vulnerability disclosure

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Windows security rendered useless? Uh, not exactly

Oh dear. The Chicken Little contingent is out in full force. Break out your Kevlar helmets, everyone, because the sky is falling on Windows! At last week’s Black Hat conference in Las Vegas, researchers Alexander Sotirov and Mark Dowd presented a paper that outlined some new attack vectors they had...

Tags: Black Hat, Attacker, Windows Security, Vulnerability, Microsoft Windows Vista, Defense, Memory Protection, Vulnerability Disclosure, Microsoft Windows, Microsoft Windows Vista (Longhorn), Security, Operating Systems, Software, Ed Bott

Blog posts 2008-08-11

Additional Resources

Microsoft confirms 'detailed' Windows 7 exploit

Ummm interesting....so just block 139 and 445...445? great that port aggain.Is SMB blocked to/from internet by th firewall by default?RE: Microsoft confirms 'detailed' Windows 7 exploitPorts 139 and 445 are blocked by default for Internet access by Windows firewall in Windows 7 and any commerical hardware firewall. They are enabled...

Tags: Firewalls, SMB/SME, SMB protocol, Microsoft Windows 7, firewall, Windows 7 exploit, Microsoft Windows, small and medium business, Microsoft Windows Vista, operating system, Microsoft Corp.

Discussion threads 2009-11-16

Microsoft probing Windows 7 zero-day hole

Microsoft said it is looking into a report of a vulnerability in Windows 7 and Server 2008 Release 2 that could be used by an attacker to remotely crash the computer. Microsoft said on Wednesday it is looking into a report of a vulnerability in Windows 7 and Server...

Tags: Vulnerability, Microsoft Corp., Server Message Block, Microsoft Windows 7, Microsoft Windows, Security, Operating Systems, Software, Microsoft, attack, zero day, Elinor Mills CNET News

News items 2009-11-12

Counting vulnerabilities is pointless

Suddenly it doesn't matter any more? Vulnerability count is an indication of software qualityIt goes directly to the process the vendor went through to root out vulnerabilities before shipping. At least if you compare products with the same general purpose and which receives the same amount of scrutiny.Time to fix...

Tags: Web browsers, Cyberthreats, Spyware, adware & malware, SECURITY, Mozilla Firefox, vulnerability, Microsoft Internet Explorer, malware, risk period

Discussion threads 2009-11-09

News to know: E-readers; Web OS and IT; VMware; Cisco

Here are today’s notable headlines. You can get News To Know via email alert and RSS daily. For continuous updates see BNET’s around-the-Web tech coverage. Dion Hinchcliffe: How the Web OS has begun to reshape IT and business Oliver Marks: Course Credits as a...

Tags: E-reader, Sony Corp., Google Inc., Web, Virtualization, Information Technology, Amazon.com Inc., VMware Inc., Microsoft Corp., Cisco Systems Inc., Camera, E-books, Open Source, Personal Technology, Larry Dignan

Blog posts 2009-09-08

Adobe plugs critical ColdFusion, JRun vulnerabilities

Adobe's never-ending run on the security treadmill hit a new gear this week with the release of patches to cover serious vulnerabilities in the ColdFusion and JRun web design and development platforms. The patches, rated critical, cover a total of 7 vulnerabilities, some of which "could lead...

Tags: Adobe Systems Inc., Macromedia JRun, Allaire ColdFusion, Vulnerability, XSS, Cross-site Scripting Vulnerability, Development Tools, Software Development, Software/Web Development, Ryan Naraine

Blog posts 2009-08-18

Microsoft: Exploits likely for 'critical' Windows vulnerabilities

Who cares if exploit code will be released in the futureAs long as it is patched before the exploits are out, the exploits no longer count. Or something like that.Cue the double standards...PS I wonder which one of these was labeled "Bulletin 3" in the pre-patch announcement? According to some...

Tags: Patches, SECURITY, Microsoft Windows, exploit, patch, Microsoft Corp., LUA

Discussion threads 2009-08-11

Adobe Flash zero-day attack underway; Harden PDF Reader immediately

Malicious hackers have found a new vulnerability in Adobe's ever-present Flash software and are using rigged PDF documents to launch exploits against Windows targets. The Adobe Flash Player flaw, which is currently unpatched, affects millions of Windows XP and Windows Vista users.  Adobe has acknowledged a "potential...

Tags: Adobe Systems Inc., Adobe PDF, Adobe Acrobat, Adobe Acrobat Reader, Exploit, Zero-day Bug, Security, Ryan Naraine

Blog posts 2009-07-22

ImageShack hacked by anti-full disclosure movement

ImageShack hacked by anti-full disclosure movementImageShack should have used Linuxas this would be a non-issue.There's no guarantee with shareThese sites just make it fun for people to enjoy the Internet.RE: ImageShack hacked by anti-full disclosure movementI do not agree with AntiSec. I believe that it is the responsibility of...

Tags: SECURITY, Full-Disclosure, ImageShack, disclosure movement

Discussion threads 2009-07-13

ImageShack hacked by anti-full disclosure movement

During the weekend, ImageShack, among the Web's top ten most popular free image hosting services got compromised, with the millions of images hosted on it redirected to a single one explaining why it was hacked. The anti-sec group responsible for the compromise describes itself as a "movement...

Tags: Web, Malware, Exploit, Zero-day Bug, Spyware, Adware & Malware, Channel Management, Cyberthreats, Security, Viruses And Worms, Marketing, Dancho Danchev

Blog posts 2009-07-13

What Corporate Sustainability can learn from twitter, Robert Scoble & Iran

[caption id="attachment_763" align="alignleft" width="300" caption="Amanpour: A little more Davos & Friend Feed, a little less Damascus & live feed?"][/caption] The celebrated celebrity blogger, Robert Scoble, is ticked off with CNN over its weak coverage of the Iran election and aftermath. In his most recent blog post -'The day Twitter kicked...

Tags: Sustainability, Social Media, CNN, James Farrar

Blog posts 2009-06-22

Microsoft patches 31 Windows, IE, Office security holes

Microsoft's batch of patches this month is a big one: 10 bulletins covering a total of 31 documented vulnerabilities affecting the Windows OS, the Internet Explorer browser and the Microsoft Office productivity suite (Word, Works and Excel). Five of the 10 bulletins are rated "critical," Microsoft's highest...

Tags: Microsoft Word, Microsoft Windows Server, Window, Vulnerability, Microsoft Internet Explorer, Microsoft Corp., Microsoft Windows Server 2003, Microsoft Windows, Security, Microsoft Office, Operating Systems, Software, Office Suites, Ryan Naraine

Blog posts 2009-06-09

Apple Patch Day: 67 Mac OS X, Safari vulnerabilities

Apple Patch Day: 67 Mac OS X, Safari vulnerabilitiesHow about being a real journalistand giving us a count of patches in third-party open source components as opposed to actual OS X patches.One of the big complaints against Apple is that they are slow to update open source patches. So instead...

Tags: Patches, SECURITY, Operating systems, Apple Mac OS X, Apple Macintosh, Apple Safari, Apple Mac OS, OSX, Apple Inc., vulnerability, patch management, operating system

Discussion threads 2009-05-12

Critical security hole in Google Chrome

Critical security hole in Google ChromeDoes the sandboxing mitigate the problem?[i]A failure to properly validate input from a renderer tab process could allow an attacker to crash the browser and possibly run arbitrary code with the [b]privileges of the logged on user[/b].[/i]Does this apply to v1.x alone or also to...

Tags: Web browsers, Viruses and worms, Google Chrome, Google Inc., Web browser, Apple Inc., vulnerability, Chrome, security

Discussion threads 2009-05-06

Election industry fights open source like it is 1999

Election industry fights open source like it is 1999Correction: change the insecure in previous posting to secureReally got to look closer at what I post.I have to agree that the electronic election industryNeeds some severe reform, if not the hammer brought down on them. I was ALWAYS suspicious as to...

Tags: Companies, election industry, open source, TRANSPARENCY

Discussion threads 2009-04-21

Cisco IOS patch day covers multiple vulnerabilities

Cisco has shipped a batch of patches to cover multiple vulnerabilities affecting IOS, the software that powers the vast majority of Cisco's routers and switches. In all, the company released 8 separate advisories with warnings for information disclosure, privilege escalation, denial-of-service vulnerabilities. The...

Tags: Denial Of Service, Cisco IOS, Device, Cisco IOS Software, Vulnerability, Cisco Systems Inc., Security, Ryan Naraine

Blog posts 2009-03-25

MacBook and Safari succumb to hackers

Charlie Miller came to Vancouver's CanSecWest security conference to defend his title in the PWN 2 OWN hacking contest. Last year Miller took home the MacBook Air and a $10,000 cash prize Thursday after breaking into the machine. This year Miller's MO was the same, bring the...

Tags: Apple Safari, Apple MacBook, Hacker, Notebooks, Hacking, Security, Hardware, Notebooks & Tablets, Jason D. O'Grady

Blog posts 2009-03-19

CanSecWest: Caution, community at play

Guest editorial by Sarah Blankinship CanSecWest, in beautiful Vancouver BC, is one of my favorite conferences each year. It’s a cozy little security con that brings together security researchers from all parts of the security ecosystem. Like a PhNeutral or a BlueHat, one never quite knows what...

Tags: Contest, Microsoft Corp., Security, Ryan Naraine

Blog posts 2009-03-18

Pwn2Own 2009: Safari/MacBook falls in seconds

[ UPDATE: IE 8 and Safari also fall ] VANCOUVER, BC -- Charlie Miller has done it again.  For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple's Safari browser. ...

Tags: Apple Safari, Apple MacBook, Microsoft Internet Explorer, Web Browsers, Notebooks, Security, Internet, Hardware, Notebooks & Tablets, Ryan Naraine

Blog posts 2009-03-18

What is security transparency?

Guest editorial by Andrew Storms Transparency is a common theme in politics and Wall Street these days. The 2008 elections, dealings of TARP, financial institutions run a-muck are all places where we hear the word transparency bandied about on a daily basis. While many security professionals speak...

Tags: Information Security, Microsoft Corp., Transparency, Consumer, Security, Ryan Naraine

Blog posts 2009-03-05