OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Arjen De Landgraaf (arjen.de.landgraaf_at_cologic.co.nz)
Date: Mon Sep 16 2002 - 18:42:16 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Well, let's see what happens with this post :)

    We have taken the initiative to place a completely free,
    very extensive and complete ICT security vulnerability
    database on the web, for the IT security world to
    use as a possible resource.

    www.e-secure-db

    E-Secure-DB is the result of a full-time team 24 x 7
    over the last two years. Each of the items entered
    in the DB over that time has been checked by at
    least one person. No automated posting,
    although we do have most of the harvesting automated.

    No news items like "Man Hacked to Death in Papua
    New Guinea" here, only relevant IT security stuff (well, we think).

    Over 60,000 items, with between 50-100 added daily.
    The database is organised in a tree structure, with
    around 2500 folders on almost any subject, including
    product vulns, viruses, news, information etc. No empty folders:)

    Updates - last batch update 16 Sept 03.00 New Zealand
    time (GMT +12).

    For instance: Info on Slapper / SSL worm in the
    SSL/OpenSSL folder:

    http://www.e-secure-db.us/dscgi/ds.py/View/Collection-348

    If anyone on this list finds any dead links, or anything
    else we can improve or change in www.e-secure-db.us
    to make it work better for you, let us know.

    mail to: qualitye-secure-it.co.nz

    Feedback really appreciated.

    Arjen
    CSL
    Auckland
    New Zealand

    -----Original Message-----
    From: corebokeoa.com [mailto:corebokeoa.com]
    Sent: Tuesday, 17 September 2002 10:55 a.m.
    To: Dave Ahmad; full-disclosurelists.netsys.com
    Subject: Re: [Full-Disclosure] openssl exploit code

    Solar, Dave, hellNbak, all,

    On Mon, Sep 16, 2002 at 04:08:54PM -0500, Solar Eclipse wrote:
    > On Mon, Sep 16, 2002 at 02:16:05PM -0600, Dave Ahmad wrote:
    > > An exploit code that lists you as the author has been posted to Bugtraq.
    > > I would like to request your permission before approving it for
    > > distribution on the list.

    That's interesting as a bugtraq moderator approved a post of
    an exploit of mine without asking for consent. Namely
    RaQFuCK.sh. What's worse? I attempted to reply to the person who
    posted my exploit and discuss that I had only sent the exploit to
    full-disclosure but this little piece of information was conveniently
    withheld from bugtraq subscribers. Comments?

    peace,
    core 

    -- 
  Charles Stevenson (core) <corebokeoa.com>
  Lab Assistant, College of Eastern Utah San Juan Campus 
  http://www.bokeoa.com/~core/core.asc