KRL

Free Internet Security Database Goes Live

The Open Source Vulnerability Database, which got its start nearly three years ago at a pair of security conferences, currently lists over 2,000 vulnerabilities, with another 2,800 waiting to be categorized.

http://www.osvdb.org/

__________________
If you would like to develop your domains, you can lease inexpensive foreign labor
from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION!
*** *** *** *** *** *** *** *** *** *** *** ***
Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

KRL

Thinking about this some more. Isn't that kind of crazy to list every security vulnerability openly like that? Hackers will have a field day getting info from that site.

__________________
If you would like to develop your domains, you can lease inexpensive foreign labor
from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION!
*** *** *** *** *** *** *** *** *** *** *** ***
Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

cluck

There's nothing wrong with proof of concept.

If I was under 18 again I'd go on an owning rampage.

__________________
icq 279990726
www.mcdonalds.com <- great money making opportunity

bringer

hackers already know about them, releasing it like that lets the peons understand whats out there and how to protect themselves.

__________________
333-765-551

Myst

dont u mean 17?

erehwon

Your head would spin if you saw all the outlets of information for all the crackers out there to compromise your security.

KRL, trust me on this one, if your admin/security goons aren't keeping your sites properly locked down, you should be more concerned about the MetaSploit Project over the OSVB.

Soon Packetstorm will be operational again and all the 0-day root-kits sitting in the PSS staff inboxes will be archived for everyone to see and play with.

__________________
Money NEVER $leep$...

notjoe

If there that many known vulnerabilities i'm willing to bet that another 1000 exist which this site doesnt even know about.

These "security" sites out of date when it comes to this shit. Hackers are always 2 or 3 steps ahead of these sites.

fuzebox

Security Through Obscurity has been proven not to work (notice every time a new hahahahahahas-affecting worm is released half the Internet goes down)...

The open source development model had worked well for years for securing software. All the code is on the table, all the bugs are publically discussed among thousands of developers and administrators, and holes and plugged quickly. As soon as a vulnerability is released a patch is usually released with it. The exploit code can be used to test your own systems just as it can be used to crack into other systems.

Online security databases are as much a help to administrators as they are to crackers, if not more.

TheFrog

thanks for the link

fuzebox

Some yes, some no... The script kiddies who cause the majority of the problems (defaced websites, stolen adult passwords, etc) can usually be easily stopped by a competent administrator who keeps on top of security bulletins.

com

Ermm one common misconception I'm seeing here is that there is that you all feel an enterpreted threat caused by this type of information being readily available to "hackers" or "crackers". As a matter of fact it's quite the oposite. We are the ones finding these vulnerabilities, writing proof of concept code, and releasing advisories with or without code is irrelevant. We have now come full circle, in the early 90s if you weren't in with the security underground, you didn't hear about vulerabilities untill you realised you were compromised, or some idiot kid got his hands on some code and wreaked havok. Then for several enjoyable years, security became a more openly spoken about side of the industry, vulnerabilities and exploit code alike were handed out freely giving security "proffessionals" the oportunity to understand and see first hand what was causing them to be vulnerable and how it affected them and their deployment. Since certain laws have been passed making anyone who distributes such source code a criminal, the truly proffessional side has been fucked proper. Once again, no one is realeasing source code, or sharing any such information with the public... so once again welcome to the early 90s. If you don't have associations with certain types of people and groups, you're out in the cold untill it becomes a public problem. ;)

__________________

goBigtime

I don't think there is much of an increased risk to getting hacked because of something like this.

It's already been done basically with bugtraq and other whitehat security lists.... all this will do (if it takes off) is consolidate everything more.

com

The more publicized these things are the better off everyone is. It is then up to the systems admin to do their job and keep on top of known and potential vulnerabilities. When nothing is published, you may never know you?ve been compromised and your unwanted visitor may just be watching everything you do and collecting what he/she finds intriguing. Regardless, a better informed public is far more desirable then a blind flock of sheep.

__________________