CXsecurity with Maksymilian Arciemowicz
Summary:
In this episode, we talk with Maksymilian Arciemowicz, security research
that has found bugs in a large chunk of systems, active in the security field
since 2005. He is the founder and maintainer of cxsecurity which is a website
that index and host security vulnerabilities for everyone.
Join us as we walk throw the jungles of the security field for the last 15 years and a lot more:
https://anchor.fm/firo-solutions/episodes/CXsecurity-with-Maksymilian-Arciemowicz-ekqgqr
Cxsecurity is home to a lot of exploits and security research, in this episode
we get to hear the story of how it got created by its founder Maksymilian!
In nature, the power lays in the entity with the most muscles but on
the internet, the power is in the person with the most knowledge, the power comes
from the intellect. Whoever comes up with new ideas and is able to prove it wins
the intellectual battle, Maksymilian explains.
When people think about security on the internet a name that comes by often is milw0rm
which was the first website that published security research publicly.
This was huge, because if you wanted to read security research you have to
become part of a commuinty be invited to a private forum or a close group of individuals.
The information was very private. So milw0rm opened the gates to public security research
for everyone in 2004.
One of these types of communities is a mailing list called bugtraq.
Maksymilian learned how to find security bugs thanks to that mailing list and
soon after finding his first couple of bugs he teamed up with a friend to start a
website called securityreason.com. SecurityReason took the security research from the mailing list
and displayed it in a nice web interface.
The two founders wanted to go different ways, Maksymilian wanted the research to stay open and not
commercialize on it.
The website got shutdown and Maksymilian forked it into a new better version called cxsecurity.com!
Since 2005 Maksymilian has been able to find security holes in:
* IPFilter in openbsd, which was used before they switched to
* Freebsd
* Magento
* Mac osx
* phpmyadmin
* PHP
* NetBSD
* Vsftpd
* apache
* Solaris
* Thunderbird
* Opera
* libc
And a lot more!
We are super happy to have a true hacker spirit with us in this episode
on Security Headlines!
In this episode, we cover topics such as:
How the security landscape has changed since 2005 and how easy it was
to hack back then.
Using regular expressions to make security research better and faster!
How to submit security exploits to software vendors.
CVE, lack of description
Stories from the heart of the security scene
Suricata and Artificial Intelligence
How to protect your systems.
Development and a lot more!
static code analyzer, he has written his own static code analyzer for PHP.
We of course sidetrack a bit into OpenBSD and when a person such as Maksymilian says:
OpenBSD is the most secure operating system in the world
We can just smile :)
External links:
https://cifrex.org
https://cxsecurity.com
https://cxib.net
https://www.exploit-db.com/history
https://packetstormsecurity.com/files/authors/3972/page1/
https://web.archive.org/web/20060101000000*/securityreason.com
https://en.wikipedia.org/wiki/Bugtraq
https://regex101.com
