Vulnerability Development mailing list archives
Re: Immunix Adversary/Exploit Developer/Librarian
From: crispin () WIREX COM (Crispin Cowan)
Date: Wed, 5 Jul 2000 00:09:35 -0700
Blue Boar wrote:
Crispin Cowan wrote:[I understand that VULN-DEV is not a recruiting forum, but this position is precisely on-topic for the VULN-DEV mailing list: a vulnerability developer. Please post it if you find it appropriate, and I understand if you don't. Thanks.]OK, I let this through on cool factor.
Thanks!
I assume it also went to the security jobs list?
Yes, it went to securityjobs last week, but I thought vuln-dev might want to see it.
I think the only only job I've seen that ranks up there is this one: CD11F9F59C6BD3118BF5009027B0F53B0884EC () adp-exch-1 cmet af mil">http://securityfocus.com/templates/archive.pike?list=77&date=2000-01-22&msg=CD11F9F59C6BD3118BF5009027B0F53B0884EC () adp-exch-1 cmet af mil</A> (probably wrapped)
Fascinating.
So, I assume that as this guy break your own stuff, you'll post the info to the various lists? Will he share research with the rest of us?
You know how construction sites have signs up that say "This site has been injury free for XX days"? We want to put up a web site that says: * Immunix OS has been exploit-free for XX days * Red Hat Linux has been exploit-free for YY days The Immunix Adversary will be responsible for testing & refining exploits to back up these claims. When something is found that gets through either system, the counter gets re-set to "1", and for those that affect Immunix, an advisory goes out. To the extent possible, we hope to conform to the spirit of the Rain Forrest Puppy protocol for releasing advisories http://www.wiretrip.net/rfp/policy.html For instance, I would LOVE to be able to announce that Immunix is immune to the recent Kerberos and WU-FTPD buffer overflows, but I won't do that until I can validate it. Such validation would reset the Red Hat counter to "1", and the Immunix counter would depend on the testing result. This "days of safety" hack is my response to marketing & management wanting to stage a "hack me" contest. I feel that this has at least as much marketing punch, and a great deal more technical validity (cf. the usual reasons that "hack me" contests don't prove anything). Crispin -- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org Security JOB: http://immunix.org/jobs.html
Current thread:
- Immunix Adversary/Exploit Developer/Librarian Crispin Cowan (Jul 04)
- Re: Immunix Adversary/Exploit Developer/Librarian Blue Boar (Jul 04)
- Re: Immunix Adversary/Exploit Developer/Librarian Crispin Cowan (Jul 05)
- Re: Immunix Adversary/Exploit Developer/Librarian Blue Boar (Jul 04)