Attacker Resources on ZDNet

ZDNet Dictionary Definition

Attacker: A person or other entity such as a computer program that attempts to cause harm to an information system; for example, by unauthorized access or denial of service. Human...; Full Attacker Definition >>

ZDNet Resources

Microsoft patches Vista, Windows Server 2008, IE: Microsoft delivered 10 patches including six critical ones on Tuesday. Among the critical patches for Vista, Windows Server 2008 and Internet Explorer. Critical patches by the CVEs: CVE-2008-0083: Covers Windows Vista and Windows Server 2008. Microsoft says: "A remote code execution vulnerability...; Tags: Web, Attacker, Microsoft Windows Server, Vulnerability, Microsoft Internet Explorer, Microsoft Corp., Microsoft Windows Server 2008, Microsoft Windows, Security, Operating Systems, Software, Larry Dignan; Blog posts 2008-04-08
Security: Lintel vs Wintel: In the PC community "security" just means defending against attacks aimed at destroying or misusing all or part of a computer system. In that context most of the complexities associated with trying to decide whether wintel or lintel will expose you to less security risk arise from the absense of...; Tags: Wintel, Attacker, Vulnerability, Flaw, National Vulnerability Database, Petreley, Security, Paul Murphy; Blog posts 2008-03-24
Defeating the Same Origin Policy part 1: The Same Origin Policy is one of the guiding principles that seek to protect our browsing experience. The Same Origin Policy was originally released with Netscape Navigator 2.0 and has been incorporated in one form or another in every major browser since. The concept has additionally been extended...; Tags: Concept, Attacker, Java, Victim, Applet, Attack, Same Origin Policy, Nathan McFeters; Blog posts 2008-03-14
IE 8: Cross scripting defense a double-edged sword: Update: As most of the tech world knows, IE 8 has landed with its first beta, but the security improvements may raise some other issues to ponder. Folks--especially security researchers--are kicking the tires on IE 8 (all resources) and finding a few problems that go along with...; Tags: Attacker, Websense Inc., Microsoft Internet Explorer, Web Browsers, Security, Internet, Larry Dignan; Blog posts 2008-03-13
Adobe warns of Flash Media Server, Connect Enterprise Server vulnerabilities: Adobe has delivered three new bulletins warning about a critical code injection vulnerability that could allow an attacker to take over a system. The two primary platforms affected--Flash Media Server 2.0.4 and Adobe Connect Enterprise Server--are enterprise applications. As Adobe increasingly becomes a Webtop standard via Flash,...; Tags: Adobe Systems Inc., Attacker, Media Server, Vulnerability, Enterprise Server, Server, Security, Larry Dignan; Blog posts 2008-02-14

Mozilla confirms Firefox proof of concept information leak vulnerability: Mozilla's security chief Window Snyder has confirmed a proof of concept information leak flaw in Firefox--even fully patched versions. Snyder confirmed the issue in a blog post. The proof of concept vulnerability was highlighted by researcher Gerry Eisenhaur on Jan. 19. In a nutshell, Firefox leaks information...; Tags: Mozilla Firefox, Attacker, Vulnerability, Mozilla Corp., Window Snyder, Web Browsers, Security, Internet, Larry Dignan; Blog posts 2008-01-23
Microsoft confirms Excel flaw; outlines defense: The Microsoft Security Response Center has confirmed ongoing attacks against Excel and is recommending that users either run files through a tool that strips out exploit code or block Office 2003 and earlier formats except for those from trusted locations. In its advisory MSRC late Tuesday said:...; Tags: Attacker, Microsoft Security Response Center, Vulnerability, Microsoft Corp., Flaw, Microsoft Excel, Microsoft Office, Security, Office Suites, Software, Larry Dignan; Blog posts 2008-01-16
Symantec: Trojan has 400 banks on its hitlist: A Trojan dubbed Silentbanker targets more than 400 banks including the household names in the U.S. and other financial institutions abroad and hangs in the background to intercept transactions with two-factor authentication, according to researchers at Symantec. In a day full of the usual Trojan attacks (they...; Tags: Bank, Symantec Corp., Attacker, Trojan Horse, Spyware, Spyware, Adware & Malware, Security, Viruses And Worms, Larry Dignan; Blog posts 2008-01-14
Invisible Attackers: Stop the Bot: Massive distributed-denial-of-service (DDoS) and phishing attacks get the headlines, but invisible attackers pose a far more common threat to your network. This 60-minute TechWiseTV video on demand from Cisco will show you how botnets work, how attackers hide in plain sight, and how to flush them out. You will discover...; Tags: Attacker, Bot, Cisco Systems Inc., TechWiseTV, Security; Webcasts 2008-01-10
Researcher: Firefox vulnerable to ID spoofing: Firefox 2.0 has a vulnerability that can leave its users susceptible to an identity theft attack, according to Aviv Raff, a security researcher based in Israel. Raff outlined a bug in Firefox that allows spoofing and enables an attacker "to conduct phishing attacks, by tricking the user...; Tags: Mozilla Firefox, Attacker, Mozilla Firefox 2.0, Authentication, Web Browsers, Security, Internet, Larry Dignan; Blog posts 2008-01-03
IE gets security makeover in Patch Tuesday batch: Microsoft's final batch of patches for 2007 has been released to cover at least 11 security vulnerabilities that put millions of users at risk of remote code execution attacks. The December updates includes a "critical" bulletin with patches for at least four flaws affecting Internet Explorer and...; Tags: Windows Media, Attacker, Vulnerability, Microsoft Internet Explorer, Microsoft Corp., Bulletin, December Update, Microsoft Windows, Operating Systems, Digital Music, Digital Media, Security, Software, Personal Technology, Consumer Electronics, Ryan Naraine; Blog posts 2007-12-11
QuickTime hack allows Second Life currency theft: Security researchers Dino Dai Zovi and Charlie Miller have found a way to exploit an unpatched QuickTime vulnerability to steal Linden Dollars from users in the Second Life virtual world. Dai Zovi (the hacker behind the CanSecWest MacBook Pro hijack) and Miller (creator of the first...; Tags: Second Life, Attacker, Apple QuickTime, Avatar, Video, Duo, Digital Music, Corporate Communications, Digital Media, Security, Personal Technology, Marketing, Consumer Electronics, Ryan Naraine; Blog posts 2007-12-04
Finding and exploiting holes in software features: * Ryan Naraine is on vacation. Guest Editorial by Nate McFeters With the holiday season fast approaching, and being so in the spirit of giving, I thought I'd compile a list of the top features that led to security...; Tags: Software, Google Inc., Attacker, XSS, Trillian, Google Picasa, URI, Security, Ryan Naraine; Blog posts 2007-11-23
Belated Firefox patch coming for (another) protocol handling bug: Mozilla security chief Window Snyder says the "jar:" protocol handler issue that currently haunts Firefox will be fixed very soon in the next refresh of the browser. The problem (see previous coverage) is that Firefox's "jar:" protocol handler does not validate the MIME type of the contents...; Tags: Mozilla Firefox, Attacker, Site, Web Browsers, Security, Internet, Ryan Naraine; Blog posts 2007-11-16
Auctioneer hyping sale of 'ravaging' ClamAV vulnerability: The WabiSabiLabi vulnerability auction house is hyping the sale of a potentially nasty remote code execution flaw in ClamAV, the popular open-source anti-virus toolkit recently acquired by Sourcefire. WabiSabiLabi, which positions itself as the eBay of software vulnerabilities, said the flaw can be exploited by simply sending...; Tags: Attacker, Antivirus, Vulnerability, Flaw, ClamAV, Security, Viruses And Worms, Ryan Naraine; Blog posts 2007-11-16
Apple nukes QuickTime for Java, plugs more code execution holes: Less than a week after its QuickTime media player made the top-ten list of most vulnerable Windows applications, Apple shipped QuickTime 7.3 to patch a total of at least seven vulnerabilities that could lead to code execution attacks. The update, available for both Mac and Windows (XP...; Tags: Attacker, Apple QuickTime, Java, Movie, Apple Inc., Buffer-overflow, Application Termination, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Ryan Naraine; Blog posts 2007-11-05
IE users beware: RealPlayer zero-day flaw under attack: (See updates below with confirmation from RealNetworks and plans for an emergency RealPlayer patch) Hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks, which began...; Tags: Attacker, Victim, Microsoft Internet Explorer, RealNetworks RealPlayer, Attack, Flaw, Exploitation, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Ryan Naraine; Blog posts 2007-10-19
Microsoft Office 2004 for Mac 11.3.4 Update (dmg): This update contains several improvements to enhance security and stability, including fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer's memory with malicious code. This update contains several improvements to enhance security and stability, including fixes for vulnerabilities that an attacker can use to...; Tags: Malicious Code, Apple Macintosh, Attacker, Microsoft Office, Vulnerability, Microsoft Corp., Microsoft Office 2004, Security, Productivity, Viruses And Worms; Software downloads 2007-09-19
Vulnerability in Microsoft Proxy Server 2.0 Could Allow Internet Content Spoofing (888258) (exe): Vulnerability could enable an attacker to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious Web site. However, an attacker would first have to persuade a user to visit the attackers site to...; Tags: Microsoft Proxy Server, Attacker, Vulnerability, Microsoft Corp., Internet, Security; Software downloads 2007-09-13
Vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 Could Allow Internet Content Spoofing (888258) (exe): A spoofing vulnerability exists in ISA Server 2000 that could enable an attacker to spoof trusted Internet content. This vulnerability could enable an attacker to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a...; Tags: Attacker, Vulnerability, Server, Microsoft Corp., Internet Security, Internet, Security; Software downloads 2007-09-13