From: fc@all.net (Dr. Frederick B. Cohen)
To: adam@homeport.org (Adam Shostack)
Message Hash: 2685d433ab55bb76cb3c5b1e5398a15d5a685f614e660865e328030fd30e772a
Message ID: <9510121321.AA18371@all.net>
Reply To: <199510121157.HAA07110@homeport.org>
UTC Datetime: 1995-10-12 13:24:18 UTC
Raw Date: Thu, 12 Oct 95 06:24:18 PDT
From: fc@all.net (Dr. Frederick B. Cohen)
Date: Thu, 12 Oct 95 06:24:18 PDT
To: adam@homeport.org (Adam Shostack)
Subject: Internet holes
In-Reply-To: <199510121157.HAA07110@homeport.org>
Message-ID: <9510121321.AA18371@all.net>
MIME-Version: 1.0
Content-Type: text
> | There are alse several papers there on "Internet Holes" under Network
> | Security in the same on-line journal. Every month, another 5-10 holes
> | are added to those published in this forum.
>
> And how many of those holes are published by bugtraq/CERT/8lgm
> first? Just curious to see if this is another list I should be on...
I am writing a series of atricles - one per month - for Network Security
Magazine, and am putting lat month's article up as they publish the next
one. Probably 20% have appeared on bugtraq, etc.
All I am doing is going through the TCP/IP protocols (and other such
stuf) one at a time, writing a short piece on each, describing the most
obvious holes, giving some ideas of how they have been/can be exploited,
and describing in general terms what we might do to fix them. Next
issue covers NNTP - then comes a 2-month (I think) issue on TCP as a
protocol (lots of holes there) - then whatever strikes my fancy next. I
figure it will take a few years at this rate to get through the most
important protocols and services.
--
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
Return to October 1995
Return to ““Philip J. Nesser” <pjnesser@rocket.com>”