Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DJB's students release 44 *nix software vulnerability advisories

from [security curmudgeon] Network Security [Permanent Link]
Subject: Re: DJB's students release 44 *nix software vulnerability advisories
Date: Fri, 17 Dec 2004 02:40:58 -0500 (EST) 

: Widely deployed open source software is commonly believed to contain 
: fewer security vulnerabilities than similar closed source software due 
: to the possibility of unrestricted third party source code auditing. 
: Predictably, most users of open source software do not invest a 
: significant amount of time to audit the applications they use and now a 
: class of 25 students has discovered 44 vulnerabilities during a CS 
: course.

: D.J. Bernstein (http://cr.yp.to/djb.html) is lecturing a course this 
: fall at the University of Illinois at Chicago called "MCS 494: Unix 
: Security Holes" (http://cr.yp.to/2004-494.html). One of the requirements 
: to pass the course was to find and exploit 10 previously undiscovered 
: security holes in currently deployed Unix software.
: 
: With a class of 25 students discovering 44 vulnerabilities most students 
: now expect to fail the course 
: (http://it.slashdot.org/article.pl?sid=04/12/15/2113202).
: 
: The 44 security advisories have been published at
: 
: http://tigger.uic.edu/~jlongs2/holes/

In each case, Professor Bernstein notified the author of the vulnerable 
package on Dec 15 via e-mail. This mail hit Bugtraq on the 16th, giving 
one day for vendors to provide fixes.

Is the class on responsible disclosure next semester perhaps?
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: DJB's students release 44 *nix software vulnerability advisories, cees-bart
Next by Date:  NetBSD kernel local vulnerabilities, Evgeny Demidov
Previous by Thread:  Re: DJB's students release 44 *nix software vulnerability advisories, Marcin Owsiany
Next by Thread:  Re: DJB's students release 44 *nix software vulnerability advisories, Julian T J Midgley
Indexes:  [Date] [Thread] [Top] [All Lists]