Ask HN: Where I can find the latest security exploits?

5 points by Mafana0 ↗ HN
What are the best security sites that lists systems security exploits?

Thanks?

9 comments

[ 3.4 ms ] story [ 34.6 ms ] thread
Wrong sort of hacker. We build stuff people want, not break it.
I was unable to understand "secure coding practices" (beyond buffer overflows and sql escaping anyway) until I started examining real exploits to understand them. Why do you assume that the OP wants only to break things?
Why do you assume that the OP wants only to break things?

Because he's new here, and when new people wander in here looking for security vulnerabilities, it's usually because they've misunderstood what the site is about.

Also, he specifically asked for the latest security exploits -- if your goal is to learn rather than attack, it doesn't matter if a vulnerability has been fixed already. (In fact, it's better if it has, since that way you can see both how the attack works and how to prevent it.)

I don't consider myself "new" here, I've been reading the discussions here for months, and I do understand what the site is all about. I do understand that "HN" isn't about breaking systems, which I'm not trying to do.

Have asked about the "latest" security exploits, I'm not trying to "attack", I just want to know "modern" security exploits I can try on my own system. I'll appreciate it if you tell me about new security exploits along with their fixes.

Thanks and sorry again for the inconvenience.

Does HN get a lot of these types of posts?

I'm actually surprised that I haven't seen more of it, but maybe they're just getting flagged\killed early.

I think I've seen a dozen or more over the past couple of years. Enough that it's a persistant irritant, but not so much to make it a major problem.
I'm not looking for info to break systems, I'm just trying to learn the potential exploits to protect my own software, by learning the best security practices.

Sorry if the question isn't very convenient here...

Bugtraq and vuln-dev for the more whitehat side, irc and zeroday forums (often invite only) for the blackhat side.