To all who should be concerned:
Due to the controversy of posting code containing the exploit of the new
sendmail bug to the firewalls list, I have started a new list that is for
the *detailed* discussion of security holes: what they are, how to exploit,
and what to do to fix them.
Past lists and digests that were created in this category (Security, Core,
Zardoz, etc) gave explicit details on how to exploit the holes as well as fast
workarounds. They also tried to make the list private, only allowing those
who could prove their positions of worth access to the list.
The discussions on previous lists were top caliber-- and that is is
the intention of this list-- to have a no-nonsense list of people who
are interested in addressing current security concerns.
This list is not intended to be about cracking systems or exploiting them.
It is about defining, recognizing, and preventing use of security holes and
risks. It's open to the public. Anyone may subscribe and contribute to the
com -- Subscription address
(In the subject field, "subscribe");
com -- List reflector address