Sponsored White Papers, Webcasts, and Downloads
ZDNet Resources
- Details, details, details... more on the Microsoft flaws from today
- Thought I'd explore some of these bugs a bit more... first, Tipping Point released one of the vulnerabilities that Larry reported earlier, listed as a stack overflow issue in Microsoft Office Jet Database Engine. The stack overflow isn't what's interesting, what's interesting is the attack vector itself. To be fair to...
- Tags: Vulnerability, Microsoft Corp., Database Engine, iDefense, Flaw, Exploitation, Microsoft Word, Word Processors, CSS, Microsoft Office, Security, Databases, Office Suites, Software, Scripting Languages, Software/Web Development, Web Development, Enterprise Software, Data Management, Nathan McFeters
- Blog posts 2008-05-13
- Trend Micro, Zone Labs, ClamAV join list of insecure security products
- Add Trend Micro, Check Point Zone Labs and ClamAV to the long list of security products that put end users at risk of malicious hacker attacks.The three vendors have all acknowledged various security vulnerabilities in a range of desktop and server products that could lead to arbitrary code execution, privilege...
- Tags: Security, Check Point Software Technologies Ltd., Trend Micro Inc., Zone Labs Inc., Ryan Naraine
- Blog posts 2007-08-22
- Remembering five years of vulnerability markets
- Guest Editorial by David EndlerWhile compiling some stats this week for our Zero Day Initiative two year anniversary, I came across this recent news article by the Associated Press, Researchers Seek Cash for Software Flaws. It's the latest in a long line of media coverage on the launch of...
- Tags: Botnets, Black Hat, Apple, Zero-day attacks, Wireless, Windows Vista, Wi-Fi security, Vulnerability research, Viruses and Worms, Symantec, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Data theft, Browsers
- Blog posts 2007-08-01
- Code execution hole haunts RealPlayer, HelixPlayer
- RealNetworks has issued a security fix for a gaping hole in its flagship RealPlayer software but, strangely, the company has not issued a security advisory to warn its millions of customers.Instead, the required warning came from the researchers at iDefense Labs who found a remotely exploitable security hole affecting both...
- Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Responsible disclosure, Pen testing, Patch Watch, Open source, Metasploit, Hackers, Exploit code, Digital rights management, Data theft, Browsers, Botnets
- Blog posts 2007-06-27
- iDefense puts $16,000 bounty on critical infrastructure app flaws
- iDefense puts $16,000 bounty on critical infrastructure app flawsWhat a LIAR!![i]Immunity founder Dave Aitel ... “IIS 6 hasn’t had a public remotely exploitable bug in it. Ever.”[/i]But we are constantly told that all Microsoft products will get pwned within seconds of connecting it to the Internet! Wait, I get it,...
- Tags: Linux, INTERNET, OPEN SOURCE, Microsoft IIS 6.0, Microsoft IIS Server, exploit, iDefense
- Discussion threads 2007-05-18
- iDefense puts $16,000 bounty on critical infrastructure app flaws
- Verisign's iDefense is putting up a $16,000 prize for any hacker who can find a remotely exploitable zero-day flaw in six critical Internet infrastructure applications.The flaw bounty is the largest ever offered by the company's VCP Vulnerability Contributor Program, which buys the rights to vulnerability information from hackers and handles...
- Tags: Botnets, Browsers, Data theft, Digital rights management, Exploit code, Hackers, McAfee, Metasploit, Microsoft, Open source, Passwords, Patch Watch, Pen testing, Responsible disclosure, Vulnerability research, Wi-Fi security, Zero-day attacks
- Blog posts 2007-05-18
- Find a Vista or IE 7 flaw, reel in $8,000
- VeriSigns iDefense Lab is paying hackers $8,000 for code execution flaws in Vista and IE7. Is this behavior we should encourage? If it serves the greater good I suppose, but it feels strange. The rules of engagement from the quarterly iDefense vulnerability challenge: ...
- Tags: General, Software Infrastructure, Security, Vista, Microsoft, iDefense, vulnerability
- Blog posts 2007-01-10
- Kama Sutra worm hype may bite back
- Kama Sutra worm hype may bite backThank you, MyDoom!Because of all the hype surrounding MyDoom variants, people have become more cautious about suspicious e-mail attachments. Since KS used the same method of spreading via email, people already knew what to do with it when it came around.The KS...
- Tags: E-mail, Cyberthreats, Viruses and worms, SECURITY, iDefense, worm, Kama Sutra worm, F-Secure Corp.
- Discussion threads 2006-02-03
- iDefense ups the bidding for bugs
- iDefense ups the bidding for bugsI think these guys have discovered a new business modelI wonder if Symantec and McAfee will up these guys with bounties and put them to shame.
- Tags: iDefense
- Discussion threads 2005-07-27
- VeriSign buys iDefense for $40 million
- VeriSign buys iDefense for $40 millionIDefenseI think iDefence will improve security standings with VeriSign. I don't think they needed to blow a cool and crisp $40 Million though. VeriSign could have invested into better network/security hardware and hired better security experts as actual VeriSign employees. I am sure out of...
- Tags: VeriSign Inc., iDefense, security
- Discussion threads 2005-07-14
Additional Resources
- Targeted malware attack against U.S schools intercepted
- Timing is everything, and from a cybercriminal's perspective, a new school year means segmenting their email databases to launch a targeted attack welcoming everyone back online. According to MessageLabs Intelligence : "Starting in early September, MessageLabs intercepted a targeted, email-borne malware attack on US schools and government organizations, a...
- Tags: Malware, Social Engineering, Attack, E-mail, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Online Communications, Dancho Danchev
- Blog posts 2008-09-17
- Georgia conflict may mean the birth of modern cyber-warfare
- As widely reported (ZDNet's Zero Day blog summarizes the events as well as anyone), Georgia government websites site down were attacked in just about the time frame as Russia's Prague 1968-style attack of the country. The question is, who's responsible? The Russian government appears to have managed to keep its...
- Tags: Georgia, Attack, Russian Government, VNUnet, Government, Security, Richard Koman
- Blog posts 2008-08-12
- Microsoft addresses 9 security vulnerabilities with 4 "Important" bulletins
- Microsoft announced 4 "Important" security bulletins today that cover 9 separate vulnerabilities. Of note were vulnerabilities reported in Windows DNS server and client, and within SQL Server. Briefly, the vulnerabilities involve: Cache poisoning and insufficient socket entropy flaws in Microsoft DNS Server A remote...
- Tags: Attacker, Microsoft SQL Server, Vulnerability, Server, Microsoft Windows, Microsoft Corp., Microsoft Outlook Web Access, Microsoft Outlook, Security, Microsoft Office, Office Suites, Software, Nathan McFeters
- Blog posts 2008-07-08
- Microsoft plugs Office leaks; Delivers 4 critical patches
- Microsoft on Tuesday delivered four critical patches for vulnerabilities Office and Windows XP. There were six patches delivered. Here's a look by the CVE: CVE-2008-1091: Microsoft patched an object parsing vulnerability in Microsoft Word. Affected software includes Office 2000, 2003 and 2007. Microsoft explains:...
- Tags: Microsoft Word, Attacker, Microsoft Office, Vulnerability, Patch Management, Microsoft Corp., Zero Day Initiative, Security, Larry Dignan
- Blog posts 2008-05-13
- Microsoft patches Vista, Windows Server 2008, IE
- Microsoft delivered 10 patches including six critical ones on Tuesday. Among the critical patches for Vista, Windows Server 2008 and Internet Explorer. Critical patches by the CVEs: CVE-2008-0083: Covers Windows Vista and Windows Server 2008. Microsoft says: "A remote code execution vulnerability...
- Tags: Web, Attacker, Microsoft Windows Server, Vulnerability, Microsoft Internet Explorer, Microsoft Corp., Microsoft Windows Server 2008, Microsoft Windows, Security, Operating Systems, Software, Larry Dignan
- Blog posts 2008-04-08
- Microsoft delivers 12 patches to plug Office; 7 for Excel flaws
- Microsoft on Tuesday delivered several patches to fix critical vulnerabilities in Office including a well-publicized Excel flaw. In the first bulletin (MS08-014), Microsoft addressed "several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially...
- Tags: Microsoft Outlook, Vulnerability, Patch Management, Microsoft Corp., Flaw, Microsoft Excel, Microsoft Office, Office Suites, Software, Larry Dignan
- Blog posts 2008-03-11
- Researcher: Critical vulnerability found in VMware's desktop apps
- Researcher: Critical vulnerability found in VMware's desktop appsShared Folder are enabled by default ?On my VMWare Workstation 6.0.2 build-59824 setup, the option "Shared Folders" is set to DISABLED. I have not changed it, it came that way by default. This contradicts the statement that it is ENABLED by default.what do...
- Tags: Shared Folder, desktop, VMware Inc., CoreLabs
- Discussion threads 2008-02-25
- Researcher: Critical vulnerability found in VMware's desktop apps
- Core Security Technologies said Monday that it has discovered vulnerability in VMware's desktop virtualization software that allows an attacker to gain complete control a system and launch executable files on the host operating system. The discovery is notable given that virtualization security is largely uncharted territory. However,...
- Tags: Desktop, Vulnerability, Discovery, VMware Inc., Exploit, Core Security Technologies, Security, Larry Dignan
- Blog posts 2008-02-25
- Adobe warns of Flash Media Server, Connect Enterprise Server vulnerabilities
- Adobe has delivered three new bulletins warning about a critical code injection vulnerability that could allow an attacker to take over a system. The two primary platforms affected--Flash Media Server 2.0.4 and Adobe Connect Enterprise Server--are enterprise applications. As Adobe increasingly becomes a Webtop standard via Flash,...
- Tags: Adobe Systems Inc., Attacker, Media Server, Vulnerability, Enterprise Server, Server, Security, Larry Dignan
- Blog posts 2008-02-14
- Apple delivers iPhone, iPod touch and QuickTime fixes with Macworld updates
- Apple's software updates for the iPhone and iPod touch contain a few security fixes. Apple also patched QuickTime while it was at it. On the heels of Apple CEO Steve Jobs' big Macworld performance Tuesday, the company slipped out a few security fixes. In an email alert,...
- Tags: Apple iPhone, Apple iPod, Apple QuickTime, Problem, Apple Inc., Apple iPod Touch, Flaw, Apple Mac OS X, Apple Mac OS, Digital Music, Digital Media, Patches, Operating Systems, Security, Software, Personal Technology, Consumer Electronics, Larry Dignan
- Blog posts 2008-01-15
- << Previous
- page 1 of 1
- Next >>
White Papers and Webcasts
At the Cleantech Forum in San Francisco, Todd Glass of Heller Ehrman moderates a discussion, among tech execs, on the various solar technologies making a difference in the green movement.
We need to get back to freethinking and innovation that is core to our roots. Companies like Intel were founded on thoughts like the famous quote from Robert Noyce - "Don't be encumbered by the past, go out and do something wonderful."
