1995-10-12 - Internet holes

Header Data

From: fc@all.net (Dr. Frederick B. Cohen)
To: adam@homeport.org (Adam Shostack)
Message Hash: 2685d433ab55bb76cb3c5b1e5398a15d5a685f614e660865e328030fd30e772a
Message ID: <9510121321.AA18371@all.net>
Reply To: <199510121157.HAA07110@homeport.org>
UTC Datetime: 1995-10-12 13:24:18 UTC
Raw Date: Thu, 12 Oct 95 06:24:18 PDT

Raw message

From: fc@all.net (Dr. Frederick B. Cohen)
Date: Thu, 12 Oct 95 06:24:18 PDT
To: adam@homeport.org (Adam Shostack)
Subject: Internet holes
In-Reply-To: <199510121157.HAA07110@homeport.org>
Message-ID: <9510121321.AA18371@all.net>
MIME-Version: 1.0
Content-Type: text


> | There are alse several papers there on "Internet Holes" under Network
> | Security in the same on-line journal.  Every month, another 5-10 holes
> | are added to those published in this forum.
> 
> 	And how many of those holes are published by bugtraq/CERT/8lgm
> first? Just curious to see if this is another list I should be on...

I am writing a series of atricles - one per month - for Network Security
Magazine, and am putting lat month's article up as they publish the next
one.  Probably 20% have appeared on bugtraq, etc.

All I am doing is going through the TCP/IP protocols (and other such
stuf) one at a time, writing a short piece on each, describing the most
obvious holes, giving some ideas of how they have been/can be exploited,
and describing in general terms what we might do to fix them.  Next
issue covers NNTP - then comes a 2-month (I think) issue on TCP as a
protocol (lots of holes there) - then whatever strikes my fancy next.  I
figure it will take a few years at this rate to get through the most
important protocols and services.

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236




Thread