Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Students uncover dozens of Unix software flaws

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Students uncover dozens of Unix software flaws
Date: Fri, 17 Dec 2004 02:26:16 -0600 (CST) 
http://news.zdnet.com/2100-1009_22-5492969.html

By Robert Lemos 
CNET News.com 
December 15, 2004

Students of iconoclastic computer scientist Daniel Bernstein have
found some 44 security flaws in various Unix applications, according
to a list of advisories posted online.

The flaws, which range from minor slipups in rarely used applications
to more serious vulnerabilities in software that ships with most
versions of the Linux operating system, were found as part of
Bernstein's graduate-level course at the University of Illinois at
Chicago.

"Every program is used somewhere--this was a requirement for the
homework--but the programs vary widely in popularity," Bernstein, a
professor of computer science at the university, stated in an e-mail
interview Thursday.

The advisories regarding the flaws were dated Wednesday and can be
found on the Web site of student James Longstreet.

Bernstein said it was necessary for programmers to learn security,
both to analyze existing programs and to create new ones.

"If any (programmer makes) a security mistake, then your computer is
vulnerable to attack," he said in the e-mail interview. "So we have to
teach all programmers how to avoid these mistakes."

The latest crop of security flaws comes two days after a
software-testing company announced that it had found 985 flaws in the
latest Linux kernel during the past four years using the company's
analysis software. While the number seems high, the company said it is
far lower than the number associated with most commercial software.

Each person in the class during the fall semester had to find 10
flaws, a task that counted toward 60 percent of their grade for the
class, according to class notes posted on Bernstein's Web site. With
only 44 flaws discovered among a reported 25 students, Bernstein said
he is rethinking the grading curve.

"At the end of the course, I decided to throw that scale away and
think about how much the students had learned," he wrote



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Students uncover dozens of Unix software flaws, InfoSec News <=
Previous by Date:  [ISN] Second hacker who entered Lowe's computers gets 26 months, InfoSec News
Next by Date:  [ISN] Secunia Weekly Summary - Issue: 2004-51, InfoSec News
Previous by Thread:  [ISN] Second hacker who entered Lowe's computers gets 26 months, InfoSec News
Next by Thread:  [ISN] Secunia Weekly Summary - Issue: 2004-51, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]