Sponsored White Papers, Webcasts, and Downloads
ZDNet Resources
- Patch Tuesday: 7 bulletins, 18 flaws, all critical
- Its an all-critical Patch Tuesday.Microsoft has just released seven advisories -- all rated critical -- with patches for at least 18 vulnerabilities affecting the Windows operating system, the widely deployed Office productivity suite and the dominant Internet Explorer browser.Five of the 18 vulnerabilities affect Windows Vista.The batch of updates includes...
- Tags: Apple, Botnets, Browsers, Data theft, Exploit code, Hackers, Metasploit, Microsoft, Open source, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Spyware and Adware, Uncategorized, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks
- Blog posts 2007-05-08
- Botnet herders pounce on Windows DNS RPC flaw
- Online criminals have pounced on the unpatched Windows DNS Server service vulnerability, using the security hole to seed and replenish for-profit botnets.The latest twist in the ongoing attacks comes less than a week after Microsofts pre-patch advisory provided clues for hackers to write and release detailed exploit code.Anti-virus researchers have...
- Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Uncategorized, Symantec, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Microsoft, Metasploit, Hackers, Exploit code, Data theft, Browsers, Botnets
- Blog posts 2007-04-17
- Oracle Patch Day: 37 flaws fixed
- Oracle has released its quarterly "critical patch update" with fixes for a total of 37 security holes in its database and application server products.The April 2007 CPU addresses a wide range of vulnerabilities affecting the following product lines:* Oracle Database (14 flaws, including one with a CVSS base score of...
- Tags: Vulnerability research, Pen testing, Uncategorized, Responsible disclosure, Patch Watch, Oracle, Metasploit, Hackers, Exploit code, Data theft
- Blog posts 2007-04-17
- How to turn off RPC management of DNS on a large scale
- In an advisory issued earlier today, Microsoft issued several workarounds/mitigations for the Windows DNS server service zero-day attacks, including a recommendation that network admins completely disable remote management of RPC capability for DNS Servers.The recommendation included instructions on registry key edits but if youre in charge of a large-scale Windows...
- Tags: Zero-day attacks, Uncategorized, Responsible disclosure, Pen testing, Patch Watch, Microsoft, Metasploit, Hackers, Exploit code, Data theft, Browsers
- Blog posts 2007-04-13
- Microsoft: Beware of .HLP files
- Microsoft is urging Windows users to be very careful when opening ".hlp" attachments.The warning follows the release of exploit code for possible new zero-day bug in the Microsoft Help subsystem, which is used to display files with the ".hlp" extension. The proof-of-concept code, posted at Milw0rm.com, provides instructions on how...
- Tags: Zero-day attacks, Viruses and Worms, Spam and Phishing, Rootkits, Pen testing, Patch Watch, Microsoft, Hackers, Exploit code, Data theft, Vulnerability research, Uncategorized, Spyware and Adware, Responsible disclosure, Browsers
- Blog posts 2007-04-11
- Microsoft knew of Windows .ANI flaw since December 2006
- A private security research outfit says it notified Microsoft about the animated cursor (.ani) code execution vulnerability since December 2006, a full four months ahead of yesterday's discovery of Internet Explorer drive-by attacks.According to Alexander Sotirov, chief reverse engineer at Determina, his research team discovered and reported the flaw to...
- Tags: Zero-day attacks, Windows Vista, Vulnerability research, Uncategorized, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Mozilla, Microsoft, Hackers, Firefox, Exploit code, Data theft, Browsers, Botnets
- Blog posts 2007-03-30
- Black Hat RFID hacking demo threatened
- Another Black Hat conference, another vulnerability disclosure debate.IOActive's Chris Paget's plan to explain why RFID technology is "insecure and untrustworthy" has run into a legal stumbling block after secure card maker HID Corp. raised objections in a letter that claims possible patent infringement.InfoWorld's Paul Roberts is reporting that HID sent...
- Tags: Wi-Fi security, Pen testing, Black Hat, Exploit code, Responsible disclosure, Punditocracy, Cisco, Vulnerability research, Oracle, Hackers, Zero-day attacks, Uncategorized
- Blog posts 2007-02-27
- Symantec: Vista's UAC prompts can't always be trusted
- Microsofts implementation of the UAC user account control mechanism in Windows Vista continues to take a beating from security researchers. Less than a week after Polish hacker Joanna Rutkowska raised an alert for design -- and implementation -- bugs in the default no-admin component, a member of Symantecs Advanced...
- Tags: Black Hat, Data theft, Exploit code, Hackers, Microsoft, Pen testing, Punditocracy, Responsible disclosure, Uncategorized, Vulnerability research, Windows Vista
- Blog posts 2007-02-20
- Sun rushes out patch for Solaris Telnet exploit
- Sun Microsystems has rushed out patches to fix a code execution hole in the Solaris 10/11 telnet daemon (in.telnetd). The companys fix comes just days after a hacker known as "Kingcope" went public with details of the vulnerability, which allows a remote attacker to bypass the Sun Solaris telnet...
- Tags: Exploit code, Hackers, Patch Watch, Pen testing, Responsible disclosure, Uncategorized, Viruses and Worms, Vulnerability research
- Blog posts 2007-02-13
Additional Resources
- |)ruid and HD Moore release part 2 of DNS exploit
- [Updated 07/24/2008: Gallery images of diffs of code revisions has been included and will be updated as things change, see here.] Earlier today, noted researchers |)ruid and HD Moore released exploit code for the Metasploit tool for attacking the DNS flaw that was originally reported by Dan...
- Tags: DNS, Domain, Server, Entry, Exploit, NS, NS Record, Domain Names, Networking, Internet, Nathan McFeters
- Blog posts 2008-07-23
- Attack code published for DNS flaw
- The urgency to patch Dan Kaminsky's DNS cache poisoning vulnerability just went up a few notches. Exploit code for the flaw, which allows the insertion of malicious DNS records into the cache of the target nameserver, has been added to Metasploit, a freely distributed attack/pen-testing tool....
- Tags: Ryan Naraine
- Blog posts 2008-07-23
- Bausch & Lomb puts new CIO in charge of customer service
- Eye care company Bausch & Lomb has given its CIO the customer service reins. On Wednesday, the company named Alan Farnsworth, senior vice president of customer service and information technology and chief information officer. Cutting through the rather bloated title, it appears that Bausch & Lomb has...
- Tags: Customer Service, CIO, Bausch & Lomb Inc., Information Technology, Product Marketing, Customer Relationship Management (CRM), Marketing, Enterprise Software, Software, Larry Dignan
- Blog posts 2008-07-23
- Survey: Corporations hold out on Vista
- Sixty percent of IT administrators have no plans to deploy Vista despite service pack 1, which fixed the operating systems problems, according to a survey of 1,100 IT managers. The survey, conducted by KACE, which makes systems management appliances, found that there are 10 percent more holdouts...
- Tags: Operating System, Microsoft Windows Vista, Kace, Survey, Microsoft Windows Vista (Longhorn), Marketing Research, Operating Systems, Microsoft Windows, Software, Marketing, Larry Dignan
- Blog posts 2008-07-23
- McAfee debunks recent vulnerabilities in AV software research, n.runs restates its position
- Several days after blogging about a research conduced by n.runs AG that managed to discover approximately 800 vulnerabilities in antivirus products, McAfee issued a statement basically debunking the number of vulnerabilities found, and providing its own account into the number of vulnerabilities affecting its own products : "A recent...
- Tags: Software, McAfee Inc., Antivirus, Vulnerability, Vendor, Flaw, N.Runs, Dancho, Security, Viruses And Worms, Dancho Danchev
- Blog posts 2008-07-23
- News to know: Yahoo; VMware; Apple; DNS vulnerability
- Notable headlines: Ryan Naraine: Vulnerability disclosure gone awry: Understanding the DNS debacle RIM ships fix for BlackBerry code execution bug Dancho Danchev: Georgia President's web site under DDoS attack from Russian hackers 75% of online banking sites found vulnerable to security design...
- Tags: Apple iPhone, Google Inc., Larry Dignan, DNS, Yahoo! Inc., Vulnerability, Dana Blankenhorn, Health Care, Apple Inc., VMware Inc., App Store, Banking, Vertical Industries, Domain Names, Benefits, Healthcare, Security, Financial Services, Enterprise Software, Software, Internet, Human Resources
- Blog posts 2008-07-23
- Is this the New Apple?
- PowerPage podcaster Youngmoo Kim relays his experience with trying to get an iPhone 3G and on being an "IRU" Individual Responsible User. Apple just doesn't want me to have an iPhone 3G. After a few half-hearted attempts bailing at the sight of long lines, I spent about two hours...
- Tags: Apple iPhone, Apple Inc., IRU, 3G, Cellular Phones, Wireless, Consumer Electronics, Personal Technology, Jason D. O\'Grady
- Blog posts 2008-07-22
- SanDisk reports loss; stock takes beating after-hours
- SanDisk reports loss; stock takes beating after-hoursYawn...Well you almost managed to finish a blog without somehow mentioning iPhone, but you couldn't quite manage it. Sure the iPhone must be responsible for the downturn in memory card sales, heck they sold a million of them. Who cares if Nokia sold almost...
- Tags: Flash memory, Cyberthreats, Microsoft Windows, S3 Inc., SanDisk Corp., Apple iPhone, virus, stock
- Discussion threads 2008-07-22
- A look at the recent Firefox 3 vulnerability
- True to form, Billy Rios promised a more in depth look at the MSFA2008-35 vulnerability which is another protocol handler flaw in Firefox 3. As previously reported here, this was another protocol handler flaw that led to arbitrary remote command execution, and is especially dangerous since it can be deployed...
- Tags: Mozilla Firefox 3.0, Mozilla Firefox, Apple Safari, Vulnerability, Protocol Handler, Firefox3, Security Decision, Web Browsers, Security, Internet, Nathan McFeters
- Blog posts 2008-07-22
- Vulnerability disclosure gone awry: Understanding the DNS debacle
- Vulnerability disclosure gone awry: Understanding the DNS debacleI think he deserved better for sureYou know, Dan does manipulate the media well, but I'll tell you this, he's a stand-up guy. Did he try to drum up the press a bit? Sure, why not? Did he choose his...
- Tags: Domain names, Advertising & Promotion, Dan, DNS
- Discussion threads 2008-07-22
- Vulnerability disclosure gone awry: Understanding the DNS debacle
- On July 7, the day before the release of the patch for the now infamous DNS design flaw, hacker Dan Kaminsky with the help of Black Hat conference organizers invited reporters to a press conference to "discuss the massive multivendor patch being released this Tuesday." "A synchronized...
- Tags: Black Hat, DNS, Conference, Dan Kaminsky, Thomas Ptacek, Domain Names, Patches, Security, Networking, Internet, Ryan Naraine
- Blog posts 2008-07-22
- << Previous
- page 1 of 1
- Next >>
White Papers and Webcasts
"Collaboration: Transforming the Way Business Works", a new study from the Economist Intelligence Unit. Find this informative report along with free videos podcasts and more, availibe courtesy of Cisco.
Tasty Baking’s new LEED factory
0:57
Tasty Baking CIO: Brendan O’Malley
Balancing act: innovation vs. reliability
1:28
Facebook VP of technical operations: Jonathan Heiliger
Securing data at E-Loan
1:47
E-Loan CIO: Jay Shah
When crops are scarce
1:47
Del Monte Foods CIO: Marc Brown
