OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Steve Skoronski (skoronskictidata.com)
Date: Wed May 23 2001 - 15:40:37 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    But Ken,

            I thought that;

            "The E&Y Vulnerability Research Team researches, validates and
    documents all vulnerabilities included in the database. Our team monitors
    and screens numerous sources of vulnerability information and follows a
    detailed validation protocol to test both the exploit and countermeasures.
    An E&Y Subject Matter Expert (SME) in the affected technology writes our own
    assessment of the vulnerability, exploit and countermeasures."

            --((taken from E&Y brochure for eSecurityOnline.com))

            Of course, I cannot validate the existence of this, because your
    information at eSecurityOnline.com costs approx. 5,000.00/year to access,
    according to your sales people.

            Hey, wouldn't it be nice if someone gave you a huge database of info
    that you could just put up at eSecurityOnline.com and charge more for?!

            Sure, I'll give you all of my resources, as soon as you give me a
    login for yours.

    Steve

            

    -----Original Message-----
    From: Ken.Williamsey.com [mailto:Ken.Williamsey.com]
    Sent: Wednesday, May 23, 2001 10:11 AM
    To: focus-idssecurityfocus.com; forensicssecurityfocus.com;
    security-basicssecurityfocus.com
    Subject: Signatures of "Hacker Tools"

    Does anybody know of a comprehensive, frequently updated public database
    that contains signatures (file names, file sizes, md5 checksums, attack
    signatures, and descriptions) for "hacker tools" (ex. worms, rootkits,
    compiled exploits, wwwhack, l0phtcrack, whisker, etc)? I'm familiar, of
    course, with projects like arachNIDS, ARIS, and packetstorm, but I am
    looking for a comprehensive and user friendly database that can be diffed
    with a database of files, attacks, and traffic found on a large corporate
    network.

    Thanks,
    ken

    ****************************************************************************
    ***

    Note: The information contained in this message may be privileged
    and confidential and protected from disclosure. If the reader of this
    message is not the intended recipient, or an employee or agent responsible
    for delivering this message to the intended recipient, you are hereby
    notified that any dissemination, distribution or copying of this
    communication is strictly prohibited. If you have received this
    communication in error, please notify us immediately by replying to the
    message and deleting it from your computer. Thank you. Ernst & Young LLP
    ****************************************************************************
    ***