Sponsored White Papers, Webcasts, and Downloads
ZDNet Dictionary Definition
- CVE
- Common Vulnerabilities and Exposures A list of information security exposures and vulnerabilities sponsored by US-CERT and maintained by the MITRE Corporation. The CVE mission is to provide standard...
- Full CVE Definition >>
ZDNet Resources
- Mac versus Windows vulnerability stats questioned
- Mac versus Windows vulnerability stats questionedExactly, it was a poor comparison...... and no conclusion can be reached either way. I realize that the authoring experts are writing in a Blog, yet I assume there will be at least a level of professional research, wanting to delve a little deeper than...
- Tags: Desktops, Operating systems, Windows vulnerability stat, Apple Macintosh, stat, CVE, Microsoft Windows, Apple Inc.
- Discussion threads 2007-12-20
- Better Mac OS X Security Numbers
- Some things just aren't credible on their face, so when George Ou mined Secunia's security advisories for vulnerability data to prove that Mac OS X is less secure than Windows/XP, I had an immediate problem. According to his research Secunia's security advisories since January 2004 cover about 238 serious Mac...
- Tags: Apple Mac OS, vulnerability
- Blog posts 2006-03-02
Additional Resources
- Gaping holes in RealPlayer patched
- Digital media delivery firm RealNetworks has shipped a high-prority patch to cover four gaping holes in its flagship RealPlayer software, warning that the vulnerabilities could put users at risk of code execution attacks. The patch comes a few hours after Secunia released an advisory warning for one...
- Tags: Vulnerability, RealNetworks Inc., RealNetworks RealPlayer, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Ryan Naraine
- Blog posts 2008-07-25
- |)ruid and HD Moore release part 2 of DNS exploit
- |)ruid and HD Moore release part 2 of DNS exploitSo, Linux's BIND the first to be exploited...So, Linux's BIND the first to be exploited...Nice work!CoolNate, nice post and analysis!Wasn't the replacing the ns.victim.com cache entry part of the Halvar Flake speculation? I thought first part of the exploit was to...
- Tags: Domain names, NETWORKING, Operating systems, Alecco, DNS, ruid, exploit, HD Moore, Linux
- Discussion threads 2008-07-24
- 2008 Pwnie Award nominees announced
- Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site: The final list of nominees for the nine Pwnie Award categories is ...
- Tags: Nominee, Vulnerability, XSS, Attack, Flaw, Dan, XSS Flaw, Lifelock, Security, Nathan McFeters
- Blog posts 2008-07-21
- David Litchfield on details of one of the critical vulnerabilities from the latest Oracle patch
- More details coming out on the Oracle patches that were released last week, see Ryan Naraine's write up here. David Litchfield, noted security researcher from NGSSoftware, released details of one of the vulnerabilities on the Full-Disclosure email list today, and the details are staggering. The flaw allows potential unauthenticated remote...
- Tags: Oracle Application Server, Oracle Corp., Database Server, Critical Vulnerability, Application Servers, Middleware, Databases, Enterprise Software, Security, Software, Data Management, Nathan McFeters
- Blog posts 2008-07-15
- Apple ships (long overdue) iPhone security patches
- Finally, after months of waiting, iPhone users finally get security fixes for a batch of known software vulnerabilities. The latest iPhone 2.0 and iPod Touch 2.0 update patches at least 13 documented vulnerabilities, including several code execution holes in the Safari mobile Web browser. The...
- Tags: Apple iPhone, Apple Safari, JavaScript, Apple Inc., Web Site, Arbitrary Code Execution, Application Termination, Memory Corruption, Web Site Development, Web Technology, Security, Internet, Ryan Naraine
- Blog posts 2008-07-11
- Apple releases patches for dangerous QuickTime flaws in Apple TV 2.1 product
- Apple released patches for its Apple TV 2.1 product yesterday. Some of you might be saying, why do I care, I don't use Apple TV. Well, if you do use Apple TV, you obviously should care as some of these are very serious flaws, but if you don't,...
- Tags: Apple QuickTime, Movie, Patch Management, Apple Inc., Issue, Apple TV, Arbitrary Code Execution, Flaw, IMPACT, CVE-ID, Application Termination, Nathan McFeters
- Blog posts 2008-07-11
- Microsoft addresses 9 security vulnerabilities with 4 "Important" bulletins
- Microsoft announced 4 "Important" security bulletins today that cover 9 separate vulnerabilities. Of note were vulnerabilities reported in Windows DNS server and client, and within SQL Server. Briefly, the vulnerabilities involve: Cache poisoning and insufficient socket entropy flaws in Microsoft DNS Server A remote...
- Tags: Attacker, Microsoft SQL Server, Vulnerability, Server, Microsoft Windows, Microsoft Corp., Microsoft Outlook Web Access, Microsoft Outlook, Security, Microsoft Office, Office Suites, Software, Nathan McFeters
- Blog posts 2008-07-08
- Microsoft delivers 'important' patches
- Microsoft on Tuesday delivered nine important patches to fix vulnerabilities in SQL Server, Exchange Server, Vista and Windows Server. Among the details, which were previewed last week. CVE-2008-0085: A vulnerability in the way SQL Server manages memory page reuse. An attacker with database operator...
- Tags: Microsoft SQL Server, Vulnerability, Patch Management, Microsoft Corp., Microsoft Outlook Web Access, Microsoft Windows, Microsoft Outlook, Microsoft Office, Security, Databases, Servers, Operating Systems, Software, Office Suites, Enterprise Software, Data Management, Hardware, Larry Dignan
- Blog posts 2008-07-08
- Apple hasn't learned from past security mistakes
- * Ryan Naraine is on vacation. Guest editorial by Aviv Raff Apple's Safari for Windows is a nice browser. It really is. It has slick user interface, some pretty cool features, and benchmarks show that it is really fast. But, saying that...
- Tags: Security, Apple Safari, Apple Inc., Web Browser, Web Browsers, Microsoft Windows, Internet, Operating Systems, Software, Ryan Naraine
- Blog posts 2008-07-08
- Apple plugs 25 Mac OS X security vulnerabilities
- Apple has shipped another Mac OS X monster update to fix a total of 25 documented vulnerabilities that could lead to arbitrary code execution attacks. With Security Update 2008-004, Apple fixes code execution flaws in Launch Services, SMB File Server, System Configuration, VPN and WebKit. ...
- Tags: Security, Apple Macintosh, Apple Inc., Arbitrary Code Execution, Small And Medium Business, Apache Tomcat, Application Termination, Apple Mac OS X, Apple Mac OS, Smb/Sme, Operating Systems, Software, Ryan Naraine
- Blog posts 2008-06-30
- 90% of all statistics can be made to say anything... 50% of the time, aka my thoughts on the Verizon report
- ** Update 06/23/2008: I realize I didn't do a very good job of talking about what we're reviewing here. This is in response to the statistics gathered by Verizon related to Forensic Analysis of Data Breaches over a four year span. First off, let me...
- Tags: Business Partner, Vulnerability, Verizon Communications Inc., Attack, Data Breach, Security, Nathan McFeters
- Blog posts 2008-06-22
- Free Sourcefire tool pinpoints hostile MS Office files
- Sourcefire, the company behind the popular Snort intrusion detection system, has released a freeware utility to help identify potentially threatening Microsoft Office files. The tool, called OfficeCat, can be used to process Microsoft Office documents -- Word, PowerPoint, Excel and Publisher -- determine if possible exploit conditions...
- Tags: Sourcefire Inc., Vulnerability, Microsoft Corp., Tool, OfficeCat, Microsoft Office, Microsoft Word, Security, Office Suites, Software, Ryan Naraine
- Blog posts 2008-06-20
- Code execution flaws hit QuickTime again
- Apple has shipped a highly critical QuickTime software update with patches for at least five code execution vulnerabilities haunting Windows XP, Windows Vista and Mac OS X users. With QuickTime 7.5, Apple corrects multiple buffer overflows, memory corruption issues and URI handling flaws that could allow malicious...
- Tags: Apple Macintosh, Apple QuickTime, Flaw, Apple Mac OS X, Apple Mac OS, Operating Systems, Microsoft Windows, Desktops, Digital Music, Digital Media, Software, Hardware, Personal Technology, Consumer Electronics, Ryan Naraine
- Blog posts 2008-06-10
- Adobe Flash drive-by attacks redux
- Adobe has finally issued an almost-definitive statement on the reports of a zero-day attack targeting its flagship Flash Player, suggesting kinda that the vulnerability is already patched. In a progress report posted to the official Adobe PSIRT blog, David Lenoe stops short of making definitive statements on...
- Tags: Adobe Systems Inc., Vulnerability, Macromedia Flash Player, Malware, Attack, Malware Attack, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Ryan Naraine
- Blog posts 2008-05-28
- Fast-Fluxing SQL injection attacks executed from the Asprox botnet
- The botnet masters behind the Asprox botnet have recently started SQL injecting fast-fluxed malicious domains in order to enjoy a decent tactical advantage in an attempt to increase the survivability of the malicious campaign. I first assessed the Asprox botnet in January, and again in April when it started scaling...
- Tags: Microsoft .NET, Domain, SQL, SQL Injection, Asprox, Com, Programming Languages, Phishing, Databases, Security, Software Development, Software/Web Development, Spam And Phishing, Enterprise Software, Software, Data Management, Dancho Danchev
- Blog posts 2008-05-19
- Details, details, details... more on the Microsoft flaws from today
- Thought I'd explore some of these bugs a bit more... first, Tipping Point released one of the vulnerabilities that Larry reported earlier, listed as a stack overflow issue in Microsoft Office Jet Database Engine. The stack overflow isn't what's interesting, what's interesting is the attack vector itself. To be fair to...
- Tags: Vulnerability, Microsoft Corp., Database Engine, iDefense, Flaw, Exploitation, Microsoft Word, Word Processors, CSS, Microsoft Office, Security, Databases, Office Suites, Software, Scripting Languages, Software/Web Development, Web Development, Enterprise Software, Data Management, Nathan McFeters
- Blog posts 2008-05-13
- Microsoft plugs Office leaks; Delivers 4 critical patches
- Microsoft plugs Office leaks; Delivers 4 critical patchesAnd... conspicuously absent from the list?Windows Vista - again. More secure? definitely. Runs well? Absolutely? Trouble-free? Not nearly. Better value? Absolutely.Windows Vista - it just works.Good news for Mac users of MS Officehttp://biz.yahoo.com/prnews/080513/aqtu077.html?.v=48VBA is back!LameThat privilege escalation...
- Tags: Microsoft Windows Vista (Longhorn), Patches, Operating systems, Microsoft Windows Vista, Microsoft Office, Microsoft Windows, patch management, Microsoft Corp.
- Discussion threads 2008-05-13
- Microsoft plugs Office leaks; Delivers 4 critical patches
- Microsoft on Tuesday delivered four critical patches for vulnerabilities Office and Windows XP. There were six patches delivered. Here's a look by the CVE: CVE-2008-1091: Microsoft patched an object parsing vulnerability in Microsoft Word. Affected software includes Office 2000, 2003 and 2007. Microsoft explains:...
- Tags: Microsoft Word, Attacker, Microsoft Office, Vulnerability, Patch Management, Microsoft Corp., Zero Day Initiative, Security, Larry Dignan
- Blog posts 2008-05-13
- << Previous
- page 1 of 1
- Next >>
White Papers and Webcasts
"Collaboration: Transforming the Way Business Works", a new study from the Economist Intelligence Unit. Find this informative report along with free videos podcasts and more, availibe courtesy of Cisco.
