[buug] for an aspiring young person interested in information security and LINUX ...

Michael Paoli Michael.Paoli at cal.berkeley.edu
Sat Jul 22 21:06:38 PDT 2006

So, ... for an aspiring young person interested in information
security and LINUX, and rather/quite new/inexperienced with LINUX,
I think at our meeting, and perhaps adding some, we came up with a
fair list of resources.  Flushing them out a bit more with URLs and
such, that list might roughly look like, or at least probably include:

RawWrite (or rawrite) is an essential tool for creating boot disks
and other floppy disk images. Traditional rawwrite programs do no run
under modern versions of windows so here is the Win32 version which
RawWrite for Windows http://www.chrysocome.net/rawwrite

And closely related to RawWrite (for those familiar with
UNIX/LINUX/BSD the utility name is quite familiar):
dd allows flexible reading and writing to any disk and is better
suited to things like hard disks, USB disks and CF devices.
dd for windows
dd - convert and copy a file
This version does not actually do any conversion but it allows the
flexible copying of data under in a win32 environment.

Excellent technical books on LINUX, UNIX, and lots of related areas.
O'Reilly & Associates http://www.oreilly.com/
Also has various free resources, including free downloadable books,
O'Reilly Open Books Project http://www.oreilly.com/openbook/
and a slight bit of UNIX/BSD history, e.g.:

Very popular and user friendly, based upon Debian, large and thriving
community support - they'll even ship you CDs for free ... but the
shipment can take quite a while.  With their most current release,
the one CD can be used as a live CD, and can also be used to do a
hard drive installation if/when one wants to do so.
Ubuntu Linux http://www.ubuntu.com/

I believe the earliest LINUX live CD project/distribution,
more technically oriented, not particularly oriented to be able to
do a hard drive install from CD, though it does include a utility
to make that possible for those that really want to.  It's also based
upon Debian:
KNOPPIX Linux Live CD http://www.knopper.net/knoppix/index-en.html

largest, most free as in freedom (and also free as in no cost) and
very well supported among the LINUX distributions.  Tends to be a bit
more technical, so not necessarily the easiest place to start for
something that's more user friendly:
Debian http://www.debian.org/

On-line Real Time Help Using IRC
May be a bit Debian-focused/oriented, but probably fairly useful also
for other Debian based distributions and perhaps to some extent more
general LINUX help.
There's also #LinuxHelp

At least some leading commercial (non-free) LINUX distributions:
Red Hat (particularly strong in the US): http://www.redhat.com/
SUSE (Particularly strong in Europe): http://www.novell.com/linux/
They also have related free projects/distributions:
redhat.com Fedora Project http://www.redhat.com/fedora/
openSUSE http://en.opensuse.org/
And there are distributions/efforts to make highly compatible free
distributions, e.g.:
White Box Enterprise Linux http://www.whiteboxlinux.org/
CentOS The Community ENTerprise Operating Systems:

Laptops & (compatibility with) LINUX
I find, for example, for my personal laptop make and model, 8 (7 in
English) distinct detailed reports from users on their experiences
with a distribution, and what did/didn't work for them, and what they
had to do to support/use various portions of the hardware on the
laptop.  Since LINUX distributions tend to have much of their code
base in common, often what can be usefully applied for any one
specific distribution, can often be done in the same or a similar
manner on most other common LINUX distributions.

There are also good sites for getting information about many LINUX
distributions, comparing them, and looking at other factors, news,
and developments:

Bay Area Linux Events http://linuxmafia.com/bale/#cabal

CABAL (Consortium of All Bay Area Linux)
They also do InstallFests quite regularly

Google has their LINUX specific search:

LINUX distributions aren't the only free UNIX-like operating systems
out there.  There are most notably also the BSDs, e.g.:
OpenBSD particularly emphasizes security, and is probably the most
secure out-of-the-box relatively general purpose UNIX-like
distribution / operating system available.
The OpenBSD Project http://www.openbsd.org/
The FreeBSD Project http://www.freebsd.org/
The NetBSD Project http://www.netbsd.org/

(unfortunately no longer as useful/accessible for the under 18 crowd,
too bad they don't at least allow responsible well behaved kids or
kids under 16, when accompanied by a responsible adult ... heck, I was
only 16 when I was first in college)
LinuxWorld Conference & Expo http://www.linuxworldexpo.com/
Ubuntu and Debian will be there, in addition to other distributions,
vendors, non-profits, etc.  Expo pass is free with advance

Professional associations:
USENIX The Advanced Computing Association http://www.usenix.org/
USENIX also makes a fair bit of stuff free to non-members, e.g.
issues of ;login: The USENIX Magazine that are over one year old are
available to the public for free:
SAGE (for sysadmins) http://www.sage.org/

SANS Institute -
Network, Security, Computer, Audit Information & Training
SANS Internet Storm Center http://isc.sans.org/
You can also click on their map to get information on what percentages
and of what types of attacks come from where around the world, and
it's updated quite frequently (at least daily).

Security and other risks (e.g. flaws, design considerations, analysis
of failures/problems encountered, lots of information on how to better
avoid problems, etc. - excellent book for programmers, engineers,
security professionals, and those that manage them, and good
information/reading for the general public at large also)
Computer-Related Risks - Peter G. Neumann
... peeking at some library catalogs, Berkeley, Oakland and San
Francisco Public don't have that title, but San Jose Public does, and
multiple University of California libraries - including the UC
Berkeley Engineering library - do.  I don't think members of the
general public can check out books from the UC library system (though
I might be mistaken), but if it's in an open shelved library, it can
probably be read in the library.  Inter-library loan might also be
available between Berkeley Public and San Jose Public.

Peter G. Neumann is also moderator of:
Risks Digest -
Forum on risks to the public in computers and related systems

There's also BUGTRAQ - a "full disclosure" security list (security
flaws, exploits and fixes, and related stuff):

More information about the buug mailing list