DOCSLIB.ORG

Sourcefire White Paper

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Sourcefire White Paper And Its Role in the Security Model www.sourcefire.com June 2002 Sourcefire, Inc. 7095 Samuel Morse Drive Suite 100 Columbia, MD 21046 410.290.1616 | 410.290.0024 TABLE OF CONTENTS Table of Contents ............................................................................................................2 Open Source Software: OSS...........................................................................................3 What is OSS?..........................................................................................................................3 History.....................................................................................................................................4 Opinions on OSS.....................................................................................................................4 Arguments in favor of OSS ......................................................................................................5 Security, Stability, and Cost .......................................................................................................................5 Standards, Immediacy, and Lack of Restrictions......................................................................................7 Arguments Against OSS..........................................................................................................7 Status Quo and Security.............................................................................................................................8 Poor Packaging and Support .....................................................................................................................9 The Sourcefire Solution ...........................................................................................................9 Summary .......................................................................................................................10 OPEN SOURCE SOFTWARE: OSS The current interest in open source software (OSS) is a phenomenon borne of the Internet. The Internet allows open source proponents to harness the worldwide expertise of thousands of enthusiasts and bring them together in a single project to provide free, quality software. They do this out of altruism for the open source concept, to demonstrate their skills, and out of a zeal for solving difficult problems. A few years ago, open source software was considered to be of interest to low budget markets (such as education, health, university laboratories) only. This is no longer true. Some of the more successful open source applications include: 4 Linux, now running on some 20% of the world’s servers 4 Snort, an Intrusion Detection System that outperforms commercial products in independent tests1 4 Apache, which runs over 60% of the world's web servers 4 Perl, which is the engine behind most of the ‘live content’ on the World Wide Web 4 BIND, the software that provides the DNS (domain name service) for the entire Internet 4 Sendmail, the most important and widely used email transport software on the Internet. Open source software still generates heated debate. There are those who claim it is insecure, unsupported and threatens the very existence of the legitimate software industry. And there are others who claim that it signifies the way of the future: more secure, more stable, less costly, and more honest software. This paper seeks to explain the strengths and weaknesses of Open Source Software, and to show how Sourcefire leverages the open source Snort technology to provide superior enterprise intrusion detection systems. What is OSS? Open Source Software is software that is supplied with full source code. But it is much more. The key is in the Distribution License – this is what defines whether or not software is open source. There are many licenses that claim to be ‘open source’ – but it is generally held that conformance to the nine guiding principles defined by the Open Source Initiative (OSI)2 are the test. These, in brief, are: 1. Free Distribution: anyone can distribute or redistribute the software 2. Inclusive Of Source Code: the program must include source code, and must allow distribution in source code as well as compiled form. 3. Derived Works: the license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software. 4. Integrity Of Original Source Code: the integrity of the author’s original code may be maintained by requiring that that derived works must be distributed as a ‘patch’ and carry a different name or version number from the original software. 5. No Discrimination Against Persons or Groups: the license must not discriminate against any person or group of persons. 6. No Discrimination Against Fields of Endeavor: the license may not restrict the manner in which the software is used 7. Distribution of License: the rights attached to a program automatically apply to everyone to whom the program is redistributed 8. License Must Not Be Specific to a Product: the rights attached to the program must not depend on the program's being part of a particular software distribution. 1 “Configured correctly, it also turns in a performance every bit the equal of (and often superior to) commercial products costing many thousands of pounds.” Intrusion Detection Systems – Group Test (Edition 2); an NSS Group Report. 2 http://www.opensource.org/docs/definition.html White Paper - 3 ©Sourcefire, Inc. 6/2002 All rights reserved. 9. The License Must Not Restrict Other Software: the license must not impose restrictions on other software distributed with it. The basic principle is that users must be provided with, or have easy access to, the source code of the software; and be allowed to modify that code for their own and other peoples’ use. Of the various licenses available, the most popular is the Free Software Foundation’s (FSF) Gnu General Public License3 (usually just called the GPL) first developed by Richard Stallman. History Some people claim that the concept of ‘free’ (‘libre’ rather than ‘gratis’; free speech rather than free beer) software, where users are free to modify the source code for themselves, was developed by Richard Stallman back in the late ‘70s. It is probably more accurate to say that Stallman codified the idea of free software in an attempt to prevent it disappearing – it had always been the norm. Stallman, a ‘hacker’ at MIT, was accustomed to modifying the source code of donated software to better suit the needs of MIT. This was standard practice at MIT and most other institutions. Until, that is, Xerox donated a new laser printer. It was excellent, but had a few problems. Stallman’s usual approach in such circumstances was to modify the code himself – but in this instance he found that there was no source code. And when he asked for it, he was refused. The story, excellently told by Sam Williams4, describes the shock felt by Stallman. To him, this was a betrayal of the brotherhood of hackers, where everybody shared code for the good of everybody else. This single event started the chain of events that led Stallman to develop the original GNU General Public License, starting in 1985 and publishing Version 1.0 of the GPL in 1989. The preamble included: “The General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.” This was and is the cornerstone of open source software. The point of this story, and one that needs to be made, is that open source software is not a new concept challenging the hegemony of the mighty software companies, but a bastion of what its supporters would claim to be the old, true path. Historically, it is the proprietary software companies who are the usurpers – not the followers of OSS. It is only the name, ‘open source’ that is relatively new. This emerged, along with the Open Source Initiative, in early 1998 – largely as a reaction to Netscape’s announcement that it would give away the code to its browser. Opinions on OSS Over the years there have been numerous studies, reports and analyses on open source software. The ‘wake up call’ probably came from Eric Raymond’s book, “The Cathedral and the Bazaar”5. Raymond was writing about the success of the Bazaar, the anarchic worldwide community of hackers, in developing Linux in the face of the Cathedral (the giant proprietary software companies). His arguments and conclusions brought some of the major computer companies on board with OSS. He wrote: Perhaps in the end the open-source culture will triumph not because cooperation is morally right or software “hoarding” is morally wrong (assuming you believe the latter, which neither Linus nor I do), but simply because the closed-source world cannot win an evolutionary arms race with open-source communities that can put orders of magnitude more skilled time into a problem. 3 GNU General Public License: http://www.fsf.org/licenses/gpl.html 4 Free as in Freedom: Richard Stallman's Crusade for Free Software, by Sam Williams, http://www.faifzilla.org/intro.html 5Eric Raymond’s The Cathedral and the Bazaar can be found online at http://tuxedo.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/ White Paper - 4 ©Sourcefire, Inc. 6/2002 All rights reserved. One thing can be certain: the giant software companies began to take OSS very, very seriously.
Load more

Recommended publications
  • Bastian Ballmann Attack and Defense with Python 3 2Nd Edition
    Bastian Ballmann Understanding Network Hacks Attack and Defense with Python 3 2nd Edition Understanding Network Hacks Bastian Ballmann Understanding Network Hacks Attack and Defense with Python 3 2nd Edition Bastian Ballmann Uster, Switzerland ISBN 978-3-662-62156-1 ISBN 978-3-662-62157-8 (eBook) https://doi.org/10.1007/978-3-662-62157-8 © Springer-Verlag GmbH Germany, part of Springer Nature 2015, 2021 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifcally the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microflms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specifc statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affliations. Responsible Editor: Martin Börger This Springer imprint is published by the registered company Springer-Verlag GmbH, DE part of Springer Nature.
    [Show full text]
  • Alan Watt "Cutting Through the Matrix" Live on Rbn #101
    Transcripts of: ALAN WATT "CUTTING THROUGH THE MATRIX" LIVE ON RBN #101 - 125 April 14, 2008 – June 9, 2008 Dialogue Copyrighted Alan Watt - 2008 (Exempting Music, Literary Quotes and Callers' Comments) Alan Watt's Official Websites: WWW.CUTTINGTHROUGHTHEMATRIX.COM www.alanwattsentientsentinel.eu "While Inflicting Torture and Pain, Our Masters "All That Was must Pass Away" Make Hay for Financial Gain - May 12, 2008 #113 The End of Morality in the New Corporate Feudal System" - April 14, 2008 #101 "Your Neighbourhood Snoopers are Such Party Poopers" - May 14, 2008 #114 "Crisis Cry-Sis from the Boys at the Top" April 16, 2008 #102 "The Web it said Will Soon be Dead" May 16, 2008 #115 "The Nation-State is now Transcendent, You are now Global Slaves and Interdependent - Analysis "Freedom of Mind for He Who Chooses, Is of Gordon Brown Speech at Kennedy Center" Known by Controllers Who Study The Muses" April 18, 2008 #103 May 19, 2008 #116 "Gorge and Binge to go Out of Fashion" "The Chessboard's Set, The Pawns are in Place, April 21, 2008 #104 As They Move Toward The Humanimal Race" May 21, 2008 #117 "The New Autism ain't What It used to Be - Comparative Studies within Amish Community" "The Mass-Man Moves toward Integration, The April 23, 2008 #105 Few with Spirit toward Separation" May 23, 2008 #118 "Big Brother's Coming Door-to-Door to Enquire about Your Sex Life - "Con of the Carbon Life-form" Strictly For Statistical Reasons, of course" May 26, 2008 #119 April 25, 2008 #106 "For 'Trekkie' fans, It's 'Red Alert!', "Shortly, Food Supplements
    [Show full text]
  • The Hacker Voice Telecomms Digest #2.00 LULU
    P3 … Connections. P5 … You Got Mail… Voicemail. P7 … Unexpected Hack? P8 … Rough Guide To No. Stations pt2. P12 … One Way/One Time Pads. P16 … Communications. Your Letters, Answered… Perhaps! P17 … The Hacker Voice Projects. P19 … Automating Network Enumeration. P22 … An Introduction to Backdoors. The Hackers Voice Digest Team P27 … Interesting Numbers. Editors: Demonix & Blue_Chimp. Staff Writers: Belial, Blue_Chimp, Naxxtor, Demonix, P28 … Phreaking Bloody Adverts! Hyper, & 10Nix. Pssst! Over Here… You want one of these?! Contributors: Skrye, Vesalius, Remz, Tsun, Alan, Desert Rose & Zinya. P29 … Intro to VoIP for Practical Phreaking Layout: Demonix. Cover Graphics : Belial & Demonix. P31 … Google Chips. Printing: Printed copies of this magazine (inc. back issues) are available from P32 … Debain Ubuntu A-Z of Administration. www.lulu.com. Thanks : To everyone who has input into this issue, especially the people who have P36 … DIY Tools. submitted an article and gave feedback on the first Issue. P38 … Beginners Guide to Pen Testing. Back Page: UV’s World War Poster Productions. P42 … The Old Gibson Phone System. What is The Hackers Voice? The Hackers Voice is a community designed to bring back hacking P43 … Introduction to R.F.I. and phreaking to the UK . Hacking is the exploration of Computer Science, Electronics, or anything that has been modified to P55 … Unexpected Hack – The Return! perform a function that it wasn't originally designed to perform. Hacking IS NOT EVIL, despite what the mainstream media says. We do not break into people / corporations' computer systems and P56 … Click, Print, 0wn! networks with the intent to steal information, software or intellectual property.
    [Show full text]
  • Bastian Ballmann Attack and Defense with Python
    Bastian Ballmann Understanding Network Hacks Attack and Defense with Python Understanding Network Hacks Bastian Ballmann Understanding Network Hacks Attack and Defense with Python 123 Bastian Ballmann Uster, Switzerland Translation from the German language edition “Network Hacks - Intensivkurs”, c Springer-Verlag, 2012 ISBN 978-3-662-44436-8 ISBN 978-3-662-44437-5 (eBook) DOI 10.1007/978-3-662-44437-5 Springer Heidelberg New York Dordrecht London Library of Congress Control Number: 2014960247 © Springer-Verlag Berlin Heidelberg 2015 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’s location, in its current version, and permission for use must always be obtained from Springer. Permissions for use may be obtained through RightsLink at the Copyright Clearance Center. Violations are liable to prosecution under the respective Copyright Law. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use.
    [Show full text]
  • Why Open Source Software / Free Software (OSS/FS, FLOSS, Or FOSS)? Look at the Numbers! 1. Introduction
    Why Open Source Software / Free Software (OSS/FS, FOSS, or FLOSS)? Look at the Nu...Page 1 of 139 Translations available: Czech | French | Japanese | Spanish Why Open Source Software / Free Software (OSS/FS, FLOSS, or FOSS)? Look at the Numbers! David A. Wheeler http://www.dwheeler.com/contactme.html Revised as of November 14, 2005 This paper provides quantitative data that, in many cases, using open source software / free software (abbreviated as OSS/FS, FLOSS, or FOSS) is a reasonable or even superior approach to using their proprietary competition according to various measures. This paper’s goal is to show that you should consider using OSS/FS when acquiring software. This paper examines market share, reliability, performance, scalability, security, and total cost of ownership. It also has sections on non-quantitative issues, unnecessary fears, OSS/FS on the desktop, usage reports, governments and OSS/FS, other sites providing related information, and ends with some conclusions. An appendix gives more background information about OSS/FS. You can view this paper at http://www.dwheeler.com/oss_fs_why.html (HTML format). A short presentation (briefing) based on this paper is also available. Palm PDA users may wish to use Plucker to view this longer report. Old archived copies and a list of changes are also available. 1. Introduction Open Source Software / Free Software (OSS/FS) (also abbreviated as FLOSS or FOSS) has risen to great prominence. Briefly, OSS/FS programs are programs whose licenses give users the freedom to run the program for any purpose, to study and modify the program, and to redistribute copies of either the original or modified program (without having to pay royalties to previous developers).
    [Show full text]
  • TOP THEMA Datenmissbrauch Und Wirtschafts-Spionage ______
    _______________________________________________________________________ TOP THEMA Datenmissbrauch und Wirtschafts-Spionage _______________________________________________________________________ Handelsblatt: 50-Milliarden-Schaden jährlich durch Wirtschaftsspionage http://www.handelsblatt.com/politik/deutschland/wirtschaftsspionage-50-milliarden- schaden/8705934.html Bitcom schätzt 51 Milliarden Euro Schaden jährlich durch digitale Wirtschaftsspionage - Erschreckende Statistik: Rund 51 Prozent aller deutschen Unternehmen waren bereits von Datendiebstahl, Sabotage oder Spionage betroffen http://www.heise.de/newsticker/meldung/Bitkom-51-Milliarden- Euro-Schaden-jaehrlich-durch-digitale-Wirtschaftsspionage-2609577.html Der Ingenieursverband ist sieht die Sache noch dramatischer: Laut seinen Schätzungen sind die Schäden durch Wirtschaftsspionage in Deutschland erheblich alarmierender. Deutsche Unternehmen würden mindestens 100 Milliarden Euro pro Jahr verlieren, schätzt der Verband. http://www.faz.net/aktuell/wirtschaft/wirtschaftsspionage-ingenieursverband-100- milliarden-euro-schaden-12782369.html Aber wie funktioniert so etwas? Haben Sie das gewusst? Windows ist ein NSA Trojaner 1998 entdeckten zwei IT-Experten – Dr. Nicko Someren und Andrew Fernandes - versteckte „NSA“ Hintertüren im Betriebssystem von Microsoft. Obwohl diese Entdeckung von höchster Brisanz gewesen war, nutzen viele Firmen, Behörden und Privatpersonen leichtsinnig weiter das Betriebssystem Windows. Doch lesen Sie selbst... Die Entdeckungen von Dr. Nicko van Someren und
    [Show full text]
  • Como Entender As Denúncias De Vigilantismo Global
    PROTEÇÃO DE DADOS A BITCOIN e-SAÚDE na União Europeia pode derrubar os EUA e privacidade no Brasil o instituto nupef é uma organização sem fi ns Uma publicação do Instituto Nupef • outubro / 2013 • www.politics.org.br de lucro dedicada à refl exão, análise, produção de conhecimento e formação, principalmente centradas em questões relacionadas às tecnologias da informação e Comunicação (tiCs) e suas relações políticas com os direitos humanos, a democracia, o desenvolvimen- to sustentável e a justiça social. além de realizar cursos, eventos, desenvolver pesquisas e estudos de caso, o nupef edita a politiCs, a rets (revista do terceiro setor) e mantém o projeto tiwa – provedor de serviços internet voltado exclusivamente para instituições sem fi ns lucrativos – resultado de um trabalho iniciado há 21 anos, com a criação do alternex (o pri- meiro provedor de serviços internet aberto ao público no Brasil). o tiwa é um provedor comprometido prioritariamente com a pri- vacidade e a segurança dos dados das entidades associadas; com a garantia de sua liberdade de expressão; com o uso de software livre e de plataformas abertas não-proprietárias. Tecnologias e pessoas com defi ciência: questão política rua sorocaba 219, 501 | parte | Botafogo | CeP 22271-110 | rio de Janeiro | rJ | Brasil Como entender telefone/fax +55 (21) 3259-0370 | www.nupef.org.br as denúncias de vigilantismo global nº16 EDITOR CARLOS A. AFONSO CAPA, PROJETO GRÁFICO E DIAGRAMAÇÃO MONTE DESIGN DISTRIBUIÇÃO VIVIANE GOMES Índice TRADUÇÕES RICARDO SILVEIRA 02 >Como entender as denúncias Esta é uma publicação do Instituto Nupef. de vigilantismo global Versão digitalizada disponível em www.politics.org.br e no sítio do Nupef - www.nupef.org.br Pedro Antonio Dourado de Rezende Para enviar sugestões, críticas ou outros comentários: [email protected] >10 Rua Sorocaba, 219 | 501 - parte | Botafogo | 22271-110 Sugestões relativas às políticas públicas brasileiras sobre Rio de Janeiro RJ Brasil | telefone +55 21 2527-0294 tecnologias assistivas para pessoas com deficiência visual Apoio: Fernando H.
    [Show full text]
  • The Economic Properties of Software
    A Service of Leibniz-Informationszentrum econstor Wirtschaft Leibniz Information Centre Make Your Publications Visible. zbw for Economics von Engelhardt, Sebastian Working Paper The economic properties of software Jena Economic Research Papers, No. 2008,045 Provided in Cooperation with: Max Planck Institute of Economics Suggested Citation: von Engelhardt, Sebastian (2008) : The economic properties of software, Jena Economic Research Papers, No. 2008,045, Friedrich Schiller University Jena and Max Planck Institute of Economics, Jena This Version is available at: http://hdl.handle.net/10419/25729 Standard-Nutzungsbedingungen: Terms of use: Die Dokumente auf EconStor dürfen zu eigenen wissenschaftlichen Documents in EconStor may be saved and copied for your Zwecken und zum Privatgebrauch gespeichert und kopiert werden. personal and scholarly purposes. Sie dürfen die Dokumente nicht für öffentliche oder kommerzielle You are not to copy documents for public or commercial Zwecke vervielfältigen, öffentlich ausstellen, öffentlich zugänglich purposes, to exhibit the documents publicly, to make them machen, vertreiben oder anderweitig nutzen. publicly available on the internet, or to distribute or otherwise use the documents in public. Sofern die Verfasser die Dokumente unter Open-Content-Lizenzen (insbesondere CC-Lizenzen) zur Verfügung gestellt haben sollten, If the documents have been made available under an Open gelten abweichend von diesen Nutzungsbedingungen die in der dort Content Licence (especially Creative Commons Licences), you genannten Lizenz gewährten Nutzungsrechte. may exercise further usage rights as specified in the indicated licence. www.econstor.eu JENA ECONOMIC RESEARCH PAPERS # 2008 – 045 The Economic Properties of Software by Sebastian von Engelhardt www.jenecon.de ISSN 1864-7057 The JENA ECONOMIC RESEARCH PAPERS is a joint publication of the Friedrich Schiller University and the Max Planck Institute of Economics, Jena, Germany.
    [Show full text]
  • Why Open Source Software / Free Software (OSS/FS, FLOSS, Or FOSS)? Look at the Numbers!
    Translations available: Czech | French | Japanese | Spanish Why Open Source Software / Free Software (OSS/FS, FLOSS, or FOSS)? Look at the Numbers! David A. Wheeler http://www.dwheeler.com/contactme.html Revised as of July 18, 2015 This paper (and its supporting database) provides quantitative data that, in many cases, using open source software / free software (abbreviated as OSS/FS, FLOSS, or FOSS) is a reasonable or even superior approach to using their proprietary competition according to various measures. This paper’s goal is to show that you should consider using OSS/FS when acquiring software. This paper examines popularity, reliability, performance, scalability, security, and total cost of ownership. It also has sections on non-quantitative issues, unnecessary fears, OSS/FS on the desktop, usage reports, governments and OSS/FS, other sites providing related information, and ends with some conclusions. An appendix gives more background information about OSS/FS. You can view this paper at http://www.dwheeler.com/oss_fs_why.html (HTML format). A short presentation (briefing) based on this paper is also available. Palm PDA users may wish to use Plucker to view this longer report. Old archived copies and a list of changes are also available. 1. Introduction Open Source Software / Free Software (aka OSS/FS), also described as Free/Libre and Open Source Software (FLOSS), has risen to great prominence. Briefly, FLOSS programs are programs whose licenses give users the freedom to run the program for any purpose, to study and modify the program, and to redistribute copies of either the original or modified program (without having to pay royalties to previous developers).
    [Show full text]
  • Microsoft's Plans for the Internet: Some Key Issues
    Microsoft's Plans For The Internet: Some Key Issues Scott Granneman Senior Consultant in Internet Services Bryan Consulting [email protected] Last updated 18 July 2001 © 2001 Scott Granneman – You may freely redistribute this presentation, as long as the content is not altered. Open Standards, Open Source What Are Open Standards? Open standards are technology specifications that are ... Published so anyone can read & use them Agreed upon Changed after a review process To learn more, you can go to: RFCs W3C Examples Of Open Standards HTML, the language of Web pages POP & SMTP, which transfers email ASCII, used by any text editor JPEG, which displays images TCP/IP, the language of the Internet XML, the future language of the Web Importance Of Open Standards The Internet was built on Open Standards The use of Open Standards ... Allows for innovation Prevents "vendor lock-in" Is inclusive for all types of computers & users What Is Open Source? Developers can see, use, & change the code Code may be freely redistributed without restriction Public specification, development, & extension process Often made freely available Open Source Licensing Various licenses govern Open Source software All use the word "free" Free = freedom Free may or may not = $$$ Most famous is GPL, the GNU Public License GPL In Its Own Words "Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get
    [Show full text]
  • Download Lists That Contain Weak Passwords and Previously Breached Passwords and to Attack Offline Password Hashes
    An investigation of the security of passwords derived from African languages Submitted in partial fulfilment for the requirements of the degree of Master of Science of Rhodes University Sibusiso Sishi Grahamstown, South Africa March 2019 i Abstract Password authentication has become ubiquitous in the cyber age. To-date, there have been several studies on country based passwords by authors who studied, amongst others, English, Finnish, Italian and Chinese based passwords. However, there has been a lack of focused study on the type of passwords that are being created in Africa and whether there are benefits in creating passwords in an African language. For this research, password databases containing LAN Manager (LM) and NT LAN Man- ager (NTLM) hashes extracted from South African organisations in a variety of sectors in the economy, were obtained to gain an understanding of user behaviour in creating passwords. Analysis of the passwords obtained from these hashes (using several cracking methods) showed that many organisational passwords are based on the English language. This is understandable considering that the business language in South Africa is English even though South Africa has 11 official languages. African language based passwords were derived from known English weak passwords and some of the passwords were appended with numbers and special characters. The African based passwords created using eight Southern African languages were then uploaded to the Internet to test the security around using passwords based on African languages. Since most of the passwords were able to be cracked by third party researchers, we conclude that any password that is derived from known weak English words marked no improvement in the security of a password written in an African language, especially the more widely spoken languages, namely, isiZulu, isiXhosa and Setswana.
    [Show full text]
  • Rogue State a Guide to the World's Only Superpower
    Presents: Rogue State A Guide to the World's Only Superpower A recommended book by sheikh: Osama Bin Laden may Allah bless him Rogue State: A Guide to the World's Only Superpower was first published in the United Kingdom by Zed Books Ltd, 7 Cynthia Street, London Nl 9JF, UK. First published in the United States by Common Courage Press, Box 702, Monroe, ME 04951 in 2000. New updated edition, 2002 This edition published in South Africa by Spearhead, a division of New Africa Books, PO Box 23408, Claremont 7735. Copyright ゥ William Blum, 2001, 2002 Cover design by Andrew Corbett, Cambridge Printed and bound in the United Kingdom by Cox and Wyman, Reading The right of the author of this book has been asserted by him in accordance with the Copyright, Designs and Patents Act 1988. A catalogue record for this book is available from the British Library. ISBN 1 84277 220 1 hb ISBN 184277 221 X pb In South Africa ISBN 0 86486 543 0 Pb "Critics will call this a one-sided book. But it is an invaluable correc-tive to the establishment portrait of America as 'the world's greatest force for peace.' Even confirmed opponents of U.S. interventionism can find much in this important book that will both educate and shock them." — Peter Dale Scott, former professor at U.C. Berkeley, poet, and author of Deep Politics and The Death of JFK "Whatever we think we know about U.S. foreign policy, Rogue State makes it clear that we don't know nearly enough.
    [Show full text]