Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aleph1 Passes The Bugtraq Baton

Posted by timothy on from the or-is-that-a-swatter dept.

Rogue_F writes: "The long running security mailing list Bugtraq is getting a new moderator. Elias Levy (the real name of the familiar Aleph1) has decided to move on to other things. For nearly six years he has been moderating bugtraq with a high degree of success. No one doubts the usefulness of bugtraq, but many people probably dont appreciate what a 'clean' list it is. No spam, no flames, no relgious security wars, instead you get good wholesome security information. Aleph1 details in this message that he is moving on to other security projects and that David Ahmad is taking over moderation duties. Bugtraq continues to churn out quality security information on a daily basis, and it looks like it will continue to do so for quite some time to come." List moderators and maintainers seem universally denied their due credit -- people like Zack Brown (of Kernel Traffic fame) end up getting noticed only when --infrequently -- they go on vacation.

20 of 69 comments (clear)

  1. Good to see ... by aliebrah · · Score: 2, Redundant

    It's good to see that someone is getting credit where it is due, especially since he has such a low profile job. Important, but low profile.

  2. An interview with Elias Levy by Black+Acid · · Score: 5, Interesting
    Now that Elias Levy has moved on it may be interesting to read an interview done by UnderLinux. Aleph1 explains his philosophy behind security - recommended reading for anyone interested. Levy is wise enough not to take sides on whether GNU/Linux or OpenBSD are secure. Here's a good quote:
    UnderLinux: One time surfing on the web I see this phrase : "Wanna defeat hackers..think like a hacker.. work like a security expert". What you think about this ?
    Aleph1 : A cliche, but a valid one. When creating defensive security technologies you must test them by attempting to defeat them before others do. Therefore you do not only require a defensive mindset but also an offensive one. Not only that but you must be better and more through than the ones you are defensing from. As a defender you must find and fix all possible avenues of attack. As an attacker you must only find and exploit one.

    This guy is brilliant. Hopefully the new moderators will be able to live up to Elis Levy's wisdom.
    --
    Tired of free ipod spam sigs? Opt ou
  3. Hmm, does he have a nick name yet? by Anonymous Coward · · Score: 2, Funny

    Because I'm thinking that 'aleph2' has a nice ring to it... :)

  4. Aleph1 will be missed by at least me. by GoNINzo · · Score: 5, Insightful
    I've been reading BugTraQ for years, and Elias has done a fantastic job running it. I've been impressed by the sheer amount of mail he's been able to manage, going through several different mass mailers. and the signal to noise ratio has been one of the highest on the internet for security related information. He was quick to admit when the mailers had issues, he was quick to compile data for massive attacks that were immediately ongoing, he would always keep us informed, and most importantly, he rarely let the traffic slow.

    The 'usual discussions' were sometimes let through, but Elias never let them go on too long. The spam was almost non-existant. And anytime I had a problem with recieving items from the mailing lists, he was always quick to fix them.

    Aleph1's contribution to the security community has been sizable, and he shall be remembered. Even if only for future "gR33+5 +0 4l3ph1!!" in exploit code to come.

    Thank you for contributing your time and energy herding 50,000 cats at the same time. Some of us appreciate it a great deal.

    (Not to downplay david's already noticable contribution of course. `8r) )

    --
    Gonzo Granzeau
    "Nothing the god of biomechanics wouldn't let you into heaven for.." -Roy Batty
  5. A Quick Thanks by RWarrior(fobw) · · Score: 3, Insightful

    I for one owe Mr. Levy a tremendous debt of gratitude for his service at BugTraq. It has provided me, my students, and my professional colleagues a tremendous resource for research (via the archives) as well as virtually real-time vulnerability notification. Together with NTBugTraq, it provides a tremendous resource for the white hat community, without the fluff, spam, flames and noise of unmoderated lists and newsgroups.

    The hard moditorial work done by Mr. Levy is what makes BugTraq the useful tool that it is.

    While I have no doubt that Mr. Ahmad will serve the community in an excellent fashion, Mr. Levy will be a really hard act to follow, and I for one will miss his unseen hand.

    --
    Remove the caps and hold to a mirror.
  6. Re:Good Riddance by GoNINzo · · Score: 2
    what's your definition of 'never'? `8rP

    I don't think the 'anti-openbsd' stance was one that aleph1 maintained, but more one of the community as a whole, only because the sheer amount of activity on other OS's.

    and yes, if you attempt to prove that there is an unhackable OS, sorry you're going to get slashed up and down. `8r)

    --
    Gonzo Granzeau
    "Nothing the god of biomechanics wouldn't let you into heaven for.." -Roy Batty
  7. Re:Good Riddance by CodeMonky · · Score: 2, Troll

    1) OpenBSD hasn't been remotely hacked. There have been local exploits (hence "Four years without a remote hole in the default install!"
    and not "Four years without a hole in the default install!").
    2) Theo deserves a little smacking when he missteps. Thats not to say he hasn't done a great job and I think he and the openbsd team have done a wonderufl job and I enjoy using obsd. However when one has the attitude that Theo has I can't help but think he deserves a little smack when something is wrong (as does anyone who thinks their shit don't stink).

    --
    --"Karma is justice without the satisfaction"
  8. Interview with Elias Levy (Alpeh1) by seifried · · Score: 4, Informative

    Interview with Elias Levy (Alpeh1)

    Bugtraq is probably the best security mailing list around. However while the quasi-founder (technically Aleph1 didn't start Bugtraq as I was surprised to find out) is quite prominent online I wasn't able to find any detailed information about him or Bugtraq (except for one old interview). So here for you to enjoy is an interview with Aleph1.

    Kurt: Where does the name Aleph1 come from?

    Elias: Its comes from transfinite mathematics. There exists many "infinite" numbers or sets. The first infinite number is small omega or alef null. It is also called countable infinity. Many infinite sets can be mapped one-to-one with each other. For example, the set of all natural numbers can be mapped one-to-one with the set of odd natural numbers. Yet one is a subset of the other. Both these sets are said to have a cardinality of alef null. Alef One is the first cardinal number after alef null (i.e. the first set that cannot be mapped one-to-one to a set of cardinality alef null).

    Click here (http://www.seifried.org/security/articles/2001101 5-elias-levy-interview.html) for more.

  9. Unbiased? Impossible. by morven2 · · Score: 2, Insightful

    The very function of a moderator is bias. A moderator must make value judgments about what should be on the list and what should not be.

    What I think you mean by 'unbiased' is 'without biases I don't like'.

  10. Alfred Huger is leaving the incidents list too by Akatosh · · Score: 2, Interesting

    Alfred Huger is leaving the security focus incidents list. Kind odd that they all quit at once.

    1. Re:Alfred Huger is leaving the incidents list too by seifried · · Score: 2, Informative

      Yes, so he can run the business side of ARIS and their other products. They are not "quiting", they are simply not working on the free side of securityfocus anymore (imagine that, a .com company that places a degree of importance on making money).

    2. Re:Alfred Huger is leaving the incidents list too by ryanr · · Score: 2

      Just to clarify...

      Elias and Al have turned the reins for a couple of their lists over to other SecurityFocus employees. Dave, Jensenne, and Mario are all very capable moderators. Your note makes it sound vaguely like we're abandoning our free services, we're not. All of us spend some time working on the free stuff as part of our jobs. That's one of the great things about working here.

  11. Hey, so what happens... by Nick+Mitchell · · Score: 2, Funny

    when the Levy breaks?

  12. Good luck Aleph1 by merc · · Score: 2, Insightful

    First I'd like to state that Aleph1 did a terrific job, and also the community should thank Security Focus, and Alfred Huger for their support of BT over the last couple years. Without their support it's hard to know where BT would be today.

    Secondly I think it would be interesting if Slashdot could do an interview with Scott Chasin, aka Doc Holiday, the original founder of BugTraq. There are some of us who still remember when BT started and are interested in reliving the motivations behind it's inception.

    Lastly, I'd like to say that certain comments made at Blackhat this year were quite inappropriate, (regarding BugTraq). It's unfortunate what damage (unnamed) small-minded members of the community can have -- for a service that has been free, useful, and especially today, increasingly important.

    --
    It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
  13. Elias Levy, Tarot, and Occultism by dido · · Score: 2

    Well, if that's his real name, it sounds to me like the name of the famous occultist Éliphas Lévi, (1810-1875), or Alphonse-Louis Constant, who was well known for his works on occultism, notably on the Tarot, and association with Freemasonry and Rosicrucian thought. "Aleph One" is a particularly apt handle for someone with that name, as Éliphas Lévi used the Hebrew letter "Aleph" to denote the first Tarot card, the Magician, in his Cabalistic studies of the cards. I dunno, perhaps his name was just a coincidence, and he got the Aleph One handle from there.

    --
    Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
  14. Running a Mailing List is Hard Work... by Black+Art · · Score: 4, Interesting

    Having run about 18+ mailing lists (all at the same time), I know just how much work it is. (One of those lists was very heavy traffic.)

    Not only do you have to deal with keeping things on traq, but you have to deal with all the other problems that people never see.

    * Bounced mail when people drop their e-mail accounts. (And it is even more fun when it turns out to be forwarded from some other account.)

    * Dealing with clueless users who accuse your domain of being a spam service when some piece of spam gets past your filters. (And informs your ISP and his ISP and you get to spend a few days digging out the mess.)

    * People who are too clueless to figure out how to unsubscribe.

    * Admins who are too clueless to figure out how to unsubscribe a user, but are clued enough to find your home phone number and call you demanding that you unsubscribe them.

    * People who were subscribed by someone else and have no clue what a mailing list even is...

    * Running Linux out of file handles. (It was an old kernel.)

    * Dealing with all the complaints when the system melts, the system gets moved, things get weird with the system clock and/or plain demonic possession.

    And all sorts of other things that ate at my insides.

    And you get little or no thanks for any of it.

    --
    "Trademarks are the heraldry of the new feudalism."
  15. Aleph1 and Levy? by einhverfr · · Score: 2

    OK. Here is what I am wondering? What is the significance of the nickname "Aleph1?"

    Is it a reference to Eliphas Levy, the 19th century ceremonial magician whose name seems a lot like Elias Levy? After all Levy was quite into the ritual aspects of the Hebrew alphabet from a Hermetic point of view, and the first letter of that writing system was "Aleph" meaning "Ox" and associated, in the Sepher Ytzirah with Air and moderation between extremes (summer/winter, heaven/earth, fire/water) embodied in the other mother letters of Mem ("Water") and Shin ("Tooth").

    It is kinda interesting to see the Hermetic and Computer worlds collide occasionally. Better get back to summoning those daemons....

    --

    LedgerSMB: Open source Accounting/ERP
    1. Re:Aleph1 and Levy? by Sheridan · · Score: 3, Informative
      Aleph One (Aleph1) is math-speak for an uncountable infinity i.e. one that can't be mapped one-to-one to the set of natural numbers. (Also known as the second transfinite cardinal).

      A countable infinity (e.g. the set of natural numbers) is given the name Aleph Null (or Aleph0).

      One reference is at http://mathforum.org/dr.math/problems/simakovsky10 .28.97.html

      This does not, of course, get us much closer as it still doesn't explain why Elias should choose to be uncountably infinite although Second Transfinite Cardinal has a kind of a cool pseudo-ecclesiastical ring to it.

    2. Re:Aleph1 and Levy? by Stonehead · · Score: 2

      Many people know the handle "Aleph1" because he wrote the famous article Smashing The Stack For Fun And Profit under that nickname. That article explains very well how to exploit buffer overflows.

  16. Re:can you say, plagerism? by ryanr · · Score: 2

    You mean like this message to bugtraq

    Yes, that's the one. It's a special thing we do with posts from time-to-time, we call it a "summary". It's when the moderator takes the time out of his day to collect a bunch of e-mail on a subject, tracks who gets credit, and puts them into a single e-mail for the sake of brevity. The alternative is to let through 20 individual e-mails that have massively quoted previous mails, etc..