Software flaws Resources

Sponsored White Papers, Webcasts, and Downloads

Questioning IT: Questioning ITThick vs Thin.The essence of what you're saying here is that thin client is better than thick client. You don't exactly use those terms and you throw in a bit of anti-Microsoft rhetoric, but focusing on the underlying principals as you correctly recommend, this is a thick vs thin...; Tags: Tools & Techniques, Thin clients, Servers, Sun Microsystems Inc., software, thin client, security; Discussion threads 2008-05-02
Windows (in)security and open source: Windows insecurity and open sourceIt is "Fife", not "Fyfe"Despite the link you posted to an article discussing "Barney Fyfe Syndrome", per IMDB the character's last name was "Fife".As to the topic, I do think the security folks want us to pay no attention to the man behind the curtain!Funny you...; Tags: error rate, OSS, security, Microsoft Windows, open source; Discussion threads 2008-04-15
Security metrics and issues: Security metrics and issuesGeneralizingThe problem is, the populations are self-selected and different.An example: people who decide to use Linux tend to be more technically sophisticated than people who use Windows. Technical sophistication increases the likelihood that the necessary steps will be taken to improve security. Therefore, Linux...; Tags: Operating systems, Linux Flaws, Microsoft Windows, security, Unix, Anton, Linux; Discussion threads 2008-03-25
US-CERT warns of Microsoft Access Database attacks: On the same day Microsoft issued fixes for at least 11 Windows software flaws, the U.S. Computer Emergency Response Team (US-CERT) warned that hackers were using malicious Microsoft Access databases to launch attacks against unknown targets. According to a US-CERT alert, the attacks are using an unpatched...; Tags: Database, Microsoft Access, Microsoft Corp., Attack, Flaw, US-CERT, Microsoft Office, Databases, E-mail, Security, Office Suites, Software, Enterprise Software, Data Management, Online Communications, Ryan Naraine; Blog posts 2007-12-12
Firefox vs. Internet Explorer: No real security winner: The rhetoric coming from Microsoft and Mozilla has heated up in recent days on who is doing a better job on web browser security. I'd prefer to frame the debate in terms of who is doing worse than the other because both companies have had lots of security issues with...; Tags: Mozilla Firefox, Vulnerability, Microsoft Internet Explorer 7, Patch Management, Microsoft Internet Explorer, Microsoft Corp., Web Browser, Mozilla Corp., Flaw, Web Browsers, Security, Internet, George Ou; Blog posts 2007-12-04

Microsoft hires URI protocol handling bug finder: Billy BK Rios, a prominent hacker who spent most of the summer warning about serious URI protocol handling vulnerabilities affecting Windows users, has joined Microsoft as a Security Engineer. Rios left, a pen-testing specialist who once worked as an intrusion detection analyst at the Department...; Tags: Mozilla Firefox, Protocol, Microsoft Corp., Flaw, Hacking, Web Browsers, Microsoft Windows, Security, Internet, Operating Systems, Software, Ryan Naraine; Blog posts 2007-10-11
Are thin clients the solution to all your security woes?: Our UNIX/Linux blogger Paul Murphy posted an interesting link to an article entitled: Information Security: 7 Data Leaks you can't Ignore written by Matt Roedell. Unfortunately, I think Paul missed the point of it by attributing the issue to "Wintel infrastructure" and claiming the solution is to go thin client with Sun...; Tags: Software, Thin Client, Business, Laptop Computer, Thin Clients, Security, Hardware, George Ou; Blog posts 2007-10-04
Skype still down - Published DoS exploit may be culprit: Skype still down - Published DoS exploit may be culpritNot DOS according to SkypeThe following is a quote from the Skype website - use your own discretionApologies for the delay, but we can now update you on the Skype sign-on issue. As we continue to work hard at resolving the...; Tags: Tools & Techniques, NETWORKING, Hacking, Microsoft Windows, Apple Mac OS X, Skype Technologies S.A.; Discussion threads 2007-08-17
IBM security strategist: Stop crediting vulnerability brokers: An IBM security strategist wants software vendors to stop acknowledging companies and researchers who buy and sell security vulnerabilities.Gunter Ollman, director of security strategy at IBM Internet Security Systems ISS, believes there's no real accountability attached to the trading of vulnerability information by third party companies like iDefense and TippingPoint.iDefense...; Tags: Software, Security, Vulnerability, Accountability, IBM Corp., IBM Security Strategist, Ryan Naraine; Blog posts 2007-08-08
Remembering five years of vulnerability markets: Guest Editorial by David EndlerWhile compiling some stats this week for our Zero Day Initiative two year anniversary, I came across this recent news article by the Associated Press, Researchers Seek Cash for Software Flaws. It's the latest in a long line of media coverage on the launch of...; Tags: Botnets, Black Hat, Apple, Zero-day attacks, Wireless, Windows Vista, Wi-Fi security, Vulnerability research, Viruses and Worms, Symantec, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Data theft, Browsers; Blog posts 2007-08-01
Securing Firefox: How to avoid hacker attacks on Mozilla's browser: Security problems with Microsoft's dominant Internet Explorer browser helped pave the way for Mozilla Firefox to emerge as a perfect alternative for Web surfers.However, Firefox users should be aware that hackers can exploit software flaws and design features to launch drive-by attacks.The following configuration changes, recommended by CERT/CC, can disable...; Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Privacy, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Apple; Blog posts 2007-07-09
Understanding ZDI: Separating Fact From Fiction: TippingPoint's Zero Day Initiative ZDI program has been in operation since August 15, 2005. Recently, concerns have resurfaced over whether or not 'Paid for' security research is in the best interest of the industry - citing that information surrounding software flaws could wind up in the hands of criminals. The...; Tags: Software, 3Com Corp., TippingPoint Technologies, Tools & Techniques, Strategy, Management; White papers 2007-07-01
Should Microsoft start paying for vulnerabilities?: Hackers are starting to agitate for Microsoft to start paying for information on security flaws found in its software products.The issue surfaced this week after the MSRC Microsoft Security Response Team posted a message on the sla.ckers.org message board, calling on third-party researchers to submit vulnerability information directly to Redmond...; Tags: SECURITY, Microsoft Corp., responsible disclosure, vulnerability, hacker, software; Blog posts 2007-03-15
Think 'Patch Tuesday' is just for Microsoft? Think again!: Think 'Patch Tuesday' is just for Microsoft? Think again!Let see if it lasts for the non-MS systems"in 2006, IE was unsafe 78% (284/365) of the time - 27% (98/365) had known criminal use - compared to Firefox's 2% (9/365). This is an improvement for IE; in 2004, it was...; Tags: Patches, Web browsers, Apple Inc., Microsoft Corp., Patch Tuesday, security, patch management; Discussion threads 2007-02-17
No Vista fixes in Microsoft's dirty dozen: No Vista fixes in Microsoft's dirty dozenNo Vista fixes in Microsoft's dirty dozenLooks like Vista is living up to all the hype and more! And all the bashers said it wasn't worth it. This article clearly proved them wrong. All the enhancements in Vista are making it...; Tags: Microsoft Windows Vista (Longhorn), Looks like Vista, Microsoft Windows Vista, Microsoft Corp., Vista-fix; Discussion threads 2007-02-13
Zero-day #5: Beware of (unexpected) Excel files: Zero-day #5: Beware of unexpected Excel filesHard to keep track of all the exploitsI don't know how Windows users manage to keep track of all the potential exploits. Firewalls, virus scanners...you spend a small fortune in time and treasure keeping other people out of your computer and off your...; Tags: Operating systems, Linux, Microsoft Windows Vista (Longhorn), Microsoft Corp., Microsoft Windows, Microsoft Office, WINDOWS USERS, Microsoft Windows Vista, Apple Inc., Microsoft Excel, ABMers; Discussion threads 2007-02-03
Trio of Cisco flaws may threaten networks: Trio of Cisco flaws may threaten networksRE FLASH?All software flaws are virus.You could not attack a computer system with a legitimate file.With legitimate files you are required to produce a screen name and password.I'm seeing all ROM chips as having a generic BIOS.Study this BIOS for optimal settings.(eg:fax file filter)Most...; Tags: NETWORKING, flaw, Cisco Systems Inc., security, network; Discussion threads 2007-01-25
Remote access scares fed IT officials: What keeps you awake at night? If youre a federal technology leader, your biggest nightmare is about providing remote access to telecommuters, according to a survey of fedtech officials, reports the Washington Posts Stephen Barr. The survey was conducted in August, at the end of the summer of laptop...; Tags: survey, agency, Government technology, IT Management, telecommuting; Blog posts 2006-11-17
Microsoft fixes faulty security patch: Microsoft fixes faulty security patchOh boy ,,,A new patch to fix a patch that was supposed to fix a flaw , or something like that . Is this a new trend for Microsoft , or has this always been going on ?"In a world without walls and fences , who...; Tags: Patches, security, patch management, patch, Microsoft Corp.; Discussion threads 2006-08-18
'Critical' Microsoft fix breaks some Net connections: 'Critical' Microsoft fix breaks some Net connectionsA little LATE to tell folks to NOT install the defective Security Update...What total B.S. from MICROSUCKS - AGAIN !These friggin clowns ship defective code under the guise of an Operating System then discover their POS O/S is so insecure they need to release...; Tags: Microsoft Windows, Linux, Patches, Operating systems, Game players, M.O., Microsoft Corp.; Discussion threads 2006-06-20