What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

How to Harden Internet Servers:

Help for Ecommerce sites

The FBI has issued a warning that over a million credit cards have been compromised by Russian gangs breaking into ecommerce sites. To keep these gangs away from your databases, please follow these simple steps (recommended by Stephen Northcutt of the SANS Institute):

  • The Rainbow Books -- US Federal government reference works on computer security. http://www.radium.ncsc.mil/tpep/index.html
  • McAfee is offering "CyberCop WormScan" for Windows free: http://www.mcafeeasap.com/asp_subscribe/trial_cc_wormscan.asp
  • If you run IIS, please read http://www.sans.org/infosecFAQ/win2000/sec_IIS.htm and http://www.sans.org/infosecFAQ/win2000/sec_win2k.htm.
  • IIS admins can check to make sure your server is safe from he Russian extortionists. Steve Gibson of Gibson Research (http://grc.com) offers Patchwork, a free tool that detects whether your IIS servers are vulnerable to the Russian extortionists (http://www.cisecurity.org/patchwork.html)
  • Harden Win 2000 with these guidelines:
  • http://www.nsa.gov/winsecurity/win2k/download.htm
  • http://archives.neohapsis.com/archives/ntbugtraq/2001-q1/0051.html
  • Harden Windows NT 4.0 with SP6a and IIS 4.0
  • Harden Windows 2000 with SP1 and IIS 5.0
  • If you run Red Hat Linux, please harden your system by running Bastille http://www.bastille-linux.org/. (Bastille can also help with other Linux distributions but is optimized for Red hat.)
  • If you run any kind of Linux running the BIND DNS server versions 8.2, 8.2-P1, 8.2.1, 8.2.2-Px, look out for the Lion worm. Read about Lion and how to find and fix it at http://www.sans.org/y2k/lion.htm.
  • If you run Solaris, please harden it by running Yassp http://www.yassp.org/.
  • Security Best Practices Resources:

    Vulnerability Checks:

    Industry Self-Help Groups:

    The Information Technology Association of America is in the process of forming a consortium to share computer security technology information. Head of this effort is Donn Parker, formerly of the Stanford Research Institute and one of the first to work on computer security. http://www.itaa.org

    "Scan of the Week" group seeks to identify new hacker scanner signatures: http://www.enteract.com/~lspitz/papers.html


    InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a cooperative undertaking between the U.S. Government (led by the FBI and the NIPC) and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of United States critical infrastructures.

    Security Tools

    How to handle cases where your network has been the victim of a malicious computer break-in:

    How to put your attackers behind bars:

    Carolyn's most
    popular book,
    in 4th edition now!
    For advanced
    hacker studies,
    read Carolyn's
    Google Groups
    Subscribe to Happy Hacker
    Visit this group

    © 2002 Happy Hacker All rights reserved.