Sponsored White Papers, Webcasts, and Downloads
ZDNet Resources
- Hacker movements: Murphy joins Apple; Caceres to Matasano
- LAS VEGAS - On the heels of Google's hire of browser hacking whiz Michal Zalewski comes news that another well-known vulnerability researcher is moving over to the vendor side.Matthew Murphy, an outspoken hacker who is credited with several major flaw discoveries, has confirmed he is joining Apple as a product...
- Tags: Windows Vista, Vulnerability research, Viruses and Worms, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Mozilla, Microsoft, Hackers, Firefox, Exploit code, Data theft, Browsers, Botnets, Black Hat, Apple
- Blog posts 2007-08-01
- Remembering five years of vulnerability markets
- Guest Editorial by David EndlerWhile compiling some stats this week for our Zero Day Initiative two year anniversary, I came across this recent news article by the Associated Press, Researchers Seek Cash for Software Flaws. It's the latest in a long line of media coverage on the launch of...
- Tags: Botnets, Black Hat, Apple, Zero-day attacks, Wireless, Windows Vista, Wi-Fi security, Vulnerability research, Viruses and Worms, Symantec, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Data theft, Browsers
- Blog posts 2007-08-01
- Can Trend Micro's botnet identification service make a difference?
- Trend Micro today rolled out its SecureCloud software-as-a-service platform with a new Botnet Identification Service BIS to help find botnet command-and-control servers and block communications between them and the zombie PCs they control.Geared towards ISPs and enterprise customers, the botnet ID service can be used to block communication to/from command-and-control...
- Tags: Vulnerability research, Viruses and Worms, Symantec, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Microsoft, Passwords, Metasploit, McAfee, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets
- Blog posts 2007-07-30
- Mac worm rumors swirl; Dai Zovi ships unofficial Mac OS X patch
- Amidst unconfirmed rumors that anonymous hackers have created a worm that exploits an unpatched code execution flaw in Mac OS X Intel, a team of researchers have come up with a way to completely disable a buggy portion of the Mac code base.Led by Mac security guru Dino Dai Zovi...
- Tags: Zero-day attacks, Wi-Fi security, Vulnerability research, Spyware and Adware, Spam and Phishing, Rootkits, Punditocracy, Pen testing, Patch Watch, Passwords, Open source, Microsoft, Metasploit, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Apple
- Blog posts 2007-07-18
- Blocking (Internet Explorer) drive-by malware downloads
- Last week, I wrote about Haute Secure, a new browser toolbar promising to to block drive-by exploits from compromising Windows computers.The company, founded by four former Microsoft employees, has fitted behavior-based profiling algorithms into an Internet Explorer toolbar to identify and intercept malicious files in real-time.Currently available as a free...
- Tags: Zero-day attacks, Windows Vista, Wi-Fi security, Vulnerability research, Viruses and Worms, Spam and Phishing, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Passwords, Oracle, Microsoft, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets
- Blog posts 2007-07-17
- Symantec going private? It's not a crazy thought
- Jim Reavis at RiskBloggers.com has tossed out this doozy:This is only a rumor, if it were an actual event you would be instructed by the authorities where to redeem your SYMC stock. Multiple Friends of Risk Bloggers have told me that Symantec has been in talks with investors over...
- Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Symantec, Punditocracy, Patch Watch, Microsoft, McAfee, Exploit code, Data theft, Cisco, Browsers, Botnets
- Blog posts 2007-07-13
- Hackers raising funds for cancer research
- Hackers attending next month's Hack in the Box conference in Kuala Lumpur are pitching in to raise funds for the Malaysian National Cancer Council.Conference organizers plan to screen two indie films celebrating the hacker culture -- Freedom Downtime and Urchin -- and donate all the proceeds to cancer research. ...
- Tags: Black Hat, Botnets, Data theft, Exploit code, Hackers, Metasploit, Passwords, Patch Watch, Pen testing, Punditocracy, Responsible disclosure, Vulnerability research, Zero-day attacks
- Blog posts 2007-07-10
- The tip of the 0day iceberg
- Guest Editorial by Dave AitelThe story of modern computer security can never be told -- it's the story of the unknown. Right now, most people treat vulnerabilities as a constant stream of one-offs. In many real ways, the entire CVE database is the tip of an iceberg.In Singapore at...
- Tags: Apple, Black Hat, Botnets, Browsers, Data theft, Exploit code, Firefox, Google, Hackers, Metasploit, Microsoft, Patch Watch, Pen testing, Punditocracy, Responsible disclosure, Rootkits, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks
- Blog posts 2007-07-06
- Let users virtualize Vista because hypervisor rootkits are no threat
- Ryan Naraine is on vacation. Guest editorial by Thomas Ptacek Several weeks ago, reports surfaced that the threat of super-sophisticated "hypervisor malware" was preventing Microsoft from allowing their Windows Vista Home Edition operating system from running within virtualization software. Now, Microsoft may have a lot of good reasons for restricting...
- Tags: Windows Vista, Vulnerability research, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Microsoft, Hackers, Exploit code, Data theft, Browsers, Botnets, Black Hat, Apple
- Blog posts 2007-07-05
- The dark side of search engines
- Ryan Naraine is on vacation.Guest Editorial by Roger ThompsonAs a malware researcher, I spend the majority of my days days studying the dark side of the web, (is that a good job or what?), and one of the most interesting things I get to see are the weird, and sometimes...
- Tags: Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Punditocracy, Privacy, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Metasploit, McAfee, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets
- Blog posts 2007-07-04
- Operation Bot Roast: Too little too late
- * Ryan Naraine is on vacation. Guest Editorial by Dr Jose NazarioThe US FBI has kicked off Operation Bot Roast this summer with the goal of addressing the botnet problem. Hurray for them,it's good that something is being done. However, this is probably not going to stop the botnet problem, and maybe...
- Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Punditocracy, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Metasploit, Hackers, Firefox, Exploit code, Data theft, Browsers, Botnets
- Blog posts 2007-07-02
- OpenBSD founder: Intel leaves open-source out in the cold
- OpenBSD founder Theo de Raadt wants Intel to come clean on the severity of bugs in the Intel Core 2 processors, warning that some of the bugs "will *ASSUREDLY* be exploitable from userland code."de Raadt's comments follow Intel's release of a BIOS patch to cover potential unpredictable system behavior on...
- Tags: Botnets, Browsers, Data theft, Exploit code, Hackers, Metasploit, Open source, Patch Watch, Pen testing, Punditocracy, Responsible disclosure, Vulnerability research
- Blog posts 2007-06-28
- Rutkowska faces '100% undetectable malware' challenge
- At last year's Black Hat security conference, stealth malware researcher Joanna Rutkowska caused a stir with the introduction of Blue Pill, a new technology she claims can create malware that remains "100 percent undetectable."This year, a group of her peers will challenge Rutkowska to prove it, arguing that a...
- Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Open source, Microsoft, Metasploit, Hackers, Exploit code, Digital rights management, Data theft, Browsers, Botnets, Apple
- Blog posts 2007-06-27
- The iPhone security non-story
- David Maynor is hoarding his Safari browser flaws with his eyes on the iPhone.As far back as January, hackers were asking questions about the iPhone CPU and preparing for attack scenarios.The first hacker that breaks into the iPhone will generate lots of headlines/publicity but that's right about where this story...
- Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Passwords, Open source, Metasploit, Hackers, Exploit code, Digital rights management, Data theft, Browsers, Botnets, Apple
- Blog posts 2007-06-26
- Does Trillian have a crapware problem?
- StopBadware.org researcher Liana Mon has taken Cerulean Studios to task for bundling two third-party applications into the popular free Trillian IM client, arguing that users who are not careful during the Trillian installation process could end up with a crapware problem.During the installation process, the default setting is for Trillian...
- Tags: Vulnerability research, Viruses and Worms, Spyware and Adware, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Open source, Microsoft, Metasploit, Hackers, Exploit code, Data theft, Browsers, Botnets
- Blog posts 2007-06-19
- Microsoft security guru: Get fuzzing
- Orlando, Florida -- Microsoft security whiz Michael Howard is urging developers in the Windows ecosystem to adopt fuzz testing as a critical part of the software creation process, stressing that the use of fuzzers can dramatically reduce the number of potential security vulnerabilities.Howard, co-author of a book on Microsoft's mandatory...
- Tags: Zero-day attacks, Windows Vista, Vulnerability research, Responsible disclosure, Punditocracy, Piracy, Pen testing, Patch Watch, Passwords, Open source, Microsoft, Metasploit, McAfee, Hackers, Google, Firefox, Exploit code, Digital rights management, Data theft, Browsers, Botnets
- Blog posts 2007-06-05
- ActiveX flaw project hits Microsoft Office 2000
- This month's ActiveX flaw project has uncovered a potentially dangerous code execution hole in an ActiveX module in Microsoft Office 2000.The vulnerability details here is described as a buffer overflow in the "HelpPopup" function of the OUACTRL.OCX v. 1.0.1.9 module when processing an overly long value."Shinnai," the hacker behind...
- Tags: Botnets, Browsers, Data theft, Exploit code, Hackers, Metasploit, Microsoft, Open source, Patch Watch, Pen testing, Punditocracy, Responsible disclosure, Vulnerability research, Zero-day attacks
- Blog posts 2007-05-24
- Hackers in Seattle for Microsoft's Blue Hat, ToorCon
- White hat hackers have descended on Seattle for two semi-private security conferences where new attack and exploitation techniques are being discussed.The first is the Spring 2007 edition of Microsofts Blue Hat Security Briefings where researchers are invited to Redmond "to share knowledge and to educate and help protect customers against...
- Tags: Botnets, Browsers, Data theft, Digital rights management, Exploit code, Hackers, McAfee, Metasploit, Microsoft, Passwords, Patch Watch, Pen testing, Punditocracy, Responsible disclosure, Viruses and Worms, Vulnerability research, Wi-Fi security, Windows Vista, Zero-day attacks
- Blog posts 2007-05-10
- Mac hack challenge sparks (another tired) debate
- Like an old grandfather clock, the controversy surrounding last months CanSecWest MacBook hijack contest just keeps on ticking, loud enough to stick in your ear but so monotonous and tiring that its near impossible to perk up and listen. Just as Apple was releasing a patch for the QuickTime flaw,...
- Tags: Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Oracle, Open source, Microsoft, McAfee, Hackers, Google, Firefox, Exploit code, Data theft, Cisco, Browsers, Botnets, Apple, Spyware and Adware, Viruses and Worms, Vulnerability research, Wi-Fi security, Windows Vista, Zero-day attacks
- Blog posts 2007-05-08
- Microsoft, responsible disclosure, and that 2-year-old kernel flaw
- A few weeks ago, I wrote about a Windows kernel vulnerability that was reported to Microsoft on October 22, 2004 and remained unpatched for more than two years.This is a bug I've been following closely since last November when Cesar Cerrudo, the hacker who found it, got tired of waiting...
- Tags: Data theft, Browsers, Vulnerability research, Punditocracy, Pen testing, Hackers, Zero-day attacks, Viruses and Worms, Responsible disclosure, Patch Watch, Microsoft, Metasploit, Exploit code
- Blog posts 2007-04-09
White Papers and Webcasts
In this Super Techies interview, larger-than-life techie Marc Canter talks with ZDNet's Editor in Chief Dan Farber about his career as a multimedia pioneer.
"See how Intel is consolidating down to 8 global data center hubs through the use of consolidation, virtualization and standardization. The initiative is expected to save Intel $1.8B by project completion.
