lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
From: cmeik at gawble.net (Christopher Meiklejohn)
Subject: Symantec Buys SecurityFocus, among others.... 


Second, I've been amazed at what big fucking morons the "esteemed
hackers" in the community are.  Especially Chris and Jay.  Wow!  I
thought you guys were really intelligent, and to some extent, had a
moderate amount of respect for you two.  The only thing I've seen from
any of you at this point is hidden agenda.  You guys are truely
disgusting.  You guys set the bar for low.  Proof that nothing is ever
what it seems.

For wanting a public vulnerability database?  This is what the security
community is currently missing in a public and open format. There are 
open
source NIDS, vuln scanners, and other security tools. There are public
security mailing lists. There is a public vuln dictionary, CVE.  But 
there
is no public vuln database.  Why is everything else good to have
non-commercial alternatives for except a vuln database?  The open source
tools could tie into it.

I think that a public vuln database would be incredibly useful.  I find 
that when security
advisories are released, trying to search through all of the security 
companies websites
for more information on how it is being exploited, and also how it is 
going to affect my
systems, rather... tedious.

I also think that tying them to the open source tools, or leaving it 
open so that they could be,
would also be a great idea.  Having to find up-to-date signatures for 
all of the security software,
is another task that could be easily automated with something like that.

I know that their are other reasons being discussed on this list about 
the idea of the public vuln database, but, I just thought that I would 
throw out my $0.02.

--Chris

Christopher Meiklejohn
cmeik@...ble.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1777 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20020719/d839dd20/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ