Title: Shake Communications
Type: Exploit/Bug/Vulnerability Database
URL: www.shake.net
Who: Simon Johnson <simon.johnson@shake.net>
Date: 4/3/98
>From the page:
The Vulnerabilities Database enables you to secure your hardware and
software with the minimum of time, money and effort.
Updated daily, the Vulnerabilities Database contains over 3,000
vulnerabilities in all commonly used operating systems, hardware, software
and languages, plus links to patches and fixes. A one-page outline
describes each vulnerability and its fix or patch (where available). Only
the hole and the fix are described. (How hackers exploit the hole is not
disclosed for security reasons).
By monitoring the Database each day you will know what vulnerabilities
exist in the hardware and software you run... and how to fix them.
Sample entry:
Risk Category: HIGH
Description: A vulnerability exists in Microsoft's extensions to Java,
including Java Script. The security hole exists even if users
have activated the highest security level in their browser.
Impact: It is possible for an unauthorised person to obtain the contents
of any files on the (legitimate) user's local computer or
network (including files on the corporate intranet).
Systems Include: Microsoft Internet Explorer 4.0
Solution: Obtain the patch at http://www.microsoft...
Acknowledgments: Shake Communications Pty Ltd acknowledges Ralf Hueskes
of Jabadoo Communications for reporting this
vulnerability.
Further Reading: n/a
Reported: n/a
Updated: n/a
Moderator's Comments: This review has been several days in the making.
After a few inital posts to ISN, Simon Johnson of Shake Communications
contacted me and we have had a long thread about his database. While not a
public DB, I do want to at least mention this one for the corporate
subscribers to the list.
A few things I have ascertained after talking with Simon: His database has
been developed since 1989 roughly, in which he has added any vulnerability
for any platform he has run across. The 3000 figure is an estimate, and
can't be pinpointed any more this moment, but he and others are currently
doing an audit of the DB weeding out duplicate entries. After that is
done, he will be submitting the DB to an outside source for a second audit
and "sanity check" of sorts.
He also mentioned that he was working on putting a few more samples up on
the site to give potential subscribers a better idea of what is
represented in the database.
As for numbers, he told me that after the recent work on the NT section,
their DB contained roughly 105 known vulnerabilities or exploits for that
area.
At last email, Shake Communications is not prepared to commit to an exact
number of exploits until the completion of an in-house audit. Simon
Johnson has personally gone through over 1,200 of the vulnerabilities and
verified them.
If indeed, his DB has evern 2/3rds of what is estimated, it would be the
largest bug/vulnerability database I have seen in my travels. If any ISN
member is a subscriber to this database, I would love to hear feedback on
the population, content, and organization of the shake.net database.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated
Received on Sat Apr 4 20:10:17 1998