I don't think I've mentioned this publically before, but I found a security hole in OpenBSD in 1999. Ok, so it wasn't in the security-focused OS, but just in their infrastructure.

I don't think I've mentioned this publically before, but I found a security hole in OpenBSD in 1999. Ok, so it wasn't in the security-focused OS, but just in their infrastructure.

Fixing this kind of security hole is not necessarily easy, because we use HTTP libraries, often via an API library, which may not give much control over following redirects.

An exploit for an old security hole in perl. In 3 lines. This was intended to advertise the hole, which people were being a bit slow to fix.

I stress that I have not found such a security hole, I'm only considering what the worst case possibilities are. I think we need to fully consider them in order to decide how to fully wrap up this mess.

Find security hole in kernel. Send Linus a pull request for a fix, quietly At a later date, replace the commit with the colliding one you generated at the same time you generated the original fix. The colliding …

A lot of this is due to a few massive security hole sources such as ethereal and the linux kernel, for which it's been difficult to get security fixes backported, autobuilt on all arches (t-p-u still has some …

Including a security hole in the proof chain design, that I realized it had when thinking about what happens with multiple people are connected to a debug-me session who are all typing at once.

At least my local hospital has a simple social engineering security hole that could allow an attacker to be treated without ever being billed. No CVE ID has been assigned, and this hole has not been …

I stress that I have not found such a security hole, I'm only considering what the worst case possibilities are. I think we need to fully consider them in order to decide how to fully wrap up this mess.