securityfocus

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

IP Spoofing: An Introduction

IP spoofing is one of the most common forms of on-line camouflage. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by "spoofing" the IP address of that machine. This paper...

Tags: IP, SecurityFocus, Network Technology, Networking

White papers 2003-03-11

ARIS Extractor 1.6 (Windows)

SecurityFocus ARIS Extractor is an IDS log analyzer, integrated with the SecurityFocus ARIS Analyzer web service. It parses your IDS logs (Snort, Cisco Secure IDS, Dragon, NetProwler, RealSecure, BlackICE defender, and ICEPac), converts them to a common xml format, strips IP addresses and identifying information, and uploads it to ARIS...

Tags: SecurityFocus, Security Focus, SecurityFocus ARIS Extractor, Microsoft Windows, Storage, Databases, Security, Operating Systems, Software, Hardware, Enterprise Software, Data Management

Software downloads 2002-01-11

Additional Resources

Microsoft bracing for malware attacks from embedded fonts

Not too worried here......Been using group policy for a long time with font downloads always being disabled for all users on my network. I am patching no doubt, but much less concerned knowing I have always had this blocked. I'm coveredno windoze , no threat.Again with the fear...

Tags: Microsoft Windows 7, Microsoft Windows Vista (Longhorn), Operating systems, font, Microsoft Windows, malware attack, Microsoft Windows XP, Microsoft Windows Vista, malware, Windows7, Microsoft Corp.

Discussion threads 2009-11-12

Firefox hit by multiple drive-by download flaws

Thank god I am still using 3.0.xxxI still don't understand why the need to make all things software larger and more featured. Also I will never understand why people rush to use the latest larger, bloated package...Bigger is always better......that's why we're fat! =DIE still more secure than FF...

Tags: Web browsers, Operating systems, Microsoft Windows, UNIX, Linux, Microsoft Internet Explorer, Mozilla Firefox, JavaScript, NoScript, Microsoft Corp., Web browser

Discussion threads 2009-10-28

Browser flaws expose users to man-in-the-middle attacks

Security researchers at Microsoft have found a way to break the end-to-end security guarantees of HTTPS without breaking any cryptographic scheme. During a research project (.pdf) concluded earlier this year, the Microsoft Research team discovered a set of vulnerabilities exploitable by a malicious proxy targeting browsers' rendering...

Tags: Flaw, Web Browser, Attack, Web Browsers, Internet, Ryan Naraine

Blog posts 2009-08-07

Hackers steer clear of Google Chrome, say too challenging

Hackers steer clear of Google Chrome, say too challengingi switchedAn FF user, I tried Chrome and now it is my main browser. Fast, sober, secure - no crash at all on Vista64. I still use FF for its plugins when testing web pages and keep IE7 and Safari for checking...

Tags: Web browsers, Chrome, Google Inc., Google Chrome, Mozilla Firefox, Web browser

Discussion threads 2009-03-23

Researchers demo BIOS attack that survives hard-disk wipe

A pair of Argentinian researchers have found a way to perform a BIOS level malware attack capable of surviving even a hard-disk wipe. The researchers -- Alfredo Ortega and Anibal Sacco from Core Security Technologies -- used the stage at last week's CanSecWest conference to demonstrate methods...

Tags: Hard Drive, Researcher, Attack, BIOS, Rootkits, Security, Hardware, Components, Spyware, Adware & Malware, Ryan Naraine

Blog posts 2009-03-23

WMP 12 toxic to certain MP3 files

WMP 12 toxic to certain MP3 filesIrony isthat even from your genuine sources you can't be sure it isn't compromised either! [url=http://www.securityfocus.com/news/480]Oops #1![/url][url=http://www.dgl.com/dglinfo/1996/dg961023.html]Oops #2![/url][url=http://www.theregister.co.uk/2001/04/25/microsoft_security_fixes_infected/]Oops #3![/url]3 strikes you're out! LOL so much for "genuine". More like genuine hassle to run Windows! ]:)Re: What do I think:Foolish to use it as the...

Tags: Digital music, Digital media, WMP, WMP 12, beta

Discussion threads 2009-01-05

Security will suffer in the financial crisis

As many of you already know, the anti-Midas touch of the financial crisis is spreading to the technology sector. Sequoia Capital, one of the largest VC funds in Silicon Valley, gave a presentation that pretty much said become profitable now or pack up and go home. Security seemed...

Tags: Financial, Security, Adam O'Donnell

Blog posts 2008-10-19

Feds bust P2P-based kiddie porn ring

From SecurityFocus: Federal law enforcement officials arrested seven men on Tuesday on charges related to child pornography, the latest arrests in an investigation of peer-to-peer networks that has led to 52 California residents charged or indicted this year. The investigation, spearheaded by the FBI's...

Tags: Child Pornography, P2P, Peer To Peer (P2P), Internet, Richard Koman

Blog posts 2008-08-19

Microsoft investigating NSlookup.exe flaw, reported attacks

Microsoft is investigating new public reports of a zero-day Windows vulnerability that's being exploited in the wild. According to a this SecurityFocus alert, the attacks are exploiting a remote code-execution vulnerability due to an unspecified error in NSlookup.exe, the command-line administrative tool used for testing and troubleshooting...

Tags: Vulnerability, Microsoft Corp., Attack, Flaw, Microsoft Windows XP Professional SP2, Access Snapshot Viewer, Security, ActiveX/COM/COM+/DCOM, Microsoft Windows, Software Development, Software/Web Development, Operating Systems, Software, Ryan Naraine

Blog posts 2008-08-15

Adobe ships critical PDF Reader, Acrobat patch

Adobe has shipped a critical update to patch a code execution vulnerability affecting multiple versions of its Reader and Acrobat products. According to Adobe's advisory, the flaw "could potentially allow an attacker to take control of the affected system." If you have Adobe...

Tags: Adobe Systems Inc., Adobe PDF, Adobe Acrobat, Adobe Acrobat Reader, Patches, Security, Ryan Naraine

Blog posts 2008-06-24

Adobe Flash zero-day exploit in the wild

[ See important update to this story here ] Malware hunters have spotted a previously unknown -- and unpatched -- Adobe Flash vulnerability being exploited in the wild. The zero-day flaw has been added to the Chinese version of the MPack exploit kit and...

Tags: Adobe Systems Inc., Vulnerability, Zero-day Bug, Security, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Ryan Naraine

Blog posts 2008-05-27

Word up to Linux fan boys: Multiple Linux flaws show that Linux also has kernel issues

Word up to Linux fan boys: Multiple Linux flaws show that Linux also has kernel issuesLet's find out.I'd like to know just what the similarities or lack there of will be in security issues when Linux replaces Windows as the OS of the people.Apple's dealing with this right nowTime to...

Tags: Operating systems, UNIX, OPEN SOURCE, SECURITY, Microsoft Word, Linux, Microsoft Corp., flaw, Microsoft Windows

Discussion threads 2008-05-01

More URI handler issues to come

Rob Carter, Billy Rios, and I have been blogging about and speaking at conferences like Black Hat and ToorCon all year on the subject of URI handler abuse.  One might think these types of flaws are soon to go away, but one look at SecurityFocus and FullDisclosure today and you can see...

Tags: Flaw, Security, Nathan McFeters

Blog posts 2008-04-25

Sun releases patch to address a number of serious vulnerabilities

Sun releases patch to address a number of serious vulnerabilitiesCross-platform drive-by downloads......brought to you by Sun!Link?!?A link would be nice so I could be sure I have the patches. The Java control panel update functionality did update when I asked it to but it says Version 6 Update 5...

Tags: Java, Operating systems, vulnerability, Nate, Sun Microsystems Inc., JRE-6 Update 5, Update 5

Discussion threads 2008-03-07

Secunia: It's not a flaw if it's a feature

When I reported on the Vocera certificate security bypass flaw, SecurityFocus picked up on it and created Bugtraq ID 27935 to warn their customers about the vulnerability.  I dropped a note to Secunia about the flaw but they seem to believe that a flaw is only a flaw if it...

Tags: Vocera Communications, Secunia, Flaw, Security, George Ou

Blog posts 2008-02-28

Why I run an open Wi-Fi network

Why I run an open Wi-Fi networkI share the bandwidth, tooI have gone on trips where I've used someone's home wifi for a quick e-mail or checking something like the location of a business or whatever, when I haven't been able to find a business giving an open WiFi Hotspot....

Tags: Wireless LANs, WIRELESS, Network technology, Wi-Fi, open Wi-Fi network, network, cable, Wi-Fi network

Discussion threads 2008-01-11

One year later, Vista really is more secure

One year later, Vista really is more secureSo, let me get this straight...Less patches released = more secure? Wow, I'd like to release my own operating system based on that premise. I'll be sure to put you on the top of my sales calls and promise to only...

Tags: Microsoft Windows Vista (Longhorn), operating system, Microsoft Windows Vista, Microsoft Windows XP, secure

Discussion threads 2007-10-31

German security shop challenges anti-hacker laws

Fed up with the "ambiguity and confusion" surrounding Germany's controversial anti-hacker laws, a private security research firm has put its hacking tools back online as part of a public test of the interpretation of the new law. n.runs AG, a well-known penetration testing shop that counts Microsoft...

Tags: Germany, Law, Tool, Phenoelit, Productivity, Security, Hacking, Ryan Naraine

Blog posts 2007-09-26