From: fc@all.net (Dr. Frederick B. Cohen)
Date: Thu, 12 Oct 95 06:24:18 PDT
To: adam@homeport.org (Adam Shostack)
Subject: Internet holes
In-Reply-To: <199510121157.HAA07110@homeport.org>
Message-ID: <9510121321.AA18371@all.net>
MIME-Version: 1.0
Content-Type: text


> | There are alse several papers there on "Internet Holes" under Network
> | Security in the same on-line journal.  Every month, another 5-10 holes
> | are added to those published in this forum.
> 
> 	And how many of those holes are published by bugtraq/CERT/8lgm
> first? Just curious to see if this is another list I should be on...

I am writing a series of atricles - one per month - for Network Security
Magazine, and am putting lat month's article up as they publish the next
one.  Probably 20% have appeared on bugtraq, etc.

All I am doing is going through the TCP/IP protocols (and other such
stuf) one at a time, writing a short piece on each, describing the most
obvious holes, giving some ideas of how they have been/can be exploited,
and describing in general terms what we might do to fix them.  Next
issue covers NNTP - then comes a 2-month (I think) issue on TCP as a
protocol (lots of holes there) - then whatever strikes my fancy next.  I
figure it will take a few years at this rate to get through the most
important protocols and services.

-- 
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236