There is a certain irony in trying to include a comprehensive list of electronic resources in a printed book such as this one. Electronic resources such as web pages, newsgroups, and mailing lists are updated on an hourly basis; new releases of computer programs can be published every few weeks.
Books, on the other hand, are infrequently updated. The first edition of Practical UNIX Security, for instance, was written between 1989 and 1990, and published in 1991. The second edition was started in 1995 and not published until 1996. This edition was written in the second half of 2002. Interim reprintings incorporated corrections, but did not include new material.
Some of the programs listed in this appendix appear to be "dead," or, in the vernacular of academia, "completed." For instance, consider the case of COPS, developed as a student project by Dan Farmer at Purdue University under the direction of Gene Spafford. The COPS program is still referenced by many first-rate texts on computer security. But as of 2002, COPS hasn't been updated in more than seven years and fails to install cleanly on many major versions of Unix; and Dan Farmer has long since left Gene's tutelage and gone on to fame, fortune, and other projects (such as the SATAN tool and the Coroner's Toolkit). COPS rests moribund on a number of FTP servers, apparently a dead project. But in the second edition of this book, we wrote:
Nevertheless, before this book is revised for a third time, there exists the chance that someone else will take up COPS and put a new face on it. And, we note that there is still some value in applying COPS?some of the flaws that it finds are still present in systems shipped by some vendors (assuming that you can get the program to compile).
And indeed, in September 2002, a posting to the comp.security.unix Usenet newsgroup discussed extensions to several COPS subsystems by a network administrator who has been maintaining the code, improving it, and running it on 700 machines.
We thus present the following electronic resources with the understanding that this list necessarily cannot be complete nor completely up-to-date. What we hope, instead, is that it is useful. By reading it, we hope that you will find useful places to look for future developments in computer security. Along the way, you may find some information you can put to immediate use.