John H. Robinson, IV wrote:
Do you follow BugTraq? VulnDev? Other security-focused mailing lists?
I used to. I gave it up ages ago. Bugtraq especially is very high noise. I don't need to know that blacksingles.com had a XSS vulnerability.
http://tracyreed.org/blog/archive/2006/07/01/bugtraq-is-dead
Systems like LIDS and SELinux go a long way to mitigate. Are you using something like that and know (ie: have extensively tested) that it is set up properly?
LIDS is pretty much dead and has been for a few years. Everyone has moved to SE Linux which works much better. I'm running SE Linux almost everywhere these days. It's worth learning.
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
