Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 7 Mar 2024 22:11:04 +0000
From: Katherine Mcmillan <kmcmi046@...tawa.ca>
To: "solar@...nwall.com" <solar@...nwall.com>
CC: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: help wanted - bring more issues in here

Hello Alexander,

I would be interested in helping with this.  Recently, I have brought a security flaw in the Wacom One driver to different communities' attention (as well as how to overcome it with 'Linux for the Wacom One' substitutions), the AI/LLM ASCII vulnerability here (ArtPrompt): https://medium.com/predict/hacking-chatgpt-the-ascii-art-jailbreak-unveiled-9efb0648cd0f, and the firmware vulnerability here (LogoFail, back in December): https://www.scmagazine.com/news/logofail-vulnerabilities-may-affect-95-of-computers-researchers-say.

I am a big fan of creative exploits and solutions.  I'm more deeply involved with *BSD than Linux.

Thank you for considering,
Katie
________________________________
From: Solar Designer <solar@...nwall.com>
Sent: 07 March 2024 16:56
To: oss-security@...ts.openwall.com <oss-security@...ts.openwall.com>
Subject: [oss-security] help wanted - bring more issues in here

Attention : courriel externe | external email

Hi,

We have this contributing back task not requiring (linux-)distros
membership:

https://oss-security.openwall.org/wiki/mailing-lists/distros#contributing-back

Administrative tasks mostly unrelated to (linux-)distros lists (but
relevant to the wider community)
[...]
3. Monitor for Open Source security issues/topics published elsewhere,
identify which of these would fit, and bring them to oss-security -
primary: Oracle Solaris, backup: vacant

Alan Coopersmith of Oracle Solaris does a good job at this task.  Thank
you, Alan!  However, this task needs more than one person's involvement.
I'd appreciate it if others volunteer for it as well - both a second
distro (as you can see, that spot is now vacant) and anyone else who's
capable and willing to help.

I'd also appreciate volunteers for just the third sub-task.  I happen to
notice many "Open Source security issues/topics published elsewhere" and
"identify which of these would fit", but I rarely have time to write
them up for posting to oss-security.  So if some of you volunteer for
producing proper self-contained oss-security posting out of references
to issues published elsewhere, I could simply be forwarding the links
and raw material to you, for you to process and post.  In some cases,
this can be as simple as extracting a posting from another mailing
list's archive, with proper attribution and including a link too.  In
other cases, it's trickier.  I'll provide initial guidance.  Anyone?

I guess many others in here also often come across more issues suitable
for oss-security, and also don't have time.  So assuming that enough
people volunteer for the third "process and post" sub-task, please feel
free to also volunteer for the first two sub-tasks.

Thanks,

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.