cert

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soon

I listened to the Black Hat webcast today to grab as much info as I could on this subject. The biggest thing that I heard from the whole talk is that the patch fixes things to a reasonable point, but that long-term, there will have to be more work...

Tags: CERT, DNS Server, Domain Names, Internet, Kaminsky, Nathan McFeters, Patches, Security, Server

Blog posts 2008-07-24

Dan Kaminsky breaks DNS, massive multi-vendor patch coming, details at Black Hat Vegas '08

It would seem there's a bigger story to that MS08-037 flaw that came out for Patch Tuesday today. From Dave Lewis over at the Liquid Matrix security blog: Today Dan Kaminsky released a first, as far as I can recall. A coordinated patch was released today...

Tags: Black Hat, DNS, CERT, Flaw, Mogull, Updates, Domain Names, Networking, Security, Internet, Nathan McFeters

Blog posts 2008-07-08

Do we need another CERT?

Do we need another CERT?what linux/unix taking a queue from MShell hath frozen over!btw, doesnt red hat have an live update like system?Huh???How is this a page from MS? And by looking at the second question I'd have to wonder why you're even making comments about Linux.

Tags: CERT

Discussion threads 2008-05-06

Google launches CERT for open source

Google on Tuesday detailed plans for oCERT, a volunteer workforce that will remediate security issues in open source applications. The move makes a ton of sense. Community driven software can have bugs and plenty of folks to find these vulnerabilities. The problem: There's no central group to...

Tags: Google Inc., CERT, oCERT, Open Source, Security, Larry Dignan

Blog posts 2008-05-06

Do we need another CERT?

Yes. Google's backing of oCERT is a major milestone in the history of open source. It's not that I have anything against the Computer Emergency Response TeamCERT at Carnegie-Mellon. They do important work, not only in identifying risks but in educating people on them. ...

Tags: Vulnerability, CERT, Windows Machine, Dana, Security, Open Source, Dana Blankenhorn

Blog posts 2008-05-06

So long ActiveX. Will I miss you?

I'm following the advice of US CERT and other security wonks and disabling my ActiveX controls in IE. The big question: Will I miss it? The short answer is probably not since I mostly use Firefox. However, there are times when I'll toggle over to IE for...

Tags: CERT, Microsoft Internet Explorer, ActiveX, ActiveX/COM/COM+/DCOM, Web Browsers, Middleware, Software Development, Software/Web Development, Internet, Enterprise Software, Software, Larry Dignan

Blog posts 2008-02-04

CERT: AOL Radio has high-risk flaw

CERT: AOL Radio has high-risk flawAOL Radio is very goodIt's nice to see the issue corrected in a timely fashion. AOL Radio brings a huge chunk of XM to you for free...it is worth checking out.I listen to XM Satellite Radio Online. .RE: CERT: AOL Radio has high-risk flawThis...

Tags: Advertising & Promotion, AOL Radio, America Online Inc., radio, CERT

Discussion threads 2008-01-10

CERT: AOL Radio has high-risk flaw

The U.S. Computer Emergency Readiness Team has warned about a code execution flaw in the AOL Radio software. I'm not sure how many folks use AOL Radio, but AOL still has a lot of eyeballs. If you're one of those AOL users check out the CERT warning....

Tags: America Online Inc., CERT, Radio, Flaw, AOL Radio, U.S. Computer Emergency Readiness Team, AOLMediaPlaybackControl Application, Advertising & Promotion, ActiveX/COM/COM+/DCOM, Security, Marketing, Software Development, Software/Web Development, Larry Dignan

Blog posts 2008-01-10

How to run Internet Explorer securely

Here are the key configuration changes you can make to disable various features and reduce the attack surface in Microsoft's Internet Explorer. This guide provides a walk-through of IE 6.0 but applies to the latest IE 7.0 as well. (This guidance was prepared and distributed by Will Dorman, vulnerability...

Tags: Web browsers, Microsoft Internet Explorer, Software Engineering Institute, CERT, Microsoft Internet Explorer 6, Microsoft Internet Explorer 7, vulnerability, attack, analyst, Microsoft Corp.

Image galleries 2007-06-09

Recertifying CERT

Recertifying CERTLeave it to a Canuckto point out how messed up the Yanks are. You need to be OUTSIDE the "system" forrest to see how it operates (the "trees"). Congrats on the big step backwards with Mr. Harper - maybe you have a GW of your own now! I don't...

Tags: Operating systems, flaw, CERT, security, Harper

Discussion threads 2006-01-24

Recertifying CERT

When CERT published its 2005 Vulnerabilities summary earlier year it drew hundreds of reality reversing headlines along the lines of Tom Espiner's zdnet report: "Linux and Unix 'had more vulnerabilities than Windows.'" On January 10th I looked at the list of 2,328 claimed Unix vulnerabilities only to discover them greatly...

Tags: CERT, vulnerability

Blog posts 2006-01-24

Why CERT should be decertified (2)

Why CERT should be decertified (2)Investigative reportingis NOT dead nor an oxymoron! Thanks murph!Any counter-examples?Thanks for the list, murph. How easy to find were these examples?Did you find any counter-examples?stop advertising your incompetenceAlmost every security vendor has reported that *nix have more vulnerabilities. However the only thing you seem...

Tags: Operating systems, UNIX, Development tools, Microsoft Corp., CERT, vulnerability, operating system

Discussion threads 2006-01-18

Why CERT should be decertified (2)

In looking at Cert's security vulnerabilities summary for 2005 last week I pointed out that they have a tendency to be remarkably over enthusiastic when counting Unix and related applications vulnerabilities. This looks like systematic anti-Unix, pro-Microsoft, bias at work in a U.S. government agency. Today I'd like to look...

Tags: Microsoft Corp., Microsoft Windows

Blog posts 2006-01-18

Why CERT should be decertified (1)

Why CERT should be decertified (1)Its not thatIn a large enterprise (such as Company "F"), new patches need to be CERTIFIED before they are spread out to all 170,000 PCs in the company. This means that testing is required to see if the patch breaks anything. This effort takes time,...

Tags: Linux, Patches, Operating systems, UNIX, Microsoft Windows, CERT, patch management

Discussion threads 2006-01-10

Why CERT should be decertified (1)

Last week the CERT Institute developed at Carnegie Mellon University and now part of the "the operational arm of the National Cyber Security Division NCSD at the Department of Homeland Security," issued an annual systems security review and summary that drew They're misleading the public. That's irresponsible at best, dishonest...

Tags: CERT, US-CERT, Unix

Blog posts 2006-01-10

Experts question Windows win in flaw tally

Experts question Windows win in flaw tallyMikey has a brother Mark at Redhat?This explains everything.Mikey has a middle child complex and it turned him to the dark side."Markey works for RedhatI hate Markey, Markey gets everythingI think I'll sell my soul to microscrooge just to get even with mylousy brother"...

Tags: Operating systems, SECURITY, OPEN SOURCE, flaw, Unix, Microsoft Corp., CERT, Mikey, Microsoft Windows

Discussion threads 2006-01-06

CERT: IE bug is bait for phishers

CERT: IE bug is bait for phishersFunny[i]Microsoft feverishly puts the fix together[/i]Somehow I dont think this is issue #1 for Microsoft.I'm good to go, Microsoft!My security settings were already set as highI am safe!!I switched to Firefox I have not noticed a popup in 6 months.Exscuse me butWasn't this issue...

Tags: Web browsers, Linux, Microsoft Windows 2000, OPEN SOURCE, Cyberthreats, Firefox 0.8, Web browser, Microsoft Internet Explorer, Mozilla Corp., Mozilla Firefox, SuSE, SUSE 9.1, CERT, phishing

Discussion threads 2004-06-14

Additional Resources

SecFocus RSS Reader for iPhone 1.0 (Mobile)

SecFocus RSS Reader for iPhone receives information from a variety of RSS news sources which includes security focus news and vulnerabilities, ISCA labs, SANS, RootSec, Apple, Oracle, Linux, Sun, Ubuntu, Symantec, CERT, and Microsoft. SecFocus RSS Reader for iPhone contains frequently updated information--such as blog information, news headlines, audio, and...

Tags: Apple iPhone, Mobile, Blog, Pivot Studios, Smart Phones, Blogging, Consumer Electronics, Personal Technology, Internet

Software downloads 2009-10-30

US-CERT warns about BlackBerry spyware app

Justification for Apple's model?It can't be said just yet, but it's looking like a pool of trusted applications may be a good idea after all, despite the level of control wielded by Apple.No....Gee, just because someone releases a spyware app doesn't mean we need to only let RIM distribute apps....

Tags: Spyware, adware & malware, Cyberthreats, Handhelds, spyware app, Apple Inc., BlackBerry spyware app, US-CERT Warns, spyware, US-CERT, RIM BlackBerry, phone

Discussion threads 2009-10-28

US-CERT warns about BlackBerry spyware app

A free BlackBerry spyware application has been released to allow an attacker to call a user's BlackBerry and listen to personal conversations. by Ryan Naraine

Tags: RIM BlackBerry, US-CERT, Spyware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Handhelds, Hardware, Ryan Naraine

Blog posts 2009-10-28