Where is the very BEST place to go to get information on known cracks and exploits for Linux in general and Fedora 7 in particular, along with the recommended upgrades / fixes?
Les réponses au message de Eric (reply.in.group@nospam.no)
On 29 Jul, 19:28, "Stachu 'Dozzie' K." wrote: > On 28.07.2007, Eric wrote: > > Where is the very BEST place to go to get information on known cracks and > > exploits for Linux in general and Fedora 7 in particular, along with the > > recommended upgrades / fixes? > If you can't find them, then they are not for you.
*Sigh*. Everybody has to strt out somewhere.
I'd suggest starting out by reading CERT and tracking down the latest vulnerabilities, and trying to understand that will give you some background to start from.
On 31 Jul, 18:54, "Stachu 'Dozzie' K." wrote: > On 30.07.2007, Nico wrote:> On 29 Jul, 19:28, "Stachu 'Dozzie' K." > > wrote: > >> On 28.07.2007, Eric wrote: > >> > Where is the very BEST place to go to get information on known cracks and > ^^^^^^^^^^>> > exploits for Linux in general and Fedora 7 in particular, along with the > ^^^^^^^^^^^^^^^^^^ > >> > recommended upgrades / fixes?
> He doesn't look for information about vulnerabilities. He's looking for > ready exploits, as he said.
Be nice. It's OK to ask: security through obscurity and through pretending "you have to be a special 3l33t k00l d00dz" to learn about them doesn't help anyone.
On Tue, 31 Jul 2007 22:54:26 +0000, Stachu 'Dozzie' K. wrote:
> Giving ready exploits to people who can't even manage to get some, let > alone writing their own, can't help anyone as well, but can cause > troubles to others.
Good evening, Dozzie.
Did it escape your attention that I was looking for information on exploits for which there are known workarounds, fixes, and mitigations?
There was a time not many years ago when I was on a mailing list that sent out notices that were somewhat like new-virus notices, i.e. explain the exploit, then tell what one can do to protect one's system against the exploit.
I can't remember the mailing list information, can't find out if it's still alive (it may have gone by the wayside or gotten converted into a blog or newsgroup or Google Group).
I actually don't necessarily need the exploit... just something like "New exploit discovered, none of your business what it is, but here's how to protect yourself against it" would be helpful to me... but I do recall that mailing list from years ago that did give the exploit and the fix.
It actually would be helpful to know at least something about the exploit because this particular host is unavailable to any local access except me (it's behind locked doors and I have the key) and so short of somebody breaking down the door, any exploit that, for example, depends on local access isn't of interest to me.
I know that newsgroups with names that include "security" are likely to be populated by more than a few paranoids, but geez... :-(
On 1 Aug, 00:51, Eric wrote: > On Tue, 31 Jul 2007 22:54:26 +0000, Stachu 'Dozzie' K. wrote: > > Giving ready exploits to people who can't even manage to get some, let > > alone writing their own, can't help anyone as well, but can cause > > troubles to others. > Good evening, Dozzie. > Did it escape your attention that I was looking for information on > exploits for which there are known workarounds, fixes, and mitigations?
That wasn't clear, but it's why I sent you over to CERT to look. Trolls and arrogant 3l33t d00dz happen everywhere.
Did you have any luck starting from CERT and tracking down such material? CERT and Google is a great way to start.
Vulnerabilite.com ne peut être tenu responsable des propos tenus dans le Newsgroup comp.os.linux.security
Message de Nico (nkadel@gmail.com) (31 Juillet 2007)
