bugtraq Resources

Sponsored White Papers, Webcasts, and Downloads

ZDNet Resources

Context-Based Intrusion Detection Using Snort, Nessus and Bugtraq Databases: Intrusion Detection Systems IDS use different techniques to reduce the number of false positives they generate. Simple network context information such as the communication session state has been added in IDS signatures to only raise alarms in the proper context. However, this is often not sufficient and more network context...; Tags: Snort, Network, Intrusion Detection System, BugTraq, Signature, Correlation Mechanism, Intrusion Detection, Network Security, Security, Networking; White papers 2005-07-28

Additional Resources

What happens when you patch the Internet?: Well, inevitably you have some issues, don't you? Yesterday's patch Tuesday effectively patched DNS servers and clients across nearly all of the Internet, and there's been at least one hiccup reported. From the bugtraq list: The latest auto update patch KB951748 Windows all versions cuts connectivity...; Tags: Internet, ZoneAlarm, Viruses And Worms, Security, Nathan McFeters; Blog posts 2008-07-09
Secure coding: the invisible elephant: The last couple of weeks, I've been trying to vaguely connect the dots between social computing, cloud computing and traditional process based systems. There are multiple legs to the story but one that had pretty much escaped my attention was the security angle. I will not claim any special expertise...; Tags: Software, Google Inc., Database, Cloud Computing, Information Technology, Computer Science, Microsoft Corp., Computer, Ms Davidson, Tools & Techniques, Security, Management, Dennis Howlett; Blog posts 2008-04-08
Secunia: It's not a flaw if it's a feature: When I reported on the Vocera certificate security bypass flaw, SecurityFocus picked up on it and created Bugtraq ID 27935 to warn their customers about the vulnerability. I dropped a note to Secunia about the flaw but they seem to believe that a flaw is only a flaw if it...; Tags: Vocera Communications, Secunia, Flaw, Security, George Ou; Blog posts 2008-02-28
Zero-day flaw haunts HP laptop models: Zero-day flaw haunts HP laptop modelsHP Pavilion Notebook zv6130us and HP Info CenterEven if I have an HP Pavilion Notebook zv6130us, I don't have HP Info Center installed in my laptop. Is it only for newer laptops?RE: Zero-day flaw haunts HP laptop modelsAnyone who doesn't disable - and then uninstall...; Tags: Notebooks, zero-day bug, Hewlett-Packard Co., laptop computer, HP Laptop; Discussion threads 2007-12-12

Zero-day flaw haunts HP laptop models: A zero-day hole is several major HP laptop models could provide an easy way for hackers to take complete control of Windows machines, according to a warning from an independent security researcher. The researcher, known as "porkythepig," discovered the vulnerability in the HP Info Center software that's...; Tags: Notebook, Hewlett-Packard Co., ActiveX Control, Laptop Computer, Flaw, Laptop Model, Notebooks, Hardware, Notebooks & Tablets, Ryan Naraine; Blog posts 2007-12-11
SANS Institute paints gloomy security picture: The SANS Institute report on the state of security circa 2007 is enough to make you want to pull your ethernet cord out. Is anything out there secure? On Wednesday, the SANS Institute released its top 20 security risks update for 2007. It's pretty bleak across the board. There...; Tags: Software, Antivirus, Microsoft Office, Vulnerability, SAN, Backup, Backup Software, Plug-in, SANS Institute, Anti-virus Software, Backups, Security, Viruses And Worms, Larry Dignan; Blog posts 2007-11-28
X Font Server flaw hits Sun Solaris hard: X Font Server flaw hits Sun Solaris hardit's a good alert, but what kind of idiotsare Immunity and this David Aitel, to publish exploit code?I think the feeling of power the malware people get from this kind of thing must be large ego-satisfaction, and it is entirely wrong.His pseudo-academic 'it's...; Tags: Operating systems, UNIX, Servers, SECURITY, X Font Server, X font, Sun Microsystems Inc., operating system, Sun Solaris, server; Discussion threads 2007-10-03
Mozilla to ship Firefox 'workaround' for .ANI exploit: Mozilla to ship Firefox 'workaround' for .ANI exploitWhy not just patch?What's the point? Why not just apply the patch, something you should do anyuway?Firefox / Firebug critical vulnerability!! (; Tags: Web browsers, Mozilla Firefox, Firebug, Mozilla Corp., vulnerability; Discussion threads 2007-04-04
Firekeeper: Firekeeper is a new security extension from the Mozdev development team for the Firefox browser. The extension is still in alpha, and though it is very stable (it didn't crash our browser), we suggest you bear in mind the code is still in testing. Firekeeper keeps your Internet-browsing session safe...; Tags: Web browsers, SECURITY, Firekeeper; Product reviews 2007-03-08
Monday blues: Firefox phishing flaw; Microsoft's anti-phishing patent: Its been a tough week for Firefox on the security front. Just days after unpatched cookie manipulation and data hijack bugs are flagged in the open-source browser, a security researcher is warning that Firefox suffers from a design flaw that puts casual surfers at risk of phishing attacks. ...; Tags: Browsers, Exploit code, Hackers, Microsoft, Mozilla, Open source, Patch Watch, Responsible disclosure, Spam and Phishing, Vulnerability research; Blog posts 2007-02-19
Windows CardSpace gets Firefox support: Windows CardSpace gets Firefox supportIE browser is about deadWith just one feature, RSS, there is a compelling reason to upgrade the internet browser on corporate and government computers. I did so last week on my wife's computer. As had been reported to me by half a dozen others, it doesn't...; Tags: Web browsers, Microsoft Windows, Mozilla Firefox, Microsoft Internet Explorer, Web browser, Microsoft Corp., Microsoft Windows CardSpace, RSS; Discussion threads 2006-12-13
Mozilla fixes 'critical' flaws: Mozilla fixes 'critical' flawsBut...OK great......but what about these...?https://bugzilla.mozilla.org/buglist.cgi?query_format=specific&bug_status=__open__&product=Firefox&content=&order=bugs.bug_severity&query_based_on=Fixes critical flawsBut the average Joe user don't know HOW to get those fixes... Mozilla is just another M$... They need to go back to the drawing board on HOW to make programs USER friendly...and while we are on the subject of...; Tags: Web browsers, flaw, Mozilla Firefox, Mozilla Corp.; Discussion threads 2006-11-08
Top posts from ZDNet's blogging network (10/27/06): My stablemates at ZDNet blog-central have been busy the last couple days. Here are some of the highlights from around our network. Ed Burnette is on top of Red Hat's rebuttal to Oracle's surprise "Unbreakable Linux" announcement earlier this week at Oracle OpenWorld. Clearly, the announcement did not settle well with...; Tags: Oracle Corp., Red Hat Inc., Linux; Blog posts 2006-10-27
Firefox 2 crash exploit and IE7 address spoofing flaw surfaces: After all the media inflated flap over a minor Outlook Express flaw surfaced over Internet Explorer 7, a minor but true IE7 address bar spoofing weakness was found. At the same time, bug tracking mailing lists have been talking about a flaw affecting the just ...; Tags: flaw; Blog posts 2006-10-27
Illinois university hit with security breach: Illinois university hit with security breachIt won't end until people actually go to jail...I think it's pretty much proven by now... No one has learned a damned thing from all of the privacy invasions of the past.The government doesn't care. Hell, they want to be the biggest invaders!10...; Tags: UNIX, Operating systems, Servers, Social Security, security, Western Illinois University, University Computer Support Services 1 University Circle Macomb, University Computer, Sun Solaris; Discussion threads 2006-07-05
Zero-day PoCs on the loose for Mac: Zero-day PoCs on the loose for MacWhat's that got to do with releasing proof of concept?Proof of concept code hurts everybody. Linux wasn't excluded when proof of concept was released for Firefox. As to my platform choices, my office is Windows only so I use a Tablet PC there, my...; Tags: Apple Mac OS X, Desktops, Apple Mac OS, Operating systems, SECURITY, Apple Macintosh, proof of concept, Microsoft Windows, Apple Inc.; Discussion threads 2006-04-24
Solaris x86 experience predicts security disaster for Mactel: Mitre.org's CVE registery contains about 425 Solaris vulnerability reports of which about two thirds have some relation to Sun supported software. Look at those carefully and you see mention of 21 apparently distinct exploits. Here, for example, is the main entry for several lp and lpset related vulnerability claims...; Tags: UNIX, Processors, security, Solaris-x86 experience, SF Reference, Sun Solaris; Blog posts 2006-04-05
Security analysis: In response to today’s Security Commandment one alert reader asked: Hi Rich, I like the advice! Unfortunately, all my direct reports havereligion about this. My question is, how should I compare platformsin an objective and reproducible fashion? Confused in...; Tags: security, Mu Security; Blog posts 2006-04-03
How to stop 'Active Scripting' in home PCs: How to stop 'Active Scripting' in home PCsMessage has been deleted.Level of riskGeorge, I haven't read the articles about this. Does the risk exist only if you use the browser to go to sites or is the IE code throughout the system vulnerable?It's a lot simpler than that.......switch to Linux....; Tags: Web browsers, Operating systems, PC, home PC, Mozilla Firefox, Microsoft Internet Explorer; Discussion threads 2005-11-22