Feature: Building a Honeypot, Mar 20, 2000 )

Old News ;-)

[Apr 04, 2011] how-to-set-up-kippo-ssh-honeypot-on-centos-5

How To Set Up Kippo SSH Honeypot On CentOS 5.5

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Kippo is inspired, but not based on Kojoney. If you need more information about Kippo please visit its official site on http://code.google.com/p/kippo/. This tutorial shows how you can compile and install Kippo on a CentOS 5.5 server.

I do not issue any guarantee that this will work for you!

Python 2.6 Installation As you already know, CentOS only comes with Python 2.4, so you need to install Python 2.6 by using the tutorial from the following link:

http://www.geekymedia.com/tech-articles/rhel5-centos5-rpms-for-python-2-5-and-2-6/.

Important Notes!:

1) Just install the RPMs for the version that you want. You will need at least the base python version package and the libs package. 2) To start Python 2.6, type python26 at your command line rather than python. (Your original Python 2.4 is still installed.) 3) If you are installing packages with setuptools, make sure to use the correct python version. (i.e. python26 setup.py install)

Twisted, Zope Interface And Pycrypto Installation Twisted is an event-driven networking engine written in Python and licensed under the MIT license. Twisted projects variously support TCP, UDP, SSL/TLS, multicast, Unix sockets, a large number of protocols (including HTTP, NNTP, IMAP, SSH, IRC, FTP, and others), and much more.

cd /tmp wget http://twistedmatrix.com/Releases/Twisted/10.2/Twisted-10.2.0.tar.bz2 tar -xvf Twisted-10.2.0.tar.bz2 cd Twisted-10.2.0 python26 setup.py build python26 setup.py install

Zope is an open source web application server primarily written in the Python programming language.

cd /tmp wget http://www.zope.org/Products/ZopeInterface/3.3.0/zope.interface-3.3.0.tar.gz tar -xvf zope.interface-3.3.0.tar.gz cd zope.interface-3.3.0 python26 setup.py build python26 setup.py install

Pycrypto is a collection of cryptographic algorithms and protocols, implemented for use from Python.

cd /tmp wget wget http://www.amk.ca/files/python/crypto/pycrypto-2.0.1.tar.gz tar -xvf pycrypto-2.0.1.tar.gz cd pycrypto-2.0.1 python26 setup.py build python26 setup.py install

ASN.1 types and codecs (BER, CER, DER) implementation in Python programming language.

cd /tmp wget http://sourceforge.net/projects/pyasn1/files/pyasn1-devel/0.0.12a/pyasn1-0.0.12a.tar.gz/download tar -xvf pyasn1-0.0.12a.tar.gz cd pyasn1-0.0.12a python26 setup.py build python26 setup.py install

Create Regular User Kippo doesnt run under root user! So we must create a regular user.

useradd kippouser

Download Kippo Source Package You need to download latest version of Kippo source package from http://kippo.googlecode.com.

su - kippouser wget http://kippo.googlecode.com/files/kippo-0.5.tar.gz tar -xvf kippo-0.5.tar.gz cd kippo-0.5

Configure Kippo vi kippo.cfg

	vi kippo.cfg 

#
# Kippo configuration file (kippo.cfg)
#
[honeypot]
# IP addresses to listen for incoming SSH connections.
#
# (default: 0.0.0.0) = any address
#ssh_addr = 0.0.0.0
# Port to listen for incoming SSH connections.
#
# (default: 2222)
ssh_port = 2222
# Hostname for the honeypot. Displayed by the shell prompt of the virtual
# environment.
#
# (default: sales)
hostname = sales
# Directory where to save log files in.
#
# (default: log)
log_path = log
# Directory where to save downloaded (malware) files in.
#
# (default: dl)
download_path = dl
# Directory where virtual file contents are kept in.
#
# This is only used by commands like 'cat' to display the contents of files.
# Adding files here is not enough for them to appear in the honeypot - the
# actual virtual filesystem is kept in filesystem_file (see below)
#
# (default: honeyfs)
contents_path = honeyfs
# File in the python pickle format containing the virtual filesystem. 
#
# This includes the filenames, paths, permissions for the whole filesystem,
# but not the file contents. This is created by the createfs.py utility from
# a real template linux installation.
#
# (default: fs.pickle)
filesystem_file = fs.pickle
# Directory for miscellaneous data files, such as the password database.
#
# (default: data_path)
data_path = data
# Directory for creating simple commands that only output text.
#
# The command must be placed under this directory with the proper path, such
# as:
#   txtcmds/usr/bin/vi
# The contents of the file will be the output of the command when run inside
# the honeypot.
#
# In addition to this, the file must exist in the virtual
# filesystem {filesystem_file}
#
# (default: txtcmds)
txtcmds_path = txtcmds
# Public and private SSH key files. If these don't exist, they are created
# automatically.
#
# (defaults: public.key and private.key)
public_key = public.key
private_key = private.key
# Initial root password. Future passwords will be stored in
# {data_path}/pass.db
#
# (default: 123456)
password = 123456
# IP address to bind to when opening outgoing connections. Used exclusively by
# the wget command.
#
# (default: not specified)
#out_addr = 0.0.0.0
# Sensor name use to identify this honeypot instance. Used by the database
# logging modules such as mysql.
#
# If not specified, the logging modules will instead use the IP address of the
# connection as the sensor name.
#
# (default: not specified)
#sensor_name=myhostname
# Fake address displayed as the address of the incoming connection.
# This doesn't affect logging, and is only used by honeypot commands such as
# 'w' and 'last'
#
# If not specified, the actual IP address is displayed instead (default
# behaviour).
#
# (default: not specified)
#fake_addr = 192.168.66.254
# MySQL logging module
#
# Database structure for this module is supplied in doc/sql/mysql.sql
#
# To enable this module, remove the comments below, including the
# [database_mysql] line.
#[database_mysql]
#host = localhost
#database = kippo
#username = kippo
#password = secret
 

Start Kippo ./start.sh

Log File By default kippo output will be redirected to the file log/kippo.log. To see the Kippo logging data use the following command:

tail -f log/kippo.log

Note: How To Make Kippo Accessible To The World! By default,Kippo is running on port 2222. If its running on Windows, port 22 is usually free and it's ok to run kippo on that port. On linux, port 22 is restricted for root only, except if you do this (quote from #twisted):

iptables -t nat -A PREROUTING -i IN_IFACE -p tcp --dport 22 -j REDIRECT --to-port 2222

Replace IN_IFACE with your real interface name such as eth0!

Testing Connect to the Kippo server on port 2222 by using root as username and 123456 as password.

ssh 127.0.0.1 -p 2222 -l root

You must see the following banner after successful login:

sales:~#

[Jul 27, 2007] freshmeat.net Project details for MITRE Honeyclient Project

A 'honeypot' is designed to detect server-side attacks. In contrast, a 'honeyclient' is designed to detect client-side attacks. Specifically, a honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner (by compromising the client). Honeyclients can proactively detect exploits against client applications without known signatures. This framework uses a client-server model with SOAP messaging as the primary communication method, and uses the free version of VMware Server as a means of virtualizing the client environment.

Release focus: Initial freshmeat announcement

[Dec 20. 2006] Kojoney A honeypot that emulates an SSH server.

[Sep 30, 2006] [PPT] Honeypot Forensics

[Sep 30, 2006] [PDF] An Investigation of a Compromised Host on a Honeynet Being Used to ...

[Sep 30, 2006] [PDF] Modelling the costs and benefits of Honeynets

[Jun 5, 2006] [PDF] Centralized Surveillance of Unused Address Space by using Virtual ...

[Mar 07, 2001] CNN.com - Technology - 'Decoy nets' gain backers in battle against hackers - By Ellen Messmer

(IDG) -- As hackers obtain ever more dangerous and easy-to-use tools, they are being countered by novel defense strategies. Witness the experimental idea of setting up a decoy network separate from your real one to fool intruders as they try to fool you.

This so-called "deception" network is envisioned as more than just a single server set up to be a "honeypot," where hackers may break in, find a dead end and have their activities recorded with an eye toward prosecution. Rather, the decoy net is an entire fake network, complete with host computers on a LAN with simulated traffic, to convince hackers for as long as possible that it's real.

Experts debate whether such nets will be worth the effort, but agree they can be a way to slow hackers long enough to sort the curious from the truly destructive.

A group calling itself The Honeynet Project has quietly begun testing decoy networks on the Internet and soon plans to publish a paper on how to build one.

According to Ed Skoudis, chief security strategist at Predictive Systems, the idea is the brainchild of Sun security consultant Lance Spitzner. "We set up honeypots to watch hacker activity," says Skoudis, who participates in the invitation-only group and spoke about new hacker tools and defenses at last week's InfoSec show.

The Honeynet Project is not intended to prosecute intruders who haplessly wander into their elaborate decoys, but to study hacker responses in depth in order to devise the best decoy defenses. There are only a few commercial honeypot-style products on the market, including Network Associates' CyberCop Sting and Recourse Technologies' ManTrap.

Other decoy networks do slow intruders with an eye toward collecting evidence to prosecute them, says Rusty Miller, an executive at Veridian Information Systems.

"To collect evidence, you need to divert the hacker to a deception network," says Miller, who claims to have built deception networks for secretive government agencies. He says the idea is to feed back information about what hackers do to a kind of "deception central" for network administrators. "The time the hackers are dealing with a deception environment is time they're not in your network," he says.

It is possible to create a deception network that has the same IP network address as your real network, Miller says. He acknowledges deception nets carry obvious administrative burdens, such as the need to generate realistic traffic to fool a hacker and maintain a network no one really uses. He notes the risk that administrators will lose track of what's real and what's not.

These deception techniques have doubters. Steve Manzuik, security analyst at BindView, appreciates the work being done by The Honeynet Project and would like to contribute, but he remains skeptical.

"It's not clear yet you can fool a lot of people with this deterrent," he says.

Meanwhile, hackers continue to learn new tricks.

The past year has seen the emergence of a new breed of distributed port scanners and sniffers that make it easier for attackers to hide their intent, Skoudis says.

There's now a kernel-level root-kit for Linux, called Knark, which when installed by hackers changes the operating system to hide files and present false information to administrators. And another new one, called Dsniff, can be used to capture traffic on Ethernet switches and inject traffic into a network to direct traffic to itself, known as the man-in-the-middle attack.

"It's pretty nasty stuff," Skoudis says. "For very sensitive networks, you may want to activate port-level security on your switches."

Many tools that let hackers carry out surveillance are now Web-based, according to David Rhoades, director of systems engineering at AppGate, who also spoke at the conference. "Why Web-based? It's easy. No complicated downloads or zip files. They can hack from anywhere, and it's anonymous."

While a talented few among hackers actually make attack tools, many of these tools today are freeware.

And they're posted on dozens of techie sites, not the secret underground.

BindView security analyst Manzuik says his firm late last year developed a tool to test for the so-called Naptha denial-of-service attack affecting at least seven major operating systems.

The tool, which involves launching an attack to determine operating system weakness, was given solely to vendors but somehow ended up posted on the Packetstorm site in its depository for tools.

In the wrong hands "this tool is dangerous," Manzuik says. "But that version isn't as dangerous as other versions that will be released."

[Mar 20, 2000] Feature: Building a Honeypot by Lance Spitzner

Recommended Links

Softpanorama Recommended

Top articles

Sites

Honeypot (computing) - Wikipedia, the free encyclopedia

Niels Provos. A Virtual Honeypot Framework. In Proceedings of the 13th USENIX Security Symposium, August 2004.

HoneyNet Project

Articles

[Ap 07, 2003] Honeypots The next intrusion detection solution ZDNet Australia News Security By Lance Spitzner

In this special report for ZDNet Australia Lance Spitzner, the founder of the Honeynet Project, explains why honeypot technologies are becoming a commercially relevant and acceptable intrusion detection methodology.

Detection systems identify and alert on unauthorised activity, and are a critical element of security.

Detection is critical for two reasons. First, if you can detect an event before it happens, you can prevent damage from occurring. For example, if you detect an employee looking at company files they shouldn't be, it may be possible to stop them before they can do any damage. Second, if a compromise does occur, the sooner you detect and respond to the compromise, the better you can minimise the damage. For example, if an attacker breaks into a company's mail-server, the damage that is done depends on how soon the attack is detected.

If it takes weeks or even months for a compromise to be detected, an attacker will have had unlimited access to the target company's communications for an extended period of time, which could be devastating.

If the attack was immediately detected, the attacker could be removed from the system, and the mail-server rebuilt in a more secure manner. Early and successful detection can prevent or mitigate the compromise of data and resources.

The next challenge becomes: How do you successfully detect a compromise? The most common method has been Network Intrusion Detection Systems, otherwise known as NIDS. This technology works by monitoring network traffic. When it identifies anything it considers an attack, it generates an alert, notifying the administration. The trick is defining and identifying what an attack is. Different NIDS use different technologies, such as signatures, rules based, or anomaly detection. Each technology has its own advantages and disadvantages, but they all share some common problems.

• Data Overload: These solutions tend to generate an extremely large volume of alerts. This volume makes it time consuming, resource intensive, and costly to analyse and review all the alerts the NIDS generate. For example, I know of organisations with over 100,000 alerts a day.
• False Positives: Many of these alerts are false alerts. The NIDS thought it saw an attack, but was wrong. You can quickly have a situation where the 'little boy cried wolf'. If your technologies are repeatedly generating false positives, administrators begin to ignore the technology.
• False Negatives: It can difficult for some NIDS technologies to discover or identify unknown attacks or behaviour. This leaves organisations vulnerable to new attacks.
• Resources: NIDS require resource intensive hardware to keep up with organisation's activity and traffic. The faster your network and the more data you have, the bigger your NIDS will have to be to keep up.
• Encryption: More and more organisations are moving to encryption, all of the data is encrypted. This is due to security issues, regulation, and encryption technologies are more widely available (SSH, SSL, IPSec). However, these same technologies blind the NIDS so they can no longer monitor the network traffic.

There is a new technology that can address many of these issues in detection: honeypots. Honeypots are a relatively new security technology and are unique for two reasons. First, they work by having the bad guy actually interact with them. Second, honeypots are not a solution; they do not fix a specific problem. Instead, they are a highly flexible tool with multiple applications for security, from preventing attacks, to detecting unauthorised activity, to gathering intelligence on black-hat (bad-guy) hackers. One of the best applications of honeypots is detection because they address many of the problems associated with traditional detection.

The concept of honeypots is simple. They are a resource that has no authorised activity and no production value. This means that any interaction with a honeypot is most likely malicious or unauthorised. Any connections sent to the honeypot are most likely a probe, scan or attack. Honeypots can work in many different ways and come in many shapes and sizes. They can be a simple program that emulates different services, detecting any connections to it, such as Specter. A more advanced honeypot, such as Honeyd, can monitor all of your unused IP space with attackers interacting with virtual honeypots.

Honeypots can also be as advanced as entire networks of real systems waiting to be compromised, such as Honeynets (groups of networked honeypots) or ManTrap. Which honeypot is best for you depends on what you want to achieve. For detection, simple honeypots that emulate systems and services, such as Specter and Honeyd, are the best for detection.

These simple honeypots can have tremendous advantages for detection. While honeypots should never replace NIDS, their advantages make them a powerful tool to address the problems of NIDS. Advantages of honeypots include:

• Small Data Sets: Honeypots only collect data when someone or something is interacting with them. Organisations that may log thousands of alerts a day may only log a hundred alerts with honeypots. This makes the data honeypots collect much easier to manage and analyse.
• Reduced False Positives: Honeypots dramatically reduce false positives. Any activity with honeypots is by definition unauthorised, making it extremely effective at detecting attacks.
• Catching False Negatives: Honeypots can easily identify and capture new attacks against them. Any activity with the honeypot is an anomaly, making new or unseen attacks easily stand out.
• Minimal Resources: Honeypots require minimal resources, even on the largest of networks. A simple Pentium computer can monitor literally millions of IP addresses.
• Encryption: It does not matter if an attack is encrypted, the honeypot will capture the activity.

It is because of these advantages that honeypots make a simple and cost effective technology for detection, so while they do not replace any existing solutions, they can definitely help organisations with detection.

Lance Spitzner

To Build a Honeypot - 7 June, 2000

One method of building your own honeypot to learn more about the black-hat community. The tools and methods discussed are some of the original methods for the "Know Your Enemy" series. This paper is out of date, the Honeynet Project will be releasing a new paper on their techniques developed over the past two years.

Under fire!

The Turing Test Is Not A Trick Turing Indistinguishability Is A Scientific Criterion

Deception Toolkit

Anecdotes

• Illusionworks

Art of Deception Government Corruption, Covert

[Aug 12, 1999] 'Decoy' Tracks, Traps Attackers

Blocking attacks on their networks is no longer enough for IT managers. Now, they want to track and even apprehend intruders.

To that end, a new security company called Recourse Technologies Inc. will unveil software next week that will give IT managers the ability to contain and actually take control of malicious activities being carried out by hackers.

Working in conjunction with a company's firewall, Recourse's ManTrap software directs hackers that have obtained unauthorized network access to a decoy system. Once the intruder is trapped inside the decoy, security managers can monitor hacking activity and gather data for prosecution.

The concept of decoy systems or ⌠honey-pots, which entice hackers by appearing to be legitimate systems with valuable information, is gaining momentum as attacks increase, industry experts said.

The increase in companies opening their networks to users and partners, moreover, is driving the need for such new tools.

To date ⌠there aren't many [commercial decoy] tools, so organizations are forced to create their own capabilities, said Peter Stephenson, director of technology for Enterprise Networking Solutions' global security division. As more companies look for ways to gather data on suspicious activity, decoy systems will become more important, said Stephenson, an expert in computer forensics.

Network Associates Inc. announced a similar product in April with CyberCop Sting. However, with no user feedback yet, the system is unproven.

ManTrap has been tested, at least in its early development stage. The software was developed at Exodus Communications, a provider of IT outsourcing services, where it was used as a spoof box for redirecting suspicious activity picked up by the firewall, said Frank Huerta, Recourse's president and CEO. Huerta, a former product manager at Exodus, and Michael Lyle, another former Exodus employee, decided to package the software and bring it to market.

Even in its early version, the spoof box was able to track and trap an intruder who hacked his way into one of Exodus' Linux systems, said Leroy Lacy, director of risk management and security at Exodus.

He probably had root access on 2,000 [different] systems across the Internet, Lacy said.

Even though the spoof box allowed Exodus to track and shut down the intruder, the box ⌠was fairly labor-intensive, Lacy said. You had to do a lot of work to populate the box, so it would look like something that you weren't supposed to have access to.

ManTrap, however, has more automated functions so users can customize the decoy system to fit their needs, said Lacy, who is beta testing the software.

Once ManTrap is installed on a server, it automatically creates false data sets, said Huerta. But a security manager can input names of company executives and other information to give the server the look and feel of your business, said Fred Kost, vice president of product marketing at Recourse.

ManTrap will be available in September at a cost of $3,495 per server.

Tools

Shawn F. Mckay, Dummy "su" program
Abstract: This program is intended to help an intruder who does not know the system (many work from "cheat sheets") to trip alarms so the rightful sysadmin folks can charge to the rescue.

Wietse Venema, Eindhoven University of Technology, fake-rshd

Abstract: Echo the specified arguments to the remote system after satisfying a minimal subset of the rshd protocol. Works with the TCP Wrapper to send an arbitrary message back to someone trying to make an rsh/rlogin connection.

Title: fake-rshd
Authors: Wietse Venema Eindhoven University of Technology
File size: 2866 bytes

Rsucker

Lionel Cons, Rsucker
Abstract: A perl script that acts as a fake r* daemon and log the attempt is syslog. Byte sucker for r* commands.

Random Findings

Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotes :  Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce :  Bernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS :  Programming Languages History : PL/1 : Simula 67 : C : History of GCC development :  Scripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month :  How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Created: May 16, 1997; Last modified: March 12, 2019