Most of them are discovered by people playing around with objdump, digging through the assembly code and looking for oddities, then the exploits are generally developed with the metasploit library. You really have to be able to read 64-bit assembly to do this.

If you really want to know how a lot of exploits are found and developed, there's a great book out there called "hacking the art of exploitation" by Jon Erikson.

As for why they're coming at us faster, I blame android for making Linux a more tempting target.

On Thu, Jan 29, 2015 at 7:30 AM, Keith Smith <techlists@phpcoderusa.com> wrote:

Seems these vulnerabilities are coming at us at a faster rate... or maybe I am just paying more attention. I wonder how they find these.

On 2015-01-28 09:21, Lyle Tuttle wrote:

https://gigaom.com/2015/01/28/severe-ghost-flaw-leaves-linux-systems-vulnerable-to-takeover/

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

--
Keith Smith

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

Todd Millecam