Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

OSVDB - We're offering a bounty... of sorts!

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 29 Oct 2013 06:37:41 +0000 (UTC)
http://blog.osvdb.org/2013/10/28/were-offering-a-bounty-of-sorts/
[Since this bounty is coming out of Jericho's pocket, it would be great if some readers could help out with some $$$ assistance! - WK] 


By jerichoattrition
October 28, 2013
In our pursuit of a more complete historical record of vulnerabilities, we’re offering a bounty! We don’t want your 0-day really. OK sure we do, but we know you are stingy with that, so we’ll settle on your ~ 12,775 day exploits!
First, the bounty. This is coming out my pocket since it is legacy and doesn’t immediately benefit people using us as a vulnerability feed. As such, this isn't going to be a profit center for you. In addition to the personal satisfaction of helping preserve history, shout outs on this blog and multiple Twitter feeds, I will send you something. Want a gift card for Amazon? Something else I have that you want? I’ll make my best effort to make it reasonably worth your while. I know it isn’t a cool $1,337 Google style unfortunately, but I will try!
Now, what am I after. Not "a" vulnerability, but any of several lists of vulnerabilities from decades ago. These were maintained in the 1980's most likely, one of which was internal at the time. I am hoping that given the time that has passed, and that the vulnerabilities have long since been patched and most products EOL'd, they can be disclosed. If you don't have a copy but know someone might, send me a virtual introduction please! Any lead that results in me getting my hands on a list will be rewarded in some fashion as well. If you have a copy but it is buried in a box in the garage, let me know. I will see about traveling to help you dig through junk to find it. Seriously, that is how bad I want these historic lists! 


The targets:

* The Unix Known Problem List (this was not one of the vendor-specific
  lists, but those may be groovy)

* UC Santa Cruz hack method list

* Mt. Xinu bug list (later than 4.2 or with more details than this copy)

* Matt Bishop's UNIX Hole List

* Sun Microsystems Bug-List (internal at the time no doubt)

* ISIS mail list archive (one run by Andrew Burt in 80′s)

* Bjorn Satedevas' systems administration mailing list archive

* The "inner" Zardoz mail list archive (split from the main one, less
  members)


Bonus bounty:
Any public-referenced vulnerability before 1980 that we do not have in the database. I know there has to be more out there, help us find them! 

That’s it! Pretty simple, but may require some digging mentally or physically.


--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
Previous By Date Next
Previous By Thread Next

Current thread: