Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Host-based IDS

News Recommended Books Recommended Links Recommended Articles FAQs Log analyzers Honeypots
AppArmor SELinux Rootkits Fighters Setuid Checkers Humor Random Findings Etc

Host-based systems are installed on the server or desktop and  can monitor not only network traffic but also key files, events and logs. They have lower level of false positives then NIDS.  For more informatrion see Architectural Issues of Intrusion Detection Infrastructure in Large Enterprises

 We can distinguish:

Robust intrusion detection requires multi-level approach and the return on investment is much higher on the host level than, say, on network level.

Tools such as Solaris Zones, RBAC, AppArmor can provide tremendous return on investment and cost nothing (they come free with Solaris and suse Linux respectively).

Each server has the ability to provide useful information about intrusions attempts via log. So syslog integration is one of the most important things in host based intrusion detection and probably the first thing to do.

Firewall logs are especially useful as connection to rogue ports are instant sign that something is wrong or that the box is scanned.   

There are a couple of important scripts that can be installed on each box:


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Apr 04, 2011] how-to-set-up-kippo-ssh-honeypot-on-centos-5

How To Set Up Kippo SSH Honeypot On CentOS 5.5

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Kippo is inspired, but not based on Kojoney. If you need more information about Kippo please visit its official site on http://code.google.com/p/kippo/. This tutorial shows how you can compile and install Kippo on a CentOS 5.5 server.

I do not issue any guarantee that this will work for you!

Python 2.6 Installation As you already know, CentOS only comes with Python 2.4, so you need to install Python 2.6 by using the tutorial from the following link:

http://www.geekymedia.com/tech-articles/rhel5-centos5-rpms-for-python-2-5-and-2-6/.

Important Notes!:

1) Just install the RPMs for the version that you want. You will need at least the base python version package and the libs package.

2) To start Python 2.6, type python26 at your command line rather than python. (Your original Python 2.4 is still installed.)

3) If you are installing packages with setuptools, make sure to use the correct python version. (i.e. python26 setup.py install)

Twisted, Zope Interface And Pycrypto Installation

Twisted is an event-driven networking engine written in Python and licensed under the MIT license. Twisted projects variously support TCP, UDP, SSL/TLS, multicast, Unix sockets, a large number of protocols (including HTTP, NNTP, IMAP, SSH, IRC, FTP, and others), and much more.

cd /tmp wget http://twistedmatrix.com/Releases/Twisted/10.2/Twisted-10.2.0.tar.bz2 tar -xvf Twisted-10.2.0.tar.bz2 cd Twisted-10.2.0 python26 setup.py build python26 setup.py install

Zope is an open source web application server primarily written in the Python programming language.

cd /tmp wget http://www.zope.org/Products/ZopeInterface/3.3.0/zope.interface-3.3.0.tar.gz tar -xvf zope.interface-3.3.0.tar.gz cd zope.interface-3.3.0 python26 setup.py build python26 setup.py install

Pycrypto is a collection of cryptographic algorithms and protocols, implemented for use from Python.

cd /tmp wget wget http://www.amk.ca/files/python/crypto/pycrypto-2.0.1.tar.gz tar -xvf pycrypto-2.0.1.tar.gz cd pycrypto-2.0.1 python26 setup.py build python26 setup.py install

ASN.1 types and codecs (BER, CER, DER) implementation in Python programming language.

cd /tmp wget http://sourceforge.net/projects/pyasn1/files/pyasn1-devel/0.0.12a/pyasn1-0.0.12a.tar.gz/download tar -xvf pyasn1-0.0.12a.tar.gz cd pyasn1-0.0.12a python26 setup.py build python26 setup.py install

Create Regular User Kippo doesnt run under root user! So we must create a regular user.

useradd kippouser

Download Kippo Source Package You need to download latest version of Kippo source package from http://kippo.googlecode.com.

su - kippouser wget http://kippo.googlecode.com/files/kippo-0.5.tar.gz tar -xvf kippo-0.5.tar.gz cd kippo-0.5

Configure Kippo vi kippo.cfg

	vi kippo.cfg 

#
# Kippo configuration file (kippo.cfg)
#
[honeypot]
# IP addresses to listen for incoming SSH connections.
#
# (default: 0.0.0.0) = any address
#ssh_addr = 0.0.0.0
# Port to listen for incoming SSH connections.
#
# (default: 2222)
ssh_port = 2222
# Hostname for the honeypot. Displayed by the shell prompt of the virtual
# environment.
#
# (default: sales)
hostname = sales
# Directory where to save log files in.
#
# (default: log)
log_path = log
# Directory where to save downloaded (malware) files in.
#
# (default: dl)
download_path = dl
# Directory where virtual file contents are kept in.
#
# This is only used by commands like 'cat' to display the contents of files.
# Adding files here is not enough for them to appear in the honeypot - the
# actual virtual filesystem is kept in filesystem_file (see below)
#
# (default: honeyfs)
contents_path = honeyfs
# File in the python pickle format containing the virtual filesystem. 
#
# This includes the filenames, paths, permissions for the whole filesystem,
# but not the file contents. This is created by the createfs.py utility from
# a real template linux installation.
#
# (default: fs.pickle)
filesystem_file = fs.pickle
# Directory for miscellaneous data files, such as the password database.
#
# (default: data_path)
data_path = data
# Directory for creating simple commands that only output text.
#
# The command must be placed under this directory with the proper path, such
# as:
#   txtcmds/usr/bin/vi
# The contents of the file will be the output of the command when run inside
# the honeypot.
#
# In addition to this, the file must exist in the virtual
# filesystem {filesystem_file}
#
# (default: txtcmds)
txtcmds_path = txtcmds
# Public and private SSH key files. If these don't exist, they are created
# automatically.
#
# (defaults: public.key and private.key)
public_key = public.key
private_key = private.key
# Initial root password. Future passwords will be stored in
# {data_path}/pass.db
#
# (default: 123456)
password = 123456
# IP address to bind to when opening outgoing connections. Used exclusively by
# the wget command.
#
# (default: not specified)
#out_addr = 0.0.0.0
# Sensor name use to identify this honeypot instance. Used by the database
# logging modules such as mysql.
#
# If not specified, the logging modules will instead use the IP address of the
# connection as the sensor name.
#
# (default: not specified)
#sensor_name=myhostname
# Fake address displayed as the address of the incoming connection.
# This doesn't affect logging, and is only used by honeypot commands such as
# 'w' and 'last'
#
# If not specified, the actual IP address is displayed instead (default
# behaviour).
#
# (default: not specified)
#fake_addr = 192.168.66.254
# MySQL logging module
#
# Database structure for this module is supplied in doc/sql/mysql.sql
#
# To enable this module, remove the comments below, including the
# [database_mysql] line.
#[database_mysql]
#host = localhost
#database = kippo
#username = kippo
#password = secret
 

Start Kippo ./start.sh

Log File By default kippo output will be redirected to the file log/kippo.log. To see the Kippo logging data use the following command:

tail -f log/kippo.log

Note: How To Make Kippo Accessible To The World! By default,Kippo is running on port 2222. If its running on Windows, port 22 is usually free and it's ok to run kippo on that port. On linux, port 22 is restricted for root only, except if you do this (quote from #twisted):

iptables -t nat -A PREROUTING -i IN_IFACE -p tcp --dport 22 -j REDIRECT --to-port 2222

Replace IN_IFACE with your real interface name such as eth0!

Testing Connect to the Kippo server on port 2222 by using root as username and 123456 as password.

ssh 127.0.0.1 -p 2222 -l root

You must see the following banner after successful login:

sales:~#

www.daemon.de - NabouConfig

www.daemon.de - Nabou

Nabou is a system integrity monitor. That means, it runs every night and watches for changes on files. If a file has changed in any way, it will inform you by email(if you prefer that). Beside of this it can also look for changed or added user accounts, cronjobs, weird processes and suid files. And you can define your own checks using inline scriptlets.

It stores the properties for each file in a dbm database and will warn you if something has been changed on a file. The most important thing to check for, is the MD5-checksum. This checksum will never be the same if the file content has changed even if only one letter has changed. But you can also look for some other properties, like ownership or filemode. See the section configuration for more details on that!

nabou requires perl and some Perl Modules.

If you are interested, here is a sample report generated by a nabou check run.

Securing Debian Manual - After Installation

Are you sure /bin/login on your hard drive is still the binary you installed there some months ago? What if it is a hacked version, which stores the entered password in a hidden file or mails it in cleartext version all over the internet?

The only method to have some kind of protection is to check your files every hour/day/month (I prefer daily) by comparing the actual and the old md5sum of this file. Two files cannot have the same md5sum (the MD5 digest is 128 bits, so the chance that two different files will have the same md5sum is roughly one in 3.4e3803), so you're on the safe site here, unless someone has also hacked the algorithm that creates md5sums on that machine. This is, well, extremely difficult and very unlikely. You really should consider this auditing of your binaries as very important, since it is an easy way to recognize changes at your binaries. Common tools used for this are sXid, AIDE (Advanced Intrusion Detection Environment), TripWire (non-free; the new version will be GPL), integrit and samhain.

Installing debsums will help to check the filesystem integrity, by comparing the md5sums of every file against the md5sums used in the Debian package archive. But beware, those files can easily be changed.

Furthermore you can replace locate with slocate. slocate is a security enhanced version of GNU locate. When using slocate, the user only sees the files he really has access to and you can exclude any files or directories on the system.

Setting up setuid check

Debian provides a cron job that runs daily in /etc/cron.daily/standard. This cron job will run the /usr/sbin/checksecurity script that will store information of this changes.

In order for this check to be made you must set CHECKSECURITY_DISABLE="FALSE" in /etc/checksecurity.conf. Note, this is the default, so unless you have changed something, this option will already be set to "FALSE".

The default behavior does not send this information to the superuser but, instead keeps daily copies of the changes in /var/log/setuid.changes. You should set the CHECKSECURITY_EMAIL (in /etc/checksecurity.conf) to 'root' to have this information mailed to him. . See checksecurity(8) for more configuration info.

Recommended Links

Google matched content

Softpanorama Recommended

Top articles

Sites

Honeypots, Intrusion Detection, Incident Response

Neohapsis Archives

Random Findings

Motorola Introduces New Weapon to Thwart Cyber Intruders Motorola's Intrusion Vision synthesizes network data, enabling rapid recognition and response to network attacks

Washington, D.C. - June 5, 2001 - Network administrators now have a new first line of defense in the protection of information assets. Motorola, Inc. announced today a visualization and analysis software tool that helps the user visually interpret network attacks at a glance and respond quickly.
Motorola Intrusion Vision provides a single, intuitive display of information received from many network and host-based intrusion detection sensors within a business or operation. Additionally, it can correlate attack information received from different sensors to let operators know of a serious attack. Because the data is displayed in near-real time, the user can react quickly based on responses defined by the operation's security policy. Rapid response can serve to eliminate or mitigate potential damage to the network.
"I respect the pedigree of Motorola's capabilities with security technology. This Windows TM-based commercial off-the-shelf security product incorporates that know-how," said Steve Lewis, an information security expert for PRO-telligent, LLC assigned to the Department of State. "Motorola Intrusion Vision proves simple and easy to operate, allows for better report creation and storage and it supports both commercial and public domain intrusion detection systems. It is a system that can prevent and protect rather than report and react after the fact. Correlating attack information before it gets too deep into the operator's system should be a cornerstone of sound network management and is a benefit of Motorola's technology."
John Cole, Vice President and General Manager of Motorola's Information Security Systems and Products Divisions says, "Visualization and correlation of network intrusion
information is a high priority with network administrators who are overwhelmed with the volume of textual data received from sensors. This product is the first step for anyone interested
in improving detection and reaction time. In addition to rapid response, Motorola Intrusion Vision can reduce the level of expertise and expense businesses devote to monitoring sensors for evidence of cybercrime."
Motorola Intrusion Vision features a graphical ring display resembling a bull's eye that operators can easily interpret. They can then access the underlying sensor data from the same screen. Use of an open Application Programming Interface (API) facilitates interoperability with a wide range of sensors and intrusion detection devices. The software is written in Java script and is portable to many hosts.
The unsolved problems of the intrusion detection world include predictive analysis. In other words, based on what happened in the recent past, we have an indication and warning of what attack is about to occur. The underlying technology of Motorola Intrusion Vision allows for simple, predictive analysis," says David O'Brien, a consultant for Epsilon Systems.
Protection of industrial information assets is just one area where Motorola, with demonstrated expertise in government-risk avoidance technology assets, is bringing advanced capability to the commercial world of information technology. Motorola Intrusion Vision will be available this month and priced starting at US$11,490 for the basic version.

About Motorola
Motorola, Inc. (NYSE:MOT) is a global leader in providing integrated communications solutions and embedded electronic solutions. These include software-enhanced wireless telephone, two-way radio, messaging and satellite communications products and systems, as well as networking and Internet-access products, for consumers, network operators, and commercial, government and industrial customers. Sales in 2000 were $37.6 billion.

Intrusion Detection Solutions Dragon Squire - Host Intrusion Detection

Why host based IDS?
Enterasys developed the Dragon Squire product line as a host based IDS for several reasons. First, simply put, NIDS have a real difficult time with encrypted traffic. Dragon Sensor has signatures which look for SSH activity, but no NIDS including Dragon Sensor can see inside that SSH session and look for login failures. Another large protocol which NIDS cannot decode are secure web transactions protected with SSL. Second, even though we think Dragon Sensor is one of the most advanced NIDS in existence, we believe that a determined hacker will bypass the NIDS and achieve compromise on a sensitive system host. This also accounts for a strong insider threat. Once an attacker has achieved system access, they may do something which will generate network activity and be detected by Dragon Sensor, but it is more likely that the attacker will do something directly to the targeted computer which will be detected by Dragon Squire. Any finally, our third reason to produce a HIDS was to be able to leverage it as a secure log aggregator to process router logs, firewall logs and many other sources of security information.

System Log Analysis
Dragon Squire is placed directly on key servers. Once loaded, it can be directed to monitor (or tail) key system log files and monitor them for suspicious activity. In the case of Windows NT and 2000, Dragon Squire can monitor the NT event log for activity as well.

Syslog Analysis
For routers and firewalls which do not have a local operating system to run Dragon Squire, libraries to analyze the Syslog messages from those devices can be placed on a dedicated log server which runs Dragon Squire. For example, a router farm could use Syslog to send events to a dedicated Linux server running the Dragon Squire software and the libraries for the logs from the routers. In this case, Dragon Squire does not receive or process the Syslog message directly, and instead relies on the underlying system to process the Syslog messages. This allows Dragon Squire to work with many forms of Syslog such as Secure Syslog and K-Syslog.

SNMP Trap Analysis
Dragon Squire can receive and process SNMP v1 traps. Dragon Squire receives the SNMP trap and produces a field of SNMP OIDs and their values. Signatures are available to process the SNMP trap for specific OID and value combinations.

MD5 File Analysis
Dragon Squire performs MD5 checksum analysis on key files. It stores these MD5 checksums in a local file and on the Dragon Policy Manager. If the contents of a monitored file changes, the MD5 value will changes and an alert can be generated. This detects backdoors and other potentially harmful files modifications.

Low System Impact
Dragon Squire has been designed to minimize system impact. All system performance varies greatly from operating system to operating system as well as server load and network activity. Dragon Squire has a very small footprint that takes up little memory and hard drive space for logs.

Cisco IDS (Formerly NetRanger) � Intrusion Detection System
... Software Technical Specifications for IDS Host Sensor (Standard Agents). ... Technical
Specifications for Host IDS Sensor (Web Server Edition). ...
www.cisco.com/univercd/cc/td/doc/pcat/nerg.htm - 11k - Cached - Similar pages

Installing and Configuring the Cisco IDS Host Sensor on ...
... Installing and Configuring the Cisco IDS Host Sensor on CallManager 3.0 and 3.1.
Contents. ... Caveats. Using Cisco Host IDS Sensor Agent and McAfee NetShield. ...
www.cisco.com/warp/public/788/ AVVID/ids_host_sensor_cm.html - 21k - Cached - Similar pages
[ More results from www.cisco.com ]

Neohapsis Archives - IDS List - IDS Re RE Host IDS - From [email protected]

Subject: IDS: Re: RE: Host IDS
From: Talisker ([email protected])
Date: Tue Oct 31 2000 - 13:23:31 CST


RE: RE: Host IDSGene
> I'm beginning to become increasingly fervent in my belief that Tripwire (and other integrity solutions) > should be put into a category, fully outside "intrusion detection".

I agree, I tried to accomplish this on my website by categorising them under File Integrity Checkers alongside, rather than under, Host IDS, Network IDS, Hybrid IDS and Honeypots.

They do have a valuable role for detecting intruders when used to routinely check for alterations and as you point out their other strength is, going back to my military days, Post Attack Recovery using the integrity checker to discover the extent of the compromise

> (The danger is that people may inadverdently skip integrity altogether, thinking that they're > covered because they've implemented a NIDS and HIDS solution.)

I've also seen the opposite, they have a file integrity checker, so they have their IDS needs taken care of.

I read your article today on Security Focus - thanks for sharing it with us http://www.securityfocus.com/announcements/217

File Integrity checkers that I have on my site are

AIDE
Intact
Tripwire chkrootkit
Site Watcher
Veracity Dragon Squire
SMART Watch
Web Watcher

I think that I have all the commercial tools, if I am missing any or any of the premier freeware tools please let me know

I have also started a security-tools notification service with which, I pass details of any new tools that I find. http://www.egroups.com/subscribe/security-tools or by email [email protected]

Take Care

Andy

There are quite a few more freeware integrity checkers

Take Care

Andy

http://www.networkintrusion.co.uk
Talisker's Network Security Tools List

SF Focus-IDS Mailing List FAQ

Table Of Contents

  1. What is Intrusion Detection?
  2. What is the difference between Host based (HIDS) and Network based IDS(NIDS)?
  3. Who is Stephen Entwisle and why does he send a newsletter every week?
  4. Who are the 31173 on this list?
  5. I see snippets of output like:
  6. I always see Snort being mentioned. Is it the most popular NIDS?
  7. What tools can be used for building packets?
  8. What are some personal IDS/firewalls?
  9. Where can I find a list of Inrusion Detection Systems?
  10. How can I test my IDS?
  11. What is a false positive?
  12. What is a false negative?
  13. Why do discussions on Intrusion Detection seem to have a bias towards Linux / UNIX ?


Questions Specific to Intrusion Detection and this list

1:   What is Intrusion Detection?

Intrusion Detection is the active process to document and catch
attackers and malicious code on a network. It is described in
two types of software: Host based software and Network based software.

2:   What is the difference between Host based (HIDS) and Network based IDS(NIDS)?

HIDS is software which reveals if a machine is being or 
has been compromised. It does this by checking the files
on the machine for possable problems.  Software described
as host based IDS could include File Integrity checkers (TripWire),
Anti-virus software (Norton AV), Server Logs (Event viewer or syslog),
and in some ways even backup software can be a HIDS.

NIDS is software which monitors network packets and examines them
against a set of signatures and rules. When the rules are violated
the action is logged and the Admin could be alerted. 
Examples of NIDS software are SNORT, ISS Real Secure, and Network Flight Recorder.

3:   Who is Stephen Entwisle and why does he send a newsletter every week?

Stephen works for Security Focus. He worked as a moderator and editor of
different announcements. The weekly newsletter is a summary of vulnerabilities
and security papers announced that week. It is convenient to have the 
newsletter to keep up with the latest security issues without having
to check every day.

4:   Who are the 31173 on this list?

Dug Song: Security expert who wrote the tool fragrouter and runs monkey.org.
Robert Graham:CTO of the networkICE (Bought by ISS) Wrote great FAQs.
Martin Roesch: Author of SNORT
Max Vision: Runs www.whitehats.com. Keeps a database of attack signature information known as arachNIDS.
Marcus Ranum: CTO of Network Flight Recorder (one of the bets known NIDS). See his offical bio here
Ron Gula: A large contributor to SNORT and CTO of Dragon NIDS. He also has an offical bio here

5:   I see snippets of output like: 
Jan 26 12:43:01 207.236.111.23:49658 -> MY.SUB.NET.1:56023 UDP
Jan 26 12:43:01 207.236.111.23:49658 -> MY.SUB.NET.1:56034 UDP
Jan 26 12:43:01 207.236.111.23:49658 -> MY.SUB.NET.1:56035 UDP
What is this output from?

As a whole, this is the type of output you will examine with a 
Network Intrustion Detection System. The above lines could have been
taken from a network sniffer like TCPDUMP or from a NIDS like SNORT.
Once you understand the basics about reading network sniffer ouptut, 
you can communicate with others about odd network traffic and understand
the output above. 

6:   I always see Snort being mentioned. Is it the most popular NIDS?

It is very popular for a few reasons:
1) The author of the program reads and replies to this list (See who are the 31173 question)
2) It is constantly improving from it's user feedback and the author's persistence.
3) It has both UNIX/Linux and Windows versions.
4) It's FREE!

Is it the top of the line NIDS? No. It is however a very good tool
to get started with NIDS. It has a serious place in any production network.

7:   What tools can be used for building packets?

hping
isic
Trinux a floppy distro of Linux, 
contains the above tools plus more.

8:   What are some personal IDS/firewalls?

While they don't fit into the enterprise class of IDS, there are several programs that
can provide firewall and IDS services for a single user/pc.  Here are a few:

Black Ice Defender
Symantec Personal Firewall
McAfee Firewall V2.1 
ZoneAlarm

9:   Where can I find a list of Inrusion Detection Systems?

http://www.networkintrusion.co.uk

10:  How can I test my IDS?
We suggest the following steps:
1) Place the NIDS on a test network with a hub and a separate server.
2) Run the tool Nessus against the separate server.
3) When Nessus is done, what attacks did it detect ? If it did not detect all the attacks
does the NIDS have the latest signatures ? Can you write your own rules for the NIDS to 
catch the attack ?
4) After the tests with Nessus, then run the packet building tools. Make various illegal packets
and aim them at the separate server. Does it detect the packets ? Also use frgroutr
against it to see how it handels fragmented packets.
5) Repeat steps 2 - 4 against the NIDS machine.
6) Harden the NIDS to help prevent it from being compromised.
7) Place it on the production network and see how many false positives it gets.
8) Tune it down from the false positives.
9) As new vunerabilities occur, update the Nessus signatures and test to see 
if the NIDS catches them.

Here are a few tools.
NIDSbench
IDSwakeup


11:  What is a false positive?

Most IDS use signatures to compare against attacks.  Sometimes normal activity triggers the IDS.  
The IDS detects an attack signature during normal activity.  Part of maintaining the IDS is knowing 
when what you are dealing with is a false positive and tuning the IDS to avoid them.

12:  What is a false negative?

Most IDS use signatures to compare against attacks.  Sometimes attack activity doesn't trigger the IDS.

13:  Why do discussions on Intrusion Detection seem to have a bias towards Linux / UNIX ?

It is mainly due to the tools available. Many great tools are free for Linux / UNIX. 
(See the question on the top 50 tools) Some of those tools have ports for Windows, 
but the Windows versions usually are an after thought.



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March, 12, 2019