I was unable to understand "secure coding practices" (beyond buffer overflows and sql escaping anyway) until I started examining real exploits to understand them. Why do you assume that the OP wants only to break things?
Why do you assume that the OP wants only to break things?
Because he's new here, and when new people wander in here looking for security vulnerabilities, it's usually because they've misunderstood what the site is about.
Also, he specifically asked for the latest security exploits -- if your goal is to learn rather than attack, it doesn't matter if a vulnerability has been fixed already. (In fact, it's better if it has, since that way you can see both how the attack works and how to prevent it.)
I don't consider myself "new" here, I've been reading the discussions here for months, and I do understand what the site is all about. I do understand that "HN" isn't about breaking systems, which I'm not trying to do.
Have asked about the "latest" security exploits, I'm not trying to "attack", I just want to know "modern" security exploits I can try on my own system. I'll appreciate it if you tell me about new security exploits along with their fixes.
I'm not looking for info to break systems, I'm just trying to learn the potential exploits to protect my own software, by learning the best security practices.
Sorry if the question isn't very convenient here...
9 comments
[ 3.4 ms ] story [ 34.6 ms ] threadBecause he's new here, and when new people wander in here looking for security vulnerabilities, it's usually because they've misunderstood what the site is about.
Also, he specifically asked for the latest security exploits -- if your goal is to learn rather than attack, it doesn't matter if a vulnerability has been fixed already. (In fact, it's better if it has, since that way you can see both how the attack works and how to prevent it.)
Have asked about the "latest" security exploits, I'm not trying to "attack", I just want to know "modern" security exploits I can try on my own system. I'll appreciate it if you tell me about new security exploits along with their fixes.
Thanks and sorry again for the inconvenience.
I'm actually surprised that I haven't seen more of it, but maybe they're just getting flagged\killed early.
Sorry if the question isn't very convenient here...
http://www.google.com
http://www.securityfocus.com/archive/1
http://cve.mitre.org/