[nSLUG] Source for early news on security issues

Michael Crawford mdcrawford at gmail.com
Thu Mar 12 22:49:46 ADT 2015


I would expect the very first news of any security problem would come
from CERT.  When I was but a pollywog I went through a bunch of CERT
advisories until I found a remote root exploit in A/UX 2.0.  What the
advisory actually said was "don't make /etc/utmp world-writable".
When the A/UX team refused to fix the permissions, I wrote a 12-line
exploit, attached it to a bug report then blasted it an email about it
all over Cupertino.

I expect to get fired but instead I was invited to play Capture The
Flag - that is, to attempt to write into a file called /flag on one of
apple's vaxen.
Michael David Crawford, Consulting Software Engineer
mdcrawford at gmail.com
http://www.warplife.com/mdc/

   Available for Software Development in the Portland, Oregon Metropolitan
Area.


On Thu, Mar 12, 2015 at 3:41 PM, Herb Theriault <herbt at theria.ca> wrote:
> For those thinking about an RSS solution and want to build it yourself:
>
> http://tt-rss.org/redmine/projects/tt-rss/wiki
>
> http://river4.smallpict.com/2014/06/04/welcomeToRiver4.html
>
>
>
>
>
> On March 12, 2015 7:22:07 PM ADT, Oliver Doepner <odoepner at gmail.com> wrote:
>>
>>
>> How about a subscription to US-CERT ?
>> https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new
>>
>> On Thu, Mar 12, 2015 at 5:36 PM, Stephen Yorke <syorke at gmail.com> wrote:
>>>
>>> I smell an NSLUG idea brewing.   ;-)
>>>
>>> Security aggregator website and provide it as an RSS feed, push/toast
>>> notifications by using some created application for iOS, Android, Chrome,
>>> Microsoft or whatever.  Would be quite easy to create it as a Website which
>>> polled different security sites, maybe top 3 - 5 to start and then bring in
>>> others slowly.
>>>
>>> Thoughts?  I could probably whip something up in a few days if you have
>>> specific sites which you would want/like to be polled.
>>>
>>> On Thu, Mar 12, 2015 at 4:53 PM, D G Teed <donald.teed at gmail.com> wrote:
>>>>
>>>> On Thu, Mar 12, 2015 at 4:36 PM, Joel Maxuel <j.maxuel at gmail.com> wrote:
>>>> > This doesn't work?:
>>>> > http://slashdot.org/tag/security
>>>> >
>>>> > I changed my prefs to the old slashdot a while ago, maybe that has
>>>> > something
>>>> > to do with it.
>>>> >
>>>>
>>>> The tag link you have is like a search for anything tagged 'security'.
>>>> It only displays a subject.  The previous one had
>>>> security as a topic and it auto refreshed.
>>>>
>>>> I think what I was looking for was:
>>>>
>>>> http://slashdot.org/security?source=autorefresh
>>>>
>>>> That still works, but they don't provide the link to that on the main
>>>> page.
>>>> I'm open to anything which may be better.  I'm interested in macro
>>>> level of stuff that involves open source, Linux and *nix.  By macro
>>>> I mean that things like Debian or Redhat security news can be
>>>> specific to only them, and not include something like major issue
>>>> with routers, CMS, etc.
>>>>
>>>>
>>>> > On Thu, Mar 12, 2015 at 4:24 PM, D G Teed <donald.teed at gmail.com>
>>>> > wrote:
>>>> >>
>>>> >> One of the ways I found useful of getting early news on security
>>>> >> issues
>>>> >> was to have a browser refreshing on the Security category of
>>>> >> Slashdot.
>>>> >>
>>>> >> Slashdot has been revamped and I don't see an equivalent feature.
>>>> >>
>>>> >> What do others do to get the earliest possible news on security
>>>> >> issues
>>>> >> like heartbleed, bash bug and the kind of thing you want to patch
>>>> >> in the next 5 minutes if possible?
>>>> >>
>>>> >> I subscribe to a few things like US-CERT, but most of them are days
>>>> >> rather than minutes to release security news like this.
>>>> >> _______________________________________________
>>>> >> nSLUG mailing list
>>>> >> nSLUG at nslug.ns.ca
>>>> >> http://nslug.ns.ca/mailman/listinfo/nslug
>>>> >
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > nSLUG mailing list
>>>> > nSLUG at nslug.ns.ca
>>>> > http://nslug.ns.ca/mailman/listinfo/nslug
>>>> >
>>>> _______________________________________________
>>>> nSLUG mailing list
>>>> nSLUG at nslug.ns.ca
>>>> http://nslug.ns.ca/mailman/listinfo/nslug
>>>
>>>
>>>
>>>
>>> --
>>> Thank you,
>>> -Stephen Yorke
>>> President/Founder
>>> Vaper Box Inc
>>> syorke at gmail.com
>>> vaperbox.ca at gmail.com
>>> http://vaperbox.ca
>>>
>>>
>>> _______________________________________________
>>> nSLUG mailing list
>>> nSLUG at nslug.ns.ca
>>> http://nslug.ns.ca/mailman/listinfo/nslug
>>>
>>
>>
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug
>


More information about the nSLUG mailing list