Across the Internet, there are certain sites that both security professionals and hackers themselves use to get information about vulnerabilities.
Some of these places may be forums, others may be blogs.
Secrets Must Be Kept
Most hackers like to stick to their inner circle when it comes to certain exploit secrets.
They do not want the word to get out about it.
If everyone were to find out about their exploit then a patch would be made soon after that.
And if you are a black hat hacker, the last thing that you want to see is a patch that is available for your exploit.
But of course once you tell one person, the secret will be leaked.
Security sites like these are the recipients of these leaks.
Other contributors to these types of sites may include white hat hackers that love to search for vulnerabilities and report it.
Security sites that list this type of information, not only make it easy for other bad guys to find an exploit to use but also make it easier for a user of a particular piece software to be aware of that vulnerability.
These types of sites usually aggregate security information about popular software products that are available.
One of the leaders in this area is the site called Milw0rm.com.
(That is a zero and not the letter “O” in the name).
This site is one of the most famous sites of it’s type.
It gives you information about the software that was attacked, the type of attack it was, a code demonstration of the attack and how to avoid the attack on your own system.
This information can be invaluable to someone who knows what the technical jargon means.
That is also the one downfall to this site.
It will not help the average person and their security needs.
The best information an average person can pull away from the site, is if the piece of software that they are using, has a security hole in it.
If you do not understand programming and especially assembly language, then there is not much that you can do with a site of this type.
If you do understand the code and what it is doing, the site can be fascinating.
People who like to dig down deep into the guts of the code on their system, will love to see how the vulnerabilities are dissected on the site.
You are able to see first hand how real life exploits are done.
Even if you are a seasoned programmer, looking at how some of these exploits are created will help you in your own work.
It will help you not to make the same mistakes of others who have come before you.
Milw0rm.com can be a great place to get security information about your product.
Even if you are not actively able to do something about it, you can see if the software that you use for business or personal purposes is on the list.
If it is, you can question the company that you bought the software from and ask what are they doing to fix the problem.