Choose the list you would like to subscribe to from below, then follow the instructions under the appropriate heading. Email addresses have been automatically linked for those using Netscape or a similar browser...take it easy all.

Regards,
Silicon Toad

To join, send e-mail to majordomo@8lgm.org and, in the text of your message (not the subject line), write:

subscribe 8lgm-list

Group of hackers that periodically post exploit scripts for various Unix bugs. (Footnote: 8lgm originally stood for: Eight Legged Groovin' Machine)

To join, send e-mail to majordomo@net.tamu.edu and, in the text of your message (not the subject line), write:

SUBSCRIBE Academic-Firewalls

This is an unmoderated list maintained by Texas A&M University. Its purpose is to promote the discussion and use of firewalls and other security tools in an academic environment. It is complementary to the Firewalls list maintained by Brent Chapman (send subscription requests to Majordomo@GreatCircle.COM) which deals primarily with firewall issues in a commercial environment. Academic environments have different political structures, ethical issues, expectations of privacy and expectations of access.

Many documented incidents of cracker intrusions have either originated at or passed through academic institutions. The security at most universities is notoriously lax or even in some cases completely absent. Most institutions don't use firewalls because they either don't care about their institution's security, they feel firewalls are not appropriate or practical, or they don't know the extent to which they are under attack from the Internet.

At Texas A&M University we have been using a combination of a flexible packet filter, intrusion detection tools, and Unix security audit utilities for almost two years. We have found that simple firewalls combined with other tools are feasible in an academic environment. Hopefully the discussion on this list will begin to raise the awareness of other institutions also.

To join, send e-mail to request-alert@iss.net and, in the text of your message (not the subject line), write:

subscribe alert

To remove, send e-mail to request-alert@iss.net and, in the text of your message (not the subject line), write:

unsubscribe alert

This is a moderated list in the effort to keep the noise to a minimal and provide quality security information. The Alert will be covering the following topics:

Security Product Announcements

Updates to Security Products

New Vulnerabilities found

New Security Frequently Asked Question files.

New Intruder Techniques and Awareness

To join, send e-mail to best-of-security-request@suburbia.net with the following in the body of the message:

subscribe best-of-security

REASONS FOR INCEPTION

In order to compile the average security administrator it was found that the compiler had to parse a foreboding number of exceptionally noisy and semantically-content-free data sets. This led to exceptionally high load averages and a dramatic increase in core entropy.

Further, the number, names and locations of this data appears to change on an almost daily basis; requiring tedious version control on the part of the mental maintainer. Best-of-Security is at present an un-moderated list. That may sound strange given our stated purpose of massive entropy reduction; but because best often equates with "vital" and the moderator doesn't have an MDA habit it is important that material sent to this list be delivered to its subscribers' in as minimal period of time as is (in)humanly possible.

If you find *any* information from *any* source (including other mailinglists, newsgroups, conference notes, papers, etc) that fits into one of the acceptable categories described at the end of this document then you should *immediately* send it to "best-of-security@suburbia.net". Do not try and predict whether or not someone else will send the item in question to the list in the immediate future. Unless your on a time-delayed mail vector such as polled uucp or the item has already appeared on best-of-security, mail the info to the list! Even if it is a widely deployed peice of information such as a CERT advisory the proceeding argument still applies. If the information hasn't appeared on this list yet, then SEND IT. It is far better to run the risk of minor duplication in exchange for having the information out where it is needed than act conservatively about occasional doubling up on content.

To join, send e-mail to LISTSERV@NETSPACE.ORG and, in the text of your message (not the subject line), write:

SUBSCRIBE BUGTRAQ

This list is for *detailed* discussion of UNIX security holes: what they are, how to exploit, and what to do to fix them.

This list is not intended to be about cracking systems or exploiting their vunerabilities. It is about defining, recognizing, and preventing use of security holes and risks.

Please refrain from posting one-line messages or messages that do not contain any substance that can relate to this list`s charter.

Please follow the below guidelines on what kind of information should be posted to the Bugtraq list:

Information on Unix related security holes/backdoors (past and present)

Exploit programs, scripts or detailed processes about the above

Patches, workarounds, fixes

Announcements, advisories or warnings

Ideas, future plans or current works dealing with Unix security

Information material regarding vendor contacts and procedures

Individual experiences in dealing with above vendors or security organizations

Incident advisories or informational reporting

To join, send e-mail to comp-privacy-request@uwm.edu and, in the text of your message (not the subject line), write:

subscribe cpd

The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is run by Leonard P. Levine. It is gatewayed to the USENET newsgroup comp.society.privacy. It is a relatively open (i.e., less tightly moderated) forum, and was established to provide a forum for discussion on the effect of technology on privacy. All too often technology is way ahead of the law and society as it presents us with new devices and applications. Technology can enhance and detract from privacy.

To join, send e-mail to LISTSERV@VMD.CSO.UIUC.EDU and, in the text of your message (not the subject line), write:

SUB CUDIGEST

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Covers many issues of the computer underground.

To join, send e-mail to majordomo@toad.com and, in the text of your message (not the subject line), write:

SUBSCRIBE cypherpunks

The cypherpunks list is a forum for discussing personal defenses for privacy in the digital domain. It is a high volume mailing list.

To join, send e-mail to majordomo@toad.com and, in the text of your message (not the subject line), write:

SUBSCRIBE cypherpunks-announce

There is an announcements list which is moderated and has low volume. Announcements for physical cypherpunks meetings, new software and important developments will be posted there.

To join, send e-mail to majordomo@gbnet.net and, in the text of your message (not the subject line), write:

SUBSCRIBE firewalls-uk email-addr

Euro flavour firewall list.

To join, send e-mail to majordomo@greatcircle.com and, in the text of your message (not the subject line), write:

SUBSCRIBE firewalls

Useful information regarding firewalls and how to implement them for security.

This list is for discussions of Internet "firewall" security systems and related issues. It is an outgrowth of the Firewalls BOF session at the Third UNIX Security Symposium in Baltimore on September 15, 1992.

To join, send e-mail to listserv@etsuadmn.etsu.edu and, in the text of your message (not the subject line), write: SUB infsec-l your-name

To join, send e-mail to majordomo@uow.edu.au with the following in the body of the message:

subscribe ids

The list is a forum for discussions on topics related to development of intrusion detection systems.

Possible topics include:

techniques used to detect intruders in computer systems and computer networks

audit collection/filtering

subject profiling

knowledge based expert systems

fuzzy logic systems

neural networks

methods used by intruders (known intrusion scenarios)

cert advisories

scripts and tools used by hackers

computer system policies

universal intrusion detection system

To join, send e-mail to phrack@well.com and, in the text of your message (not the subject line), write:

SUBSCRIBE Phrack

Phrack is a hacker oriented magazine which deals with phreaking and hacking.

To join, send e-mail to privacy-request@vortex.com and, in the text of your message (not the subject line), write:

information privacy

The PRIVACY Forum is run by Lauren Weinstein. He manages it as a rather selectively moderated digest, somewhat akin to RISKS; it spans the full range of both technological and non-technological privacy-related issues (with an emphasis on the former).

To join, send e-mail to risks-request@csl.sri.com and, in the text of your message (not the subject line), write:

SUBSCRIBE

Risks is a digest that describes many of the technological risks that happen in today's environment.

To join, send e-mail to majordomo@edelweb.fr and, in the text of your message (not the subject line), write:

SUBSCRIBE sas

Cette liste est destinee a la discussion sur la securisation des acces Internet, principalement a propos des solutions de type "Firewall" (sas de securite, coupe-feu ou garde-barriere).

To join, send e-mail to shttp-talk-request@OpenMarket.com and, in the text of your message (not the subject line), write:

SUBSCRIBE

Secure NCSA httpd is a World-Wide Web (WWW) server supporting transaction privacy and authentication for Secure WWW clients over the Internet using the Secure HyperText Transfer Protocol (S-HTTP). Secure NCSA httpd was developed by Enterprise Integration Technologies in cooperation with RSA Data Security and the National Center for Supercomputing Applications at the University of Illinois, Urbana-Champaign.

The purpose of this mailing list(shttp-talk) is to allow people who are interested in potentially using SHTTP to ask questions, air issues, express concerns and discuss the specification and reference implementation. Information about Secure HTTP can be found on the CommerceNet WWW server. Here is the URL to take you directly to the pertinent info:

http://www.commerce.net/software/Shttpd/Docs/manual.html

To join, send e-mail to majordomo@CS.YALE.EDU and, in the text of your message (not the subject line), write:

SUBSCRIBE Sneakers

The Sneakers mailing list is for discussion of LEGAL evaluations and experiments in testing various Internet "firewalls" and other TCP/IP network security products.

Vendors are welcome to post challenges to the Internet network security community

Internet users are welcome to post anecdotal experiences regarding (legally) testing the defenses of firewall and security products.

"Above board" organized and/or loosely organized wide area tiger teams (WATTs) can share information, report on their progress or eventual success here.

To join, send e-mail to ssl-talk-request@netscape.com and, in the text of your message (not the subject line), write:

SUBSCRIBE

Mailing list to discuss secure sockets layer - Netscape's (and, increasingly, others') approach to providing encryption and authentication for IP-based services (primarily http, but expanding to address telnet and ftp as well).

To join, send e-mail to listserv@cuvmc.ais.columbia.edu and, in the text of your message (not the subject line), write:

subscribe uninfsec

This is a closed, unmoderated discussion list for people that have information security responsibilities in their jobs and who work for educational institutions or have a close relation with education. Discussions range from policy discussions, awareness programs, virus protection, change control, privileges, monitoring, risk assessments, auditing, business resumption, etc.

To join, send e-mail to LISTSERV@lehigh.edu and, in the text of your message (not the subject line), write:

SUBSCRIBE virus-l your-name

It is an electronic mail discussion forum for sharing information and ideas about computer viruses, which is also distributed via the Usenet Netnews as comp.virus. Discussions should include (but not necessarily be limited to): current events (virus sightings), virus prevention (practical and theoretical), and virus related questions/answers. The list is moderated and digested. That means that any message coming in gets sent to me, the editor. I read through the messages and make sure that they adhere to the guidelines of the list (see below) and add them to the next digest. Weekly logs of digests are kept by the LISTSERV (see below for details on how to get them). For those interested in statistics, VIRUS-L is now up to about 2400 direct subscribers. Of those, approximately 10% are local redistribution accounts with an unknown number of readers. In addition, approximately 30,000-40,000 readers read comp.virus on the USENET.

To join, send e-mail to LISTSERV@lehigh.edu and, in the text of your message (not the subject line), write:

SUBSCRIBE valert-l your-name

What is VALERT-L?

It is an electronic mail discussion forum for sharing urgent virus warnings among other computer users. Postings to VALERT-L are strictly limited to warnings about viruses (e.g., "We here at University/Company X just got hit by virus Y - what should we do?"). Followups to messages on VALERT-L should be done either by private e-mail or to VIRUS-L, a moderated, digested, virus discussion forum also available on this LISTSERV, LISTSERV@LEHIGH.EDU. Note that any message sent to VALERT-L will be cross-posted in the next VIRUS-L digest. To preserve the timely nature of such warnings and announcements, the list is moderated on demand (see posting instructions below for more information).

What VALERT-L is *not*?

A place to to anything other than announce virus infections or warn people about particular computer viruses (symptoms, type of machine which is vulnerable, etc.).

To join, send e-mail to www-security-request@nsmx.rutgers.edu and, in the text of your message (not the subject line), write:

SUBSCRIBE www-security your_email_address

The list is maintained by the www-security team of Network Services, Rutgers University Telecommunications Division.

www-security is the official mailing list of the IETF Web Transaction Security Working Group. While there are many approaches to providing security services in the Web, most of the current work is concerned with securing the HyperText Transport Protocol. Because of (1) the great need for quick implementation of Web security services, (2) HTTP-level solutions cover a wide range of WWW applications, and (3) the IETF is a proven forum for promoting standards to vendors and the international networking community, we suggest that the list focus and development of Internet standards and related documents for secure services within HTTP.

cfs-users is for the discussion of topics of interest to CFS of users and developers.

To subscribe send an email message to cfs-users-request@research.att.com with a message body of:

subscribe cfs-users

To join, send e-mail to majordomo@applicom.co.il and, in the text of your message (not the subject line), write:

SUBSCRIBE firewall-1

This list is for discussions of "FireWall-1" issues: problems and (hopefully) their solution(s), requests for information, and ideas one wishes to share. The FireWall-1 list is open to the worldwide Unix community, which consists of commercial, educational, and private users.

To join, send e-mail to linux-security-request@redhat.com and, in the subject line, not the body, write:

SUBSCRIBE

What we offer to do is set up a mechanism for Linux that is able to distribute security-relevant information to Linux users or administrators that run a networked Linux box. This would allow them to plug any holes early on, without having to scan all Linux newsgroups and mailing lists all of the time.

To join, send e-mail to linux-alert-request@redhat.com and, in the subject line, not the body, write:

SUBSCRIBE

This is the announcement list. It is mainly for postings about security holes, and how to plug them.

To join, send e-mail to majordomo@majordomo.soscorp.com and, in the text of your message (not the subject line), write:

SUBSCRIBE freestone

The list is dedicated to the users and administrators of the free SOS firewall package, Freestone.

For more information, see http://www.soscorp.com .

SPI Announce is for announcements regarding SPI software development and updates.

To join, send e-mail to ciac-listproc@llnl.gov and, in the text of your message (not the subject line), write any of the following examples:

subscribe spi-announce LastName, FirstName PhoneNumber

You will receive an acknowledgment containing address, initial PIN, and information on how to change either of them, cancel your subscription, or get help.

SPI Notes is an unmoderated forum to allow SPI users to share questions and answers regarding their experiences in using SPI.

To join, send e-mail to ciac-listproc@llnl.gov and, in the text of your message (not the subject line), write any of the following examples:

subscribe spi-notes LastName, FirstName PhoneNumber

You will receive an acknowledgment containing address, initial PIN, and information on how to change either of them, cancel your subscription, or get help.

ssl-users is for discussion of Eric Young implementation of SSL and the SSL appliations of Tim Hudson.

To subcribe send a message to factotum@mincom.oz.au with a message body of:

subscribe ssl-users

To join, send e-mail to majordomo@net.tamu.edu and, in the text of your message (not the subject line), write:

SUBSCRIBE tiger

Discussion list for the UNIX security audit tool TIGER

This is the TIGER users mailling list. It is for:

Update announcements

Reporting bugs in TIGER.

Discussing new features for TIGER.

Discussing use of TIGER.

Discussing anything else about TIGER.

What is TIGER?

TIGER is a set of shell scripts, C code and configuration files which are used to perform a security audit on UNIX systems. The goals for TIGER are to make it very robust and easy to use. TIGER was originally developed for checking hosts at Texas A&M University following a break in in the Fall of 1992.

The latest version of TIGER is always available from the directory net.tamu.edu:/pub/security/TAMU. In addition, updated digital signature files for new platforms and new security patches will be maintained in the directory:

net.tamu.edu:/pub/security/TAMU/tiger-sigs.

To join, send e-mail to fwtk-users-request@tis.com and, in the text of your message (not the subject line), write:

SUBSCRIBE

Discussion list for the TIS firewall toolkit

The CERT Coordination Center maintains a mailing list for members of our constituency who would like to have advisories, billetins, and the CERT Summary mailed directly to them or to a mail exploder at their site.

To join, send e-mail to cert-advisory-request@cert.org and. You will receive confirmation mail when you have been placed on the list.

Past advisories and other information related to computer security are available for anonymous FTP from cert.org (192.88.209.5).

The purpose of this moderated mailing list is to encourage the exchange of information on security tools and techniques. The list should not be used for security problem reports.

Membership is restricted to system programmers, system administrator, and others with a legitimate, interest in the development of computer security tools. If you would like to be considered for inclusion, please send mail to:

cert-tools-request@cert.org

You will receive confirmation mail when you have been placed on the list.

CIAC Information Bulletins and Advisory Notices containing important, time-critical computer security information.

To join, send e-mail to ciac-listproc@llnl.gov and, in the text of your message (not the subject line), write any of the following examples:

subscribe ciac-bulletin LastName, FirstName PhoneNumber

You will receive an acknowledgment containing address, initial PIN, and information on how to change either of them, cancel your subscription, or get help.

CIAC Notes provides a periodic collection of less urgent computer security information.

To join, send e-mail to ciac-listproc@llnl.gov and, in the text of your message (not the subject line), write any of the following examples:

subscribe ciac-notes LastName, FirstName PhoneNumber

You will receive an acknowledgment containing address, initial PIN, and information on how to change either of them, cancel your subscription, or get help.

To join, send e-mail to support@support.mayfield.hp.com and, in the text of your message (not the subject line), write:

subscribe security_info

The latest digest of new HP Security Bulletins will be distributed directly to your mailbox on a routine basis.

To join, send e-mail to security-alert@sun.com and, in the subject of your message write:

SUBSCRIBE CWS your-email-addr

The message body should contain affiliation and contact information.

  _________.___.____    .____________  ________    _______
 /   _____/|   |    |   |   \_   ___ \ \       \   \      \
 \_____  \ |   |    |   |   /    \  \/ |   |    \  /   |   \
 /        \|   |    |___|   \     \____|   |     \/    |    \
/  _____  /|___|________|___|\________/\_________/\  __|__  /
| /     \/         [   T    O    A    D   ]        \/     \ |
|(                                                         )|
('                                                         ')