Where results make sense

About us   |   Why use us?   |   Reviews   |   PR   |   Contact us

Bugtraq - Wikipedia, the free encyclopedia Bugtraq was created on Friday November 5, 1993 by Scott Chasin, in response to the perceived failings of the existing internet security infrastructure of the time, particularly CERT. Bugtraq's policy was to publish vulnerabilities, regardless of vendor response, as part of the Full Disclosure movement of vulnerability disclosure. The last few years, Bugtraq has been the property of the computer security company SecurityFocus, which was bought out by Symantec on August 6th, 2002. en.wikipedia.org /wiki/Bugtraq   (245 words)

Network Computing | Feature | Network Computing's 10th Anniversary | Top 10 People: Number 8 | October 2, 2000 Before BugTraq, customers that encountered security-related bugs were limited to direct communication with their vendors. Frequently, bugs and security complaints were denied or simply swept under the carpet by the vendors in question, which would dismiss a potentially hazardous bug as trivial or "theoretical." When bugs were fixed, vendors often didn't inform their customers, which meant a customer would have to submit a complaint before receiving the fix. BugTraq has published just about every security issue that's hit the Internet thus far, often discussing the issue weeks or even months before its effects are felt by the majority of the world. www.networkcomputing.com /1119/1119f1people_8.html   (775 words)

BugTRAQ - vBulletin Community Forum In a similar manner to the way in which it can currently say "The latest version of vB is..." it could say "The last three security alerts were..." I think it would be a wise idea so that those admins who don't constantly check and improve at least will have had warning. Bugtraq reports about vBulletin are very rare--most bug/vulnerability reporting is done in the troubleshooting forum and (with luck) moved into the bugs forum. Even then, it seems to me there are a few Bugtraq subscribers here and they have usually posted right away about the published vulnerability. www.vbulletin.com /forum/showthread.php?t=60201   (467 words)

Bugtraq admin says submissions not being delayed - smh.com.au Fears that postings to the Bugtraq security mailing list, which is owned by Symantec, are being deliberately delayed, have been dismissed by the list administrator, Dave Mirza Ahmad. Ahmad said the delay was due to the fact that Bugtraq is a moderated list. He was responding to a query from Raj Mathur, a subscriber of Bugtraq. www.smh.com.au /articles/2003/09/26/1064083163274.html   (613 words)

Techdirt:Symantec Buys SecurityFocus/BugTraq BugTraq, of course, is the main list to find out about where major security holes are. Symantec has a history of overhyping virus warnings, and if they see BugTraq as a way to do the same thing for security holes, that could be a problem. Bugtraq hasn't been the same for a very long time...ever since Aleph1 turned over the mailing list to the corporate weenies. www.techdirt.com /articles/20020717/1825218_F.shtml   (406 words)

ISS X-Force Database: win-ntfs-file-hiding(8043): Microsoft Windows NT, 2000, and XP using NTFS could allow files to be ... BugTraq Mailing List, Fri Feb 01 2002 - 06:25:14 CST, Long path exploit on NTFS - F-Secure Anti-Virus not vulnerable at http://archives.neohapsis.com/archives/bugtraq/2002-01/0401.html. BugTraq Mailing List, Thu Jan 31 2002 - 07:37:51 CST, RE: Long path exploit on NTFS at http://archives.neohapsis.com/archives/bugtraq/2002-01/0371.html. BugTraq Mailing List, Thu Jan 31 2002 - 11:12:38 CST, RE: Long path exploit on NTFS at http://archives.neohapsis.com/archives/bugtraq/2002-01/0380.html. xforce.iss.net /xforce/xfdb/8043   (409 words)

Hackers slam Bugtraq - vnunet.com Initially Vulntraq was to be the name of the list, but reports claim that Bugtraq's lawyers got heavy over the name similarities. Vulnwatch sparked further controversy with its claim that vulnerabilities will be publicised immediately, before vendors have had time to assess the situation prior to public release. Bugtraq is rumoured to notify vendors first and give them reaction time, but it staunchly denies this. www.vnunet.com /vnunet/news/2115611/hackers-slam-bugtraq   (527 words)

ISS X-Force Database: movable-type-comment-xss(12003): Movable Type comment cross-site scripting BugTraq Mailing List, Mon May 12 2003 - 13:26:59 CDT, CSS found in Movable Type at http://archives.neohapsis.com/archives/bugtraq/2003-05/0125.html. BugTraq Mailing List, Mon May 12 2003 - 15:25:36 CDT, Re: CSS found in Movable Type at http://archives.neohapsis.com/archives/bugtraq/2003-05/0128.html. BugTraq Mailing List, Tue May 13 2003 - 08:34:36 CDT, Re: CSS found in Movable Type -- Nope at http://archives.neohapsis.com/archives/bugtraq/2003-05/0135.html. xforce.iss.net /xforce/xfdb/12003   (361 words)

Bugtraq Traq @ Headroom   (Site not responding. Last check: 2007-10-20) BugTraq is a mailing list devoted to open ("full disclosure") discussion of security holes and exploits. Various groups post exploits they've found in software (or sometimes hardware), and most of the major software/hardware vendors post announcements and updates for their own bugs. The BugTraq mailing list is archived in its entirety at http://www.geek-girl.com/bugtraq if you're interested in reading some of the raw material these reports come from. headroom.yak.net /bugtraq   (131 words)

ITworld.com - BugTraq members cited in DoS attack Just how many of BugTraq's 37,000 subscribers were used to mount the DoS attack against Network Associates on Wednesday night or did not discover the code bore a Trojan horse before its true intent was realized is difficult to estimate, said BugTraq moderator and CTO of SecurityFocus.com, Elias Levy. Levy said the BugTraq service will not change any of its moderation policies in light of some of its membership being recruited as "zombies," because trying to validate every incoming message or program for the list would "simply be impossible" for administrators. BugTraq, in operation since 1993, is a popular free discussion forum for Unix-related security holes and risks and other computer security threats. www.itworld.com /Net/1746/itwnews010203bug   (692 words)

ITworld.com - BugTraq members used to launch attack against Network Associates Network Associates' PGP Security business unit played a prominent role in warning companies about the vulnerabilities and urging them to upgrade their systems (see story). Just how many of BugTraq's 37,000 subscribers were used to mount the attack against Network Associates last Wednesday night is hard to estimate, said Elias Levy, BugTraq moderator and chief technology officer at SecurityFocus.com, a San Mateo, Calif.-based Web site that tracks security issues. BugTraq doesn't plan to change any of its policies in the wake of the attack, because trying to validate every incoming message or program would "simply be impossible," Levy said. www.itworld.com /Sec/3833/CWSTO57387/pfindex.html   (420 words)

Reformatting Bugtraq Reports Since Bugtraq is such an important part of a security administrator's watch list, it'll only be a matter of time before you'll want to integrate it more closely with your daily habits Next, the data scraped from the Bugtraq page is stuck into a custom data structure to make accessing it easier for later additions to this hack. Also, a subroutine is added to format the data contained in the data structure to ensure minimal code duplication once we have to format for multiple types of output. www.oreilly.com /pub/h/1005   (531 words)

Techdirt:Symantec Buys SecurityFocus/BugTraq Of course, what will probably happen is that a new independent source for security holes will soon pop up, and BugTraq will lose a lot of its value. Seems like now-a-days, the only folks to be able to post are those from recognizable "hacker" groups or those companies which are in bed with SecurityFocus. Gweed was definately right, bugtraq has become nothing more than a place to show off your security company...Free PR for ISS and companies like that, who can post irresponsible bug reports for the sole purpose of sales, or Gobbles for the sole purpose of histerical and unfactual political rants. www.techdirt.com /articles/20020717/1825218.shtml   (406 words)

BugTraq, @Stake differ on vulnerability reports | The Register Recently, @Stake, which also runs the Hacker News Network Web site, submitted an abbreviated notice to the BugTraq mailing list concerning a security hole in AOL's Instant Messenger (AIM) explaining how a malicious URL can be used to take control of someone else's AIM client and run arbitrary code on their machine. This development comes on the heels of a dispute with Microsoft which told BugTraq that MS security advisories may not be reproduced in whole on the list, citing copyright issues, as we reported here. So we might conclude that BugTraq's perfectly legitimate posting requirements are simply incompatible with @Stake's perfectly legitimate desire to draw Web surfers to their own site to view the material in the format they prefer. www.theregister.co.uk /content/6/15533.html   (1023 words)

Any Response to Bugtraq security report? | Gallery There is a bugtraq vulenerability posted on Brugtraq the recommends not using Gallery 1.3.3 on a shared host web server and is critical to the requirement of turning off safe-mode. Would it be possible for somebody on the Gallery development team to write a 'postive' response to the bugtraq report. Though it would difficult, if not impossible, to write an program that would not allow what was reported it would be good to show that the community is interested in improving and providing as secure a product as possible and is open to discussion. gallery.menalto.com /modules.php?op=modload&name=phpBB_14&file=index&action=viewtopic&topic=3820&3   (523 words)

Microsoft worms its way off bug list - vnunet.com   (Site not responding. Last check: 2007-10-20) Under the original email format, which included full text, Bugtraq was able to redistribute the alerts because Microsoft had sent them to Bugtraq. This solicited an angry response from Microsoft, which told Levy that he did not have permission to redistribute the text, and that doing so would be considered an act of copyright violation. Other Bugtraq recipients have complained that the new format points users to one point of failure, and warned that emails addresses can be spoofed with links provided to a malicious site. www.vnunet.com /vnunet/news/2114253/microsoft-worms-way-bug-list   (516 words)

eWEEK: Symantec Defends BugTraq Symantec Corp. officials are defending their practices for handling postings to the BugTraq mailing list in the face of criticism from an upstart competitor. The way the list is run hasn't changed since Symantec acquired BugTraq's owner, SecurityFocus, last summer, executives say. Officials at the company said last week that they're starting the list because of what they perceive as changes in the way BugTraq has handled notifications in recent months. www.findarticles.com /p/articles/mi_zdewk/is_200304/ai_ziff39793   (387 words)

Slashdot | BugTraq No Longer Able To Publish MS Security UPDATED BugTraq started posting the whole bulletins after Microsoft changed the bulletin format to only contain minimal information and a link to the Microsoft website. What Microsoft is doing is telling Elias (moderator of Bugtraq) that he cannot *change* the content of the original email that the MS security bulletins are sent out in. Bugtraq is a full disclosure list - and this is a definite step away from full disclosure. slashdot.org /articles/00/12/08/1356240.shtml   (4186 words)

Bugtraq   (Site not responding. Last check: 2007-10-20) Bugtraq was created on Friday November 5, 1993 by Scott Chasin, and led to the Full Disclosure movement of vulnerability disclosure. In the beginning, the mailing list was not moderated, however the signal-to-noise ratio became unacceptably bad. In July 1999 Bugtraq moved from Netspace to SecurityFocus. www.worldhistory.com /wiki/B/Bugtraq.htm   (230 words)

Hacker mailing list goes corporate - - MSNBC.com BugTraq, the place where most of the world’s most influential computer hazards are made public, was purchased Wednesday by Symantec Corp. for $75 million cash. FOR YEARS, HACKERS have sought publication on Bugtraq for prestige and attention — and to dress up their resumes, since BugTraq is the computer security world’s equivalent of a professional journal. The group’s value comes in large part from volunteers who agree to publish their cutting-edge findings on the list. msnbc.msn.com /id/3078565   (723 words)

Beat the experts: Hackers infiltrate Bugtraq security list | Tech News on ZDNet "It is possible that whoever sent the thing to Bugtraq used the incident to launch his own attack," he said. Post-attack analysis by both PGP Security and Bugtraq revealed that the exploit code does not actually detect any of the BIND flaws. The only part that seems to work is the assembly code--commands written in a language particular to a certain processor--that performs the attack. news.zdnet.com /2100-9595_22-527820.html?legacy=zdnn   (674 words)

Bugtraq competitor opens its doors to all   (Site not responding. Last check: 2007-10-20) BUGTRAQ HAS DRAWN enough flak over the years to down an entire airforce. A Secunia representative blasted SecurityFocus, the Bugtraq host, saying that it "has failed to be loyal to the people, who served them since 1997 and made them what they were until last year." The advisory set up by Secunia is apparently based on more than 200 different sources, with VulnWatch and Full-Disclosure providing much of the information. www.theinquirer.net /?article=8607   (180 words)

[Exim] Fw: (bugtraq) Exim 3.34 and lower   (Site not responding. Last check: 2007-10-20) On Tue, Feb 19, 2002 at 05:24:46PM +0000, Chris Thompson is thought to have said: > On Fri, 15 Feb 2002 13:26:14 -0500, > "Tabor J. Wells" wrote: > > > I did forward a copy of Philip's response to bugtraq yesterday afternoon > > (EST). > > I only get BUGTRAQ in digest form, but I have to say I haven't yet seen > this, or anything other than Dave Ahmad's original forwarding of the > "2xs security" report last Wednesday. It seems to have disappeared into the ether once it hit securityfocus.com's mail servers. www.exim.org /pipermail/exim-users/Week-of-Mon-20020218/035410.html   (243 words)

ISP-Planet - News - Possible Bugtraq Lawsuit On Tuesday, a member of the Bugtraq mailing list, which boasts upwards of 50,000 subscribers, posted an exploit—developed by TESO—which takes advantage of the vulnerability, despite the fact that the exploit's header forbade distribution of the exploit, and gave mailing lists and Bugtraq in particular as examples. The Bugtraq mailing list is administrated by Elias Levy, who is responsible for approving or disapproving all messages sent to the list. We also have received mails of persons who apparently had the exploit before it was sent to Bugtraq. www.isp-planet.com /news/2001/bugtraq_lawsuit.html   (625 words)

Exchange Security: BugTraq RSS feed   (Site not responding. Last check: 2007-10-20) Personally, I want to see as much data in RSS form as possible, especially for fast-changing or noisy systems like, oh, mailing lists. The fine folks at Djeaux.com have a bunch of feeds, including one they just added for the bugtraq mailing list. There are verbose and brief versions, either one of which will still give you the lowdown. www.e2ksecurity.com /archives/001165.html   (143 words)

Technorati Tag: bugtraq Bugtraq: Call for Papers - DIMVA 2006 SecurityFocus - DIMVA invites three types of submissions: - Full papers of up to 20 pages, presenting novel and... Bugtraq: [ GLSA 200509-17 ] Webmin, Usermin: Remote code execution through PAM authentication SecurityFocus - Background Webmin and Usermin are... This page shows blog posts, photos, and links that have been tagged bugtraq. www.technorati.com /tag/bugtraq   (392 words)

Symantec Defends BugTraq Mailing Policies The way the list is run and when messages are posted hasn't changed at all since Symantec acquired BugTraq's owner, SecurityFocus, last summer, executives say. Wong stressed that the people who run the BugTraq list operate independently of the Symantec corporate structure and handle every message the same way. "BugTraq has been operating this way since 1993, it was that way before they acquired us and it's remained that way since [the acquisition in] August 2002." www.eweek.com /article2/0,1759,1660196,00.asp   (914 words)

Try your search on: Qwika (all wikis)

About us   |   Why use us?   |   Reviews   |   Press   |   Contact us   Copyright © 2005-2007 www.factbites.com Usage implies agreement with terms.