idefense

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Heads-up: Critical Adobe Flash Player patch coming

[ UPDATE:  Here's the official alert from Adobe with information on the patch.  It covers a total of five vulnerabilities and affects Flash Player 10.0.12.36 and earlier ] Sometime later today, Adobe will issue a patch for at least one critical vulnerability affecting its ubiquitous Flash Player. ...

Tags: Adobe Systems Inc., Shockwave, Attacker, Vulnerability, Macromedia Flash Player, Adobe Flash Player, iDefense, Shockwave Flash, Security, Patches, Ryan Naraine

Blog posts 2009-02-24

Details, details, details... more on the Microsoft flaws from today

Thought I'd explore some of these bugs a bit more... first, Tipping Point released one of the vulnerabilities that Larry reported earlier, listed as a stack overflow issue in Microsoft Office Jet Database Engine.  The stack overflow isn't what's interesting, what's interesting is the attack vector itself.  To be fair to...

Tags: Vulnerability, Microsoft Corp., Database Engine, iDefense, Flaw, Exploitation, Microsoft Word, Word Processors, CSS, Microsoft Office, Security, Databases, Office Suites, Software, Scripting Languages, Software/Web Development, Web Development, Enterprise Software, Data Management, Nathan McFeters

Blog posts 2008-05-13

Trend Micro, Zone Labs, ClamAV join list of insecure security products

Add Trend Micro, Check Point Zone Labs and ClamAV to the long list of security products that put end users at risk of malicious hacker attacks.The three vendors have all acknowledged various security vulnerabilities in a range of desktop and server products that could lead to arbitrary code execution, privilege...

Tags: Security, Check Point Software Technologies Ltd., Trend Micro Inc., Zone Labs Inc., Ryan Naraine

Blog posts 2007-08-22

Remembering five years of vulnerability markets

Guest Editorial by David EndlerWhile compiling some stats this week for our Zero Day Initiative two year anniversary, I came across this recent news article by the Associated Press, Researchers Seek Cash for Software Flaws. It's the latest in a long line of media coverage on the launch of...

Tags: Botnets, Black Hat, Apple, Zero-day attacks, Wireless, Windows Vista, Wi-Fi security, Vulnerability research, Viruses and Worms, Symantec, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Data theft, Browsers

Blog posts 2007-08-01

Code execution hole haunts RealPlayer, HelixPlayer

RealNetworks has issued a security fix for a gaping hole in its flagship RealPlayer software but, strangely, the company has not issued a security advisory to warn its millions of customers.Instead, the required warning came from the researchers at iDefense Labs who found a remotely exploitable security hole affecting both...

Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Responsible disclosure, Pen testing, Patch Watch, Open source, Metasploit, Hackers, Exploit code, Digital rights management, Data theft, Browsers, Botnets

Blog posts 2007-06-27

iDefense puts $16,000 bounty on critical infrastructure app flaws

iDefense puts $16,000 bounty on critical infrastructure app flawsWhat a LIAR!![i]Immunity founder Dave Aitel ... "IIS 6 hasn't had a public remotely exploitable bug in it. Ever."[/i]But we are constantly told that all Microsoft products will get pwned within seconds of connecting it to the Internet! Wait, I get it,...

Tags: Linux, INTERNET, OPEN SOURCE, Microsoft IIS 6.0, Microsoft IIS Server, exploit, iDefense

Discussion threads 2007-05-18

iDefense puts $16,000 bounty on critical infrastructure app flaws

Verisign's iDefense is putting up a $16,000 prize for any hacker who can find a remotely exploitable zero-day flaw in six critical Internet infrastructure applications.The flaw bounty is the largest ever offered by the company's VCP Vulnerability Contributor Program, which buys the rights to vulnerability information from hackers and handles...

Tags: Botnets, Browsers, Data theft, Digital rights management, Exploit code, Hackers, McAfee, Metasploit, Microsoft, Open source, Passwords, Patch Watch, Pen testing, Responsible disclosure, Vulnerability research, Wi-Fi security, Zero-day attacks

Blog posts 2007-05-18

Find a Vista or IE 7 flaw, reel in $8,000

VeriSigns iDefense Lab is paying hackers $8,000 for code execution flaws in Vista and IE7. Is this behavior we should encourage? If it serves the greater good I suppose, but it feels strange. The rules of engagement from the quarterly iDefense vulnerability challenge: ...

Tags: General, Software Infrastructure, Security, Vista, Microsoft, iDefense, vulnerability

Blog posts 2007-01-10

Kama Sutra worm hype may bite back

Kama Sutra worm hype may bite backThank you, MyDoom!Because of all the hype surrounding MyDoom variants, people have become more cautious about suspicious e-mail attachments. Since KS used the same method of spreading via email, people already knew what to do with it when it came around.The KS...

Tags: E-mail, Cyberthreats, Viruses and worms, SECURITY, iDefense, worm, Kama Sutra worm, F-Secure Corp.

Discussion threads 2006-02-03

iDefense ups the bidding for bugs

iDefense ups the bidding for bugsI think these guys have discovered a new business modelI wonder if Symantec and McAfee will up these guys with bounties and put them to shame.

Tags: iDefense

Discussion threads 2005-07-27

VeriSign buys iDefense for $40 million

VeriSign buys iDefense for $40 millionIDefenseI think iDefence will improve security standings with VeriSign. I don't think they needed to blow a cool and crisp $40 Million though. VeriSign could have invested into better network/security hardware and hired better security experts as actual VeriSign employees. I am sure out of...

Tags: VeriSign Inc., iDefense, security

Discussion threads 2005-07-14

Additional Resources

"No more free bugs"? There never were any free bugs

Vulnerability researchers have always extracted value out of their work, even before there was a monetary value placed on exploits. Security researchers at last week's CanSecWest conference dramatically announced their new philosophy that software vulnerabilities should no longer be given away. The movement cites the existence...

Tags: Researcher, Vulnerability, Exploit, Security, Adam O'Donnell

Blog posts 2009-03-24

$10k hacking contest announced

Israeli software developer Gizmox is challenging hackers to try hacking into the company's Visual WebGui Platform, by offering a $10,000 incentive to those who manage to achieve the objectives of their contest launched at the beginning of the month. What's particularly interesting about the contest is the fact that the...

Tags: Contest, Identity, Gizmox, Hacking, Semantic Web, Security, Internet, Dancho Danchev

Blog posts 2008-11-12

iDefend 1.0.9 (Mobile)

iDefend is a dynamic Tower Defense game for the iPod Touch and the iPhone. If you've never played a TD game, the rules are simple. In each level several waves of enemies try to go through a maze, your goal is to stop them. To do so you have...

Tags: Enemy, Mobile, Landolphia, iDefend, Games, Personal Technology

Software downloads 2008-10-07

Targeted malware attack against U.S schools intercepted

Timing is everything, and from a cybercriminal's perspective, a new school year means segmenting their email databases to launch a targeted attack welcoming everyone back online. According to MessageLabs Intelligence : "Starting in early September, MessageLabs intercepted a targeted, email-borne malware attack on US schools and government organizations, a...

Tags: Malware, Social Engineering, Attack, E-mail, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Online Communications, Dancho Danchev

Blog posts 2008-09-17

Georgia conflict may mean the birth of modern cyber-warfare

As widely reported (ZDNet's Zero Day blog summarizes the events as well as anyone), Georgia government websites site down were attacked in just about the time frame as Russia's Prague 1968-style attack of the country. The question is, who's responsible? The Russian government appears to have managed to keep its...

Tags: Georgia, Attack, Russian Government, VNUnet, Government, Security, Richard Koman

Blog posts 2008-08-12

Microsoft addresses 9 security vulnerabilities with 4 "Important" bulletins

Microsoft announced 4 "Important" security bulletins today that cover 9 separate vulnerabilities. Of note were vulnerabilities reported in Windows DNS server and client, and within SQL Server. Briefly, the vulnerabilities involve: Cache poisoning and insufficient socket entropy flaws in Microsoft DNS Server A remote...

Tags: Attacker, Microsoft SQL Server, Vulnerability, Server, Microsoft Windows, Microsoft Corp., Microsoft Outlook Web Access, Microsoft Outlook, Security, Microsoft Office, Office Suites, Software, Nathan McFeters

Blog posts 2008-07-08

Microsoft plugs Office leaks; Delivers 4 critical patches

Microsoft on Tuesday delivered four critical patches for vulnerabilities Office and Windows XP. There were six patches delivered. Here's a look by the CVE: CVE-2008-1091: Microsoft patched an object parsing vulnerability in Microsoft Word. Affected software includes Office 2000, 2003 and 2007. Microsoft explains:...

Tags: Microsoft Word, Attacker, Microsoft Office, Vulnerability, Patch Management, Microsoft Corp., Zero Day Initiative, Security, Larry Dignan

Blog posts 2008-05-13

Microsoft patches Vista, Windows Server 2008, IE

Microsoft delivered 10 patches including six critical ones on Tuesday. Among the critical patches for Vista, Windows Server 2008 and Internet Explorer. Critical patches by the CVEs: CVE-2008-0083: Covers Windows Vista and Windows Server 2008. Microsoft says: "A remote code execution vulnerability...

Tags: Web, Attacker, Microsoft Windows Server, Vulnerability, Microsoft Internet Explorer, Microsoft Corp., Microsoft Windows Server 2008, Microsoft Windows, Security, Operating Systems, Software, Larry Dignan

Blog posts 2008-04-08

Microsoft delivers 12 patches to plug Office; 7 for Excel flaws

Microsoft on Tuesday delivered several patches to fix critical vulnerabilities in Office including a well-publicized Excel flaw. In the first bulletin (MS08-014), Microsoft addressed "several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially...

Tags: Microsoft Outlook, Vulnerability, Patch Management, Microsoft Corp., Flaw, Microsoft Excel, Microsoft Office, Office Suites, Software, Larry Dignan

Blog posts 2008-03-11