zero day initiative

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Microsoft plugs Office leaks; Delivers 4 critical patches

Microsoft on Tuesday delivered four critical patches for vulnerabilities Office and Windows XP. There were six patches delivered. Here's a look by the CVE: CVE-2008-1091: Microsoft patched an object parsing vulnerability in Microsoft Word. Affected software includes Office 2000, 2003 and 2007. Microsoft explains:...

Tags: Microsoft Word, Attacker, Microsoft Office, Vulnerability, Patch Management, Microsoft Corp., Zero Day Initiative, Security, Larry Dignan

Blog posts 2008-05-13

MacBook Air falls in two minutes at PWN 2 OWN

MacBook Air falls in two minutes at PWN 2 OWNthe detailshere is more info:http://dvlabs.tippingpoint.com/blog/2008/03/27/day-two-of-cansecwest-pwn-to-own---we-have-our-first-official-winner-with-pictureRE: MacBook Air falls in two minutes at PWN 2 OWNThat's a little sad since Mac's claim to fame is a low vulnerability to such things. Pretty soon they'll have to play ball with antivirus software...

Tags: Notebooks, PWN 2 OWN, MacBook Air, Apple MacBook, exploit, Zero Day Initiative

Discussion threads 2008-03-27

MacBook Air falls in two minutes at PWN 2 OWN

The MacBook Air fell in two minutes at the CanSecWest security conference's PWN 2 OWN. According to Infoworld, Charlie Miller won the $10,000 prize. Under the contest rules, organizers offered Sony Vaio, Fujitsu U810, and the MacBook as prizes. On day 1 no one won because they...

Tags: Apple Safari, Vulnerability, Apple MacBook, Apple Inc., Charlie Miller, Zero Day Initiative, Notebooks, Hardware, Notebooks & Tablets, Larry Dignan

Blog posts 2008-03-27

Additional Resources

Coca-Cola Teaches The World To....

"Participating in the community of the consumer." I love that phrase.  That's the way Jim Keyes, Blockbuster CEO described their Facebook group - which is for the most part, despite all our conversations to the contrary, is what most people think of when you say "community" or "social network"...

Tags: Facebook, Fan, Coca-Cola Co., Beverage, Customer, Machine, Coke, Coca-Cola Freestyle, Food & Beverage, RFID, Manufacturing, Wireless And Mobility, Security, Biometrics, Paul Greenberg

Blog posts 2009-07-15

Apple Safari jumbo patch: 50 vulnerabilities fixed

Apple Safari jumbo patch: 50 vulnerabilities fixedOf interestAdvisory here:http://support.apple.com/kb/HT3613TippingPoint's Zero Day Initiative credited with three CVE's.The big headline one exploiting SVG animation elements:CVE-ID: CVE-2009-1709Anyone want to beton which vendor will take the top spot of most vulnerable 2009? With this speed Apple is clearly going for the gold.The most...

Tags: vulnerability, Apple Inc., Apple Safari

Discussion threads 2009-06-08

Adobe plans quarterly Patch Day for Reader/Acrobat fixes

Borrowing a few pages from Microsoft's playbook, Adobe today announced plans for a quarterly Patch Day for its Reader/Acrobat product lines and new initiatives to beef up its code hardening and security response processes. Starting this summer, Adobe Reader and Acrobat security patches will be released on...

Tags: Adobe Systems Inc., Adobe SPLC, Security, Ryan Naraine

Blog posts 2009-05-20

News to know: Intel; WiMax, Oracle; Craigslist; Apple's WWDC

Here are today’s notable headlines. You can get News To Know via email alert and RSS daily.  For continuous updates see BNET’s around-the-Web tech coverage. Andrew Nusca: EC: Intel 'abused dominant position' vs AMD; fined record $1.45 billion in antitrust case Adrian Kingsley-Hughes: EU...

Tags: Larry Dignan, Craigslist, Richard Koman, WWDC, Oracle Corp., Apple Inc., Sam Diaz, Intel Corp., Virtualization, WiMAX, Corporate Law, Netbooks, Nettops & MIDs, Security, Hardware, Wireless And Mobility, Business Operations

Blog posts 2009-05-14

Mozilla kills Firefox Pwn2Own bug

Mozilla has won the race among browser makers to fix code execution holes exploited during this year's CanSecWest Pwn2Own hacker contest. The open-source group today shipped Firefox 3.0.8 with fixes for two separate vulnerabilities, including a drive-by download issue used by a hacker named "Nils" to win...

Tags: Mozilla Firefox, Vulnerability, Mozilla Corp., Community Member, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-03-27

Questions for Pwn2Own hacker Charlie Miller

VANCOUVER, BC -- At the CanSecWest security conference here, I got a chance to sit down with Charlie Miller, the researcher who broke into a fully patched MacBook machine using a Safari code execution vulnerability. We discuss the state of Web browser security, the vulnerability marketplace and...

Tags: Apple Macintosh, Mozilla Firefox, Apple Safari, Vulnerability, Bug, Microsoft Internet Explorer, Google Chrome, Hacker, Exploit, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-03-19

MacBook and Safari succumb to hackers

Charlie Miller came to Vancouver's CanSecWest security conference to defend his title in the PWN 2 OWN hacking contest. Last year Miller took home the MacBook Air and a $10,000 cash prize Thursday after breaking into the machine. This year Miller's MO was the same, bring the...

Tags: Apple Safari, Apple MacBook, Hacker, Notebooks, Hacking, Security, Hardware, Notebooks & Tablets, Jason D. O'Grady

Blog posts 2009-03-19

Pwn2Own 2009: Safari/MacBook falls in seconds

[ UPDATE: IE 8 and Safari also fall ] VANCOUVER, BC -- Charlie Miller has done it again.  For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple's Safari browser. ...

Tags: Apple Safari, Apple MacBook, Microsoft Internet Explorer, Web Browsers, Notebooks, Security, Internet, Hardware, Notebooks & Tablets, Ryan Naraine

Blog posts 2009-03-18

Mozilla plugs Firefox code execution holes

Mozilla today shipped Firefox 3.0.7 with fixes for at least eight security flaws, some rated critical. The most serious of the vulnerabilities could be exploited by attackers to run code and install software, requiring no user interaction beyond normal browsing, Mozilla warned in...

Tags: Mozilla Firefox, Vulnerability, Web Browser, Mozilla Corp., Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2009-03-04

Microsoft: Third party apps killing our security

Why would hackers target Microsoft directly when there is so much low hanging fruit hanging from the Windows operating system? The short answer is that hackers won't attack Microsoft directly because they have plenty of alternatives via third party applications such as QuickTime, RealPlayer and WinZip. That's...

Tags: Microsoft Windows Vista, Microsoft Corp., Web Browser, Third Party Application, Chances, Microsoft Windows Vista (Longhorn), Security, Operating Systems, Microsoft Windows, Software, Larry Dignan

Blog posts 2008-11-03

News to know: Black market zero days; Microsoft security; BlackBerry Bold; SAP

Here are today’s notable headlines. You can get News To Know via email alert and RSS daily: Dancho Danchev: Black market for zero day vulnerabilities still thriving Spammers targeting Bebo, generate thousands of bogus accounts Larry Dignan: Microsoft: Third party apps...

Tags: Security, Facebook, Larry Dignan, Information Technology, Dana Blankenhorn, SAP AG, RIM BlackBerry, Microsoft Corp., BlackBerry Bold, Microsoft Windows, Smart Phones, Cloud Computing, Linux, Operating Systems, Handhelds, Software, Consumer Electronics, Personal Technology, Hardware

Blog posts 2008-11-03

Microsoft tries to lure more searchers with another giveaway

Microsoft tries to lure more searchers with another giveawayRE: Microsoft tries to lure more searchers with another giveawayOdd way to grow share by limiting the number of people who can join. You're assuming that you need to pay them to search with you a dangerous precedent and by limiting...

Tags: SEARCH, Web browsers, Microsoft Corp., Microsoft Live Search, search engine, Microsoft Tries, giveaway, searcher, Microsoft Internet Explorer

Discussion threads 2008-10-01

Ruminating on Chrome

On an otherwise non news day, the comic book launch of Chrome by Google has got the digital ether all aglow with excitement. I can only shrug. Despite the thinking this is 'big news' and garnering mainstream media attention at both the WSJ and the UK's Guardian, I can't see...

Tags: Google Inc., Microsoft Corp., Chrome, Web Browsers, Open Source, Internet, Dennis Howlett

Blog posts 2008-09-01

More security holes appear in Microsoft Office

In addition to this long list of missing Microsoft patches, there are at least three serious unpatched vulnerabilities in the Microsoft Office productivity suite. On August 12, the same day Microsoft released a slew of Office patches, TippingPoint's DV Labs published a bare-bones advisory warning about a...

Tags: User Interaction, Vulnerability, Microsoft Corp., Microsoft Office, Security, Office Suites, Software, Ryan Naraine

Blog posts 2008-08-21

Exploits, vulnerabilities, and questions

Exploits, vulnerabilities, and questionsIt is cooking with love.The person works for MS, and even a "stock" install without all the optional packages still contains hundreds and hundreds of applications. More to the point, however, I think a carefully crafted criteria was enforced that skewed things in a positive...

Tags: Patches, Linux, Microsoft Windows Vista (Longhorn), Microsoft Corp., security, patch management, vulnerability, Microsoft Windows XP, Microsoft Windows Vista

Discussion threads 2008-08-16

Where on earth are these Microsoft patches?

Lost in the shuffle of this month's Patch Tuesday barrage is the fact that a critical vulnerability in the ever-present Windows Media Player WMP was not fixed "because of a last minute quality issue." Microsoft originally listed the WMP update in the advance notice for August but,...

Tags: Vulnerability, Patch Management, Microsoft Internet Explorer, Microsoft Corp., Microsoft Windows, Web Browsers, Operating Systems, Software, Internet, Ryan Naraine

Blog posts 2008-08-14

Apple releases patches for dangerous QuickTime flaws in Apple TV 2.1 product

Apple released patches for its Apple TV 2.1 product yesterday. Some of you might be saying, why do I care, I don't use Apple TV. Well, if you do use Apple TV, you obviously should care as some of these are very serious flaws, but if you don't,...

Tags: Apple QuickTime, Movie, Patch Management, Apple Inc., Issue, Apple TV, Arbitrary Code Execution, Flaw, IMPACT, CVE-ID, Application Termination, Nathan McFeters

Blog posts 2008-07-11