Sponsored White Papers, Webcasts, and Downloads
ZDNet Dictionary Definition
- Attacker
- A person or other entity such as a computer program that attempts to cause harm to an information system; for example, by unauthorized access or denial of service. Human...
- Full Attacker Definition >>
ZDNet Resources
- Late breaking news: Microsoft investigates reports of Office Word 2002 SP 3 exploited in the wild
- From Bill Sisk, security response communications manager for Microsoft: Microsoft Security Advisory (953635) Vulnerability in Microsoft Word Could Allow Remote Code Execution Published: July 8, 2008 Microsoft is investigating new public reports of a possible vulnerability in Microsoft Office Word 2002 Service Pack 3....
- Tags: Attacker, Vulnerability, Microsoft Corp., Microsoft Word, Word Processors, Microsoft Office, Security, Office Suites, Software, Nathan McFeters
- Blog posts 2008-07-08
- Microsoft addresses 9 security vulnerabilities with 4 "Important" bulletins
- Microsoft announced 4 "Important" security bulletins today that cover 9 separate vulnerabilities. Of note were vulnerabilities reported in Windows DNS server and client, and within SQL Server. Briefly, the vulnerabilities involve: Cache poisoning and insufficient socket entropy flaws in Microsoft DNS Server A remote...
- Tags: Attacker, Microsoft SQL Server, Vulnerability, Server, Microsoft Windows, Microsoft Corp., Microsoft Outlook Web Access, Microsoft Outlook, Security, Microsoft Office, Office Suites, Software, Nathan McFeters
- Blog posts 2008-07-08
- Exploit code released for unpatched IE 7 vulnerability
- Another day, another gaping hole affecting fully patched versions of Microsoft's Internet Explorer browser. According to a warning from US-CERT, proof-of-concept exploit code has been published for a new zero-day bug that can be used for a variety of malicious attacks against Windows users running IE 6,...
- Tags: Attacker, Vulnerability, Frame, Microsoft Internet Explorer 7, Domain, Exploit Code, Microsoft Internet Explorer, Web Page, Web Browsers, Internet, Ryan Naraine
- Blog posts 2008-06-30
- Yahoo swats serious cross-site scripting bug
- Web application security firm Cenzic has flagged a serious cross-site scripting vulnerability affecting millions of Yahoo Mail users. The flaw, which was patched by Yahoo on June 13, opened the door for hackers to steal Yahoo identities and gain access to users' sensitive and private information. ...
- Tags: Attacker, Yahoo! Inc., XSS, E-mail Providers, Security, Internet, Ryan Naraine
- Blog posts 2008-06-25
- Code execution vulnerability found in Firefox 3.0
- It's not all about world records for Firefox 3.0. Just hours after the official release of the latest refresh of Mozilla's flagship browser, an unnamed researcher has sold a critical code execution vulnerability that puts millions of Firefox3.0 users at risk of PC takeover attacks. ...
- Tags: Mozilla Firefox 3.0, Mozilla Firefox, Attacker, Vulnerability, Web Browsers, Security, Internet, Ryan Naraine
- Blog posts 2008-06-18
- Critical IE, Bluetooth, DirectX flaws highlight MS Patch Tuesday
- Microsoft's Patch Tuesday train rumbled into the security station today with high-priority patches for multiple vulnerabilities affecting Internet Explorer, the Bluetooth stack in Windows and Microsoft DirectX. In all, the Redmond, Wash. software vendor released seven bulletins -- 3 critical, 3 important and 1 moderate -- with...
- Tags: Web, Attacker, Vulnerability, Bluetooth, Microsoft Internet Explorer, Microsoft Corp., Web Site, DirectX, Bulletin, Flaw, DirectX Bulletin, Microsoft Windows, Web Site Development, Web Browsers, Channel Management, Security, Operating Systems, Software, Internet, Marketing, Ryan Naraine
- Blog posts 2008-06-10
- Microsoft plugs Office leaks; Delivers 4 critical patches
- Microsoft on Tuesday delivered four critical patches for vulnerabilities Office and Windows XP. There were six patches delivered. Here's a look by the CVE: CVE-2008-1091: Microsoft patched an object parsing vulnerability in Microsoft Word. Affected software includes Office 2000, 2003 and 2007. Microsoft explains:...
- Tags: Microsoft Word, Attacker, Microsoft Office, Vulnerability, Patch Management, Microsoft Corp., Zero Day Initiative, Security, Larry Dignan
- Blog posts 2008-05-13
- Microsoft patches Vista, Windows Server 2008, IE
- Microsoft delivered 10 patches including six critical ones on Tuesday. Among the critical patches for Vista, Windows Server 2008 and Internet Explorer. Critical patches by the CVEs: CVE-2008-0083: Covers Windows Vista and Windows Server 2008. Microsoft says: "A remote code execution vulnerability...
- Tags: Web, Attacker, Microsoft Windows Server, Vulnerability, Microsoft Internet Explorer, Microsoft Corp., Microsoft Windows Server 2008, Microsoft Windows, Security, Operating Systems, Software, Larry Dignan
- Blog posts 2008-04-08
- Security: Lintel vs Wintel
- In the PC community "security" just means defending against attacks aimed at destroying or misusing all or part of a computer system. In that context most of the complexities associated with trying to decide whether wintel or lintel will expose you to less security risk arise from the absense of...
- Tags: Wintel, Attacker, Vulnerability, Flaw, National Vulnerability Database, Petreley, Security, Paul Murphy
- Blog posts 2008-03-24
- Defeating the Same Origin Policy part 1
- The Same Origin Policy is one of the guiding principles that seek to protect our browsing experience. The Same Origin Policy was originally released with Netscape Navigator 2.0 and has been incorporated in one form or another in every major browser since. The concept has additionally been extended...
- Tags: Concept, Attacker, Java, Victim, Applet, Attack, Same Origin Policy, Nathan McFeters
- Blog posts 2008-03-14
- IE 8: Cross scripting defense a double-edged sword
- Update: As most of the tech world knows, IE 8 has landed with its first beta, but the security improvements may raise some other issues to ponder. Folks--especially security researchers--are kicking the tires on IE 8 all resources and finding a few problems that go along with...
- Tags: Attacker, Websense Inc., Microsoft Internet Explorer, Web Browsers, Security, Internet, Larry Dignan
- Blog posts 2008-03-13
- Adobe warns of Flash Media Server, Connect Enterprise Server vulnerabilities
- Adobe has delivered three new bulletins warning about a critical code injection vulnerability that could allow an attacker to take over a system. The two primary platforms affected--Flash Media Server 2.0.4 and Adobe Connect Enterprise Server--are enterprise applications. As Adobe increasingly becomes a Webtop standard via Flash,...
- Tags: Adobe Systems Inc., Attacker, Media Server, Vulnerability, Enterprise Server, Server, Security, Larry Dignan
- Blog posts 2008-02-14
- Mozilla confirms Firefox proof of concept information leak vulnerability
- Mozilla's security chief Window Snyder has confirmed a proof of concept information leak flaw in Firefox--even fully patched versions. Snyder confirmed the issue in a blog post. The proof of concept vulnerability was highlighted by researcher Gerry Eisenhaur on Jan. 19. In a nutshell, Firefox leaks information...
- Tags: Mozilla Firefox, Attacker, Vulnerability, Mozilla Corp., Window Snyder, Web Browsers, Security, Internet, Larry Dignan
- Blog posts 2008-01-23
- Microsoft confirms Excel flaw; outlines defense
- The Microsoft Security Response Center has confirmed ongoing attacks against Excel and is recommending that users either run files through a tool that strips out exploit code or block Office 2003 and earlier formats except for those from trusted locations. In its advisory MSRC late Tuesday said:...
- Tags: Attacker, Microsoft Security Response Center, Vulnerability, Microsoft Corp., Flaw, Microsoft Excel, Microsoft Office, Security, Office Suites, Software, Larry Dignan
- Blog posts 2008-01-16
- Symantec: Trojan has 400 banks on its hitlist
- A Trojan dubbed Silentbanker targets more than 400 banks including the household names in the U.S. and other financial institutions abroad and hangs in the background to intercept transactions with two-factor authentication, according to researchers at Symantec. In a day full of the usual Trojan attacks (they...
- Tags: Bank, Symantec Corp., Attacker, Trojan Horse, Spyware, Spyware, Adware & Malware, Security, Viruses And Worms, Larry Dignan
- Blog posts 2008-01-14
- Invisible Attackers: Stop the Bot
- Massive distributed-denial-of-service DDoS and phishing attacks get the headlines, but invisible attackers pose a far more common threat to your network. This 60-minute TechWiseTV video on demand from Cisco will show you how botnets work, how attackers hide in plain sight, and how to flush them out. You will discover...
- Tags: Attacker, Bot, Cisco Systems Inc., TechWiseTV, Security
- Webcasts 2008-01-10
- Researcher: Firefox vulnerable to ID spoofing
- Firefox 2.0 has a vulnerability that can leave its users susceptible to an identity theft attack, according to Aviv Raff, a security researcher based in Israel. Raff outlined a bug in Firefox that allows spoofing and enables an attacker "to conduct phishing attacks, by tricking the user...
- Tags: Mozilla Firefox, Attacker, Mozilla Firefox 2.0, Authentication, Web Browsers, Security, Internet, Larry Dignan
- Blog posts 2008-01-03
- IE gets security makeover in Patch Tuesday batch
- Microsoft's final batch of patches for 2007 has been released to cover at least 11 security vulnerabilities that put millions of users at risk of remote code execution attacks. The December updates includes a "critical" bulletin with patches for at least four flaws affecting Internet Explorer and...
- Tags: Windows Media, Attacker, Vulnerability, Microsoft Internet Explorer, Microsoft Corp., Bulletin, December Update, Microsoft Windows, Operating Systems, Digital Music, Digital Media, Security, Software, Personal Technology, Consumer Electronics, Ryan Naraine
- Blog posts 2007-12-11
- QuickTime hack allows Second Life currency theft
- Security researchers Dino Dai Zovi and Charlie Miller have found a way to exploit an unpatched QuickTime vulnerability to steal Linden Dollars from users in the Second Life virtual world. Dai Zovi the hacker behind the CanSecWest MacBook Pro hijack and Miller (creator of the first...
- Tags: Second Life, Attacker, Apple QuickTime, Avatar, Video, Duo, Digital Music, Corporate Communications, Digital Media, Security, Personal Technology, Marketing, Consumer Electronics, Ryan Naraine
- Blog posts 2007-12-04
- Finding and exploiting holes in software features
- * Ryan Naraine is on vacation. Guest Editorial by Nate McFeters With the holiday season fast approaching, and being so in the spirit of giving, I thought I'd compile a list of the top features that led to security...
- Tags: Software, Google Inc., Attacker, XSS, Trillian, Google Picasa, URI, Security, Ryan Naraine
- Blog posts 2007-11-23
White Papers and Webcasts
According to a new study from the Economist, future success belongs to those who collaborate effectively. Learn how successful collaboration can improve profits, problem-solving, and competitive differentiation.
