Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-05-2003, 11:39 AM
|
#1
|
Member
Registered: Aug 2002
Location: Estonia
Distribution: XP PRO
Posts: 119
Rep:
|
exploit collection
is there any large exploit(linux and unix both) collection? the new and old ones as well?
and where could i get the lates information on security holes? in order to keep my RH up to date.
Last edited by keevitaja; 03-05-2003 at 11:45 AM.
|
|
|
03-05-2003, 12:46 PM
|
#2
|
Member
Registered: Feb 2003
Location: god's judge
Posts: 376
Rep:
|
exploit list or exploit collection? One I would share with you(readily available with a google search) and one I would not give you to put you out when you were on fire. Which is it you want?
|
|
|
03-07-2003, 08:33 AM
|
#3
|
Member
Registered: Apr 2002
Distribution: Gentoo 2006.0 AMD64
Posts: 399
Rep:
|
williamwbishop, lol, i don't get what your post meant! heh
I'm also interested in this sort of a list...if we can't post links straight to the site, maybe a little help on what to search for @ google? I've tried quite a few different combinations...I've come up with some small sites, but is there any general larger ones that are updated fairly often?
Last edited by Grim Reaper; 03-07-2003 at 08:34 AM.
|
|
|
03-07-2003, 10:11 AM
|
#4
|
Moderator
Registered: May 2001
Posts: 29,415
|
is there any large exploit(linux and unix both) collection? the new and old ones as well?
williamwbishop's reply is totally in line with what any LQ member/moderator could have said (meaning those having an idea what LQ is about either with or w/o reading the AUP).
Just to remind you why I'm cutting this "discussion" off: Jeremy has made it VERY clear in the past LQ members won't be allowed to post links to archives, post exploits or post questions in the Grey/Black Hat area. IMNSHO it's a perfect way to filter skiddie REQ's from "serious" questions. Anyway, this shouldn't be a problem since there are a myriad of sites/board around. Just don't stick with one approach to or means of searching something. Try to broaden your scope.
Bypassing any moral, ethical and legal issues whoever releases proof of concept code or exploit does it to show their knowledge and capabilities. It could buy them credit in the eyes of vendors, customers, fellow crackers or researchers. If a vulnerability or new exploit is to be used as leverage in the direction of fellow crackers or customers, the exploit needs to be kept "secret", so one can't be allowed to *act* as a proponent of Full Disclosure. (See for instance the ways of the "respectable" firm ISS wrt for instance Apache or OpenSSH.)
and where could i get the lates information on security holes?
- Red Hat posts security advisories regularly to their own and 3rd party mailinglists. Subscribe to them or visit redhat.com, securityfocus.com, securiteam.com, linuxsecurity.com, securepoint.com (Bugtraq). Messages have "\[RHSA-YYYY.*" in the subject and are generally posted by "bugzilla@redhat.com".
- Red Hat has up2date. Use it.
- LQ. We post the (weekly) bulletins from securityfocus.com, linuxsecurity.com, ISS, SANS and CERT. Plus any member can post a warning.
//mod.note: case closed.
|
|
|
All times are GMT -5. The time now is 01:08 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|