|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Immunix Adversary/Exploit Developer/Librarian
From: Crispin Cowan (crispin
WIREX.COM)Date: Wed Jul 05 2000 - 02:09:35 CDT
- Next message: Runar Jensen: "Default passwords using Cisco ConfigMaker"
- Previous message: Blue Boar: "Re: Immunix Adversary/Exploit Developer/Librarian"
- In reply to: Blue Boar: "Re: Immunix Adversary/Exploit Developer/Librarian"
- Reply: Crispin Cowan: "Re: Immunix Adversary/Exploit Developer/Librarian"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Blue Boar wrote:
> Crispin Cowan wrote:
> >
> > [I understand that VULN-DEV is not a recruiting forum, but this position
> > is precisely on-topic for the VULN-DEV mailing list: a vulnerability
> > developer. Please post it if you find it appropriate, and I understand
> > if you don't. Thanks.]
> >
>
> OK, I let this through on cool factor.
Thanks!
> I assume it also went to the
> security jobs list?
Yes, it went to securityjobs last week, but I thought vuln-dev might want to see it.
> I think the only only job I've seen that ranks up there is this one:
> adp-exch-1.cmet.af.mil">http://securityfocus.com/templates/archive.pike?list=77&date=2000-01-22&msg=CD11F9F59C6BD3118BF5009027B0F53B0884ECadp-exch-1.cmet.af.mil
> (probably wrapped)
Fascinating.
> So, I assume that as this guy break your own stuff, you'll post
> the info to the various lists? Will he share research with the rest
> of us?
You know how construction sites have signs up that say "This site has been injury free for XX days"? We want to put up a web site that
says:
* Immunix OS has been exploit-free for XX days
* Red Hat Linux has been exploit-free for YY days
The Immunix Adversary will be responsible for testing & refining exploits to back up these claims. When something is found that gets
through either system, the counter gets re-set to "1", and for those that affect Immunix, an advisory goes out. To the extent possible, we
hope to conform to the spirit of the Rain Forrest Puppy protocol for releasing advisories http://www.wiretrip.net/rfp/policy.html
For instance, I would LOVE to be able to announce that Immunix is immune to the recent Kerberos and WU-FTPD buffer overflows, but I won't do
that until I can validate it. Such validation would reset the Red Hat counter to "1", and the Immunix counter would depend on the testing
result.
This "days of safety" hack is my response to marketing & management wanting to stage a "hack me" contest. I feel that this has at least as
much marketing punch, and a great deal more technical validity (cf. the usual reasons that "hack me" contests don't prove anything).
Crispin
-- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org Security JOB: http://immunix.org/jobs.html
- Next message: Runar Jensen: "Default passwords using Cisco ConfigMaker"
- Previous message: Blue Boar: "Re: Immunix Adversary/Exploit Developer/Librarian"
- In reply to: Blue Boar: "Re: Immunix Adversary/Exploit Developer/Librarian"
- Reply: Crispin Cowan: "Re: Immunix Adversary/Exploit Developer/Librarian"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]