Best of all available security resources.

		    _/_/_/          _/_/          _/_/_/
		   _/    _/      _/    _/      _/
		  _/_/_/        _/    _/        _/_/
		 _/    _/      _/    _/            _/
		_/_/_/          _/_/        _/_/_/

		Best            Of          Security

    "echo subscribe|mail"


   "echo subscribe|mail"

    			  (weekly digest)


    In order to compile the average security administrator, it was found
    that the compiler had to parse a foreboding number of exceptionally
    noisy and semantically devoid data sets.  This typically resulted in
    dramatically high load averages and a frightening increase in core

    Further, the number, names and locations of required datum seem to
    change on an almost daily basis; requiring tedious version control
    on the part of the mental maintainer.


    Best-of-Security is at presently moderated randomly based on a
    cryptographically secure RNG. Bizarre? Sound strange given our
    stated purpose of massive entropy reduction? Because best often
    equates with "vital" and the moderator doesn't have an MDA habit it
    is important that material sent to this list be delivered to its
    subscribers' in as minimal period of time as is (in)humanly
    possible. [ Actually, that isn't the only reason; following the
    Prodigy liability verdict, content-active moderators were found to
    have the legal burdens of regular publishers. BOS gets some dubious
    people posting very interesting things from undisclosed sources.
    -Mod ]

    If you find information from *any* source (including other
    mailinglists, newsgroups, conference notes, papers, etc) that fits
    into one of the acceptable categories described at the end of this
    document then you should *immediately* send it to
    "". Do not try and predict whether or
    not someone else will send the item in question to the list in the
    immediate future. Unless your on a time-delayed mail vector such as
    polled uucp or the item has already appeared on best-of-security,
    mail the info to the list!  Even if it is a widely deployed piece of
    information such as a CERT advisory the proceeding argument still
    applies. If the information hasn't appeared on this list yet, then
    SEND IT.  It is far better to run the risk of minor duplication in
    exchange for having the information out where it is needed than act
    conservatively about occasional doubling up on content.

    We do, of course take original posts. In the famous last words of
    Marylin Munroe, CORE Digest and Joachim Kroll: "meat, we want meat".

    Consult the below lists for what we will and will not accept. 

WILL WILL WILL WILL                             WONT WONT WONT WONT
-------------------				-------------------
8lgm, cert, ciac, dod and other                 Any flames.
non-vendor advisories.			 	Any questions.
Vendor advisories of security			Any rumors.
weaknesses in own or other products.		Sigs with >2 lines of
Vendor new security-product line		commercial information.
release or MAJOR upgrade.			Minor upgrade information.
Fully disclosed security weaknesses.		"there is a hole in X"
Exploitation details.				Any advertising.
Exploitation code.				Subscription, unsubscription or
Patch code.                                     mailing list queries.
Patch announcements.				Any requests.
Hard to obtain or otherwise occulted		Vague or incomprehensible
source code or uuencoded executables.           statements of dysfuctional
Conference announcements.			persons.
Security tools.					Opinionated rantings such as
Blond jokes.					those on the ethics of full
NEW or hard to obtain security                  disclosure or computer hackers.
documents (ascii), or pointers to               Quotes from the Uliad.
the location of such documents/papers.		Old or otherwise well known
Announcements of new security archives		information or pointers to
or mailinglists.				that information.
Human language translations of the above. 	Messages under 700 bytes.


Send mail to:
or (digest)

with the subject or body of:



Send mail to:
or (digest)

with the subject or body:



To send a message to the list, address it to:


Back issues of best-of-security digest are available from:

You can also instruct the mailing list processor to automatically scan and
retrive messages from the archive. It understands the following commands:

	get filename ...
	ls directory ...
	egrep case_insensitive_regular_expression filename ...
	maxfiles nnn

	Aliases for 'get': send, sendme, getme, gimme, retrieve, mail
	Aliases for 'ls': dir, directory, list, show
	Aliases for 'egrep': search, grep, fgrep, find

	Lines starting with a '#' are ignored.
	Multiple commands per mail are allowed.
	Setting maxfiles to zero will remove the limit (to protect you against
	yourself no more than maxfiles files will be returned per request).
	Egrep supports most common flags.

	ls latest (the latest directory containes the archived messages)
	get latest/12
	egrep some.word latest/*


The list processor software is based on the excellent Procmail/Smartlist
by Stephen R. van den Berg  with
some minor extensions by Julian Assange .

"I mean, after all;  you have to consider we're only made out of dust.  That's
 admittedly not  much  to  go  on  and  we  shouldn't  forget  that.  But even
 considering, I mean it's sort of a bad beginning, we're not doing too bad. So
 I personally have faith that even in this lousy situation we're faced with we
 can make it. You get me?" - Leo Burlero/PKD
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
| | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |