vulnerabilities

Wed
09
Sep
Dennis Faas's picture

Zero-day Attack

A zero-day or "0day" attack is a computer threat that tries to exploit computer application vulnerabilities for which no security fix is yet available. Zero-day exploits are used by attackers before the software vendor knows about the vulnerability. ... The term derives from the age of the exploit. When a vendor becomes aware of a security hole, there is a race to close it before attackers discover it or the vulnerability becomes public. A "zero day" attack occurs on or before the first or "zeroth" day of vendor awareness, meaning the vendor has not had any opportunity to disseminate a security ... (view more)

Wed
09
Sep
Dennis Faas's picture

MS Patch Tuesday Leaves 3 Critical Flaws Unaddressed

Microsoft yesterday released a package of five Security Bulletins offering fixes for a total of eight vulnerabilities. While it's news worth celebrating, unfortunately the software company has also failed to address three other zero-day ... vulnerabilities . Browse And Get Owned, Drive-By Attacks Addressed All five of the Security Bulletins Microsoft has addressed were outlined in September and deemed "critical" -- the highest level of concern. Three out of five of the issues taken care of by Microsoft fix issues associated with "browse-and-get-owned" attacks, otherwise known as " drive-by" ... (view more)

Fri
07
Aug
Dennis Faas's picture

Java SE6 Update Fixes Exploit Linked to ActiveX Flaw

Java SE6 is set to receive what is being called "significant security patches." The need for repair came after the US-CERT (United States Computer Emergency Readiness Team) warned that a number of vulnerabilities were in existence, allowing ... potential hackers to bypass authentication methods and execute arbitrary codes. One flaw exposes Java's audio system; if left unpatched, online deviants could be given access to a computer system without authorization. Another exploit provides root access to a vulnerable machine. Java Exploit Linked to ActiveX The most prominent flaw to be patched is ... (view more)

Wed
04
Feb
Dennis Faas's picture

UAC Vulnerability Found in Windows Vista

A new analysis claims that over 90% of the Windows security vulnerabilities reported last year were made worse by users logged in with administrative privileges -- an issue Microsoft has been hotly debating recently. BeyondTrust Corp. (BTC), a ... software development company specializing in enterprise rights management, has indicated that the act of giving users administrative rights may leave systems more open to risk. The report issued by BTC was prepared by assessing security vulnerability bulletins released by Microsoft in 2008, and identifying specific "mitigating factors" (those that could ... (view more)

Fri
15
Feb
Dennis Faas's picture

Criminals Pay High Price To Keep Security Vulnerabilities Hidden

The annual "X-Force" report, recently released by Internet Security Systems ( ISS ), part of IBM Corp., says 6,437 security flaws were acknowledged in 2007 by network and software vendors, down 5.4 percent from 2006. (Source: com.au ) While computer ... security vulnerabilities decreased last year, security researchers are cautioning that there has been no improvement in web safety. ISS Chief Technology officer Chris Rouland said that in at least 10 years of counting he had not seen that figure drop. Rouland suggests that the 2007 number of vulnerabilities reported would have been higher if a ... (view more)

Tue
12
Feb
Dennis Faas's picture

Windows Vista Service Pack 1 Replaces Vista Kernel

One of the 'big' features reportedly discussed in the early speculation surrounding Windows Vista Service Pack 1 (SP1) was a kernel upgrade that would supposedly bring Windows Vista into line with the Longhorn kernel used in Windows Server 2008. ... Little if any mention has been made by Microsoft about the kernel update, even as Vista SP1 goes RTM (released to manufacturing). The kernel was updated, but Microsoft appears to be more keen to promote the improvements and enhancements to Vista rather than placing emphasis on a kernel upgrade, which might be seen as a risk to stability. Windows Vista ... (view more)

Tue
29
Jan
Dennis Faas's picture

Once Again Microsoft Says Windows Vista 'Most Secure'

Trying to sway public opinion about a flailing product, Microsoft has reportedly once again boasted about the security of Windows Vista, claiming that the operating system had 36 vulnerabilities in its first year compared to the 65 found in Windows ... XP during that same period. Analysts remain skeptical. "I think that it's fair to say that Windows Vista is proving to be the most secure version of Windows to date. Our investments in the SDL (Security Development Lifecycle) and our defense in depth approach to building Windows Vista seem to be paying off," wrote Austin Wilson in a recent ... (view more)

Wed
15
Mar
Dennis Faas's picture

Keeping Spies Out, Part 2

This entry is the second part of a three part series on spyware prevention tips. In the first article , I overviewed an excellent (and free!) tool called SpywareBlaster whose sole purpose is to prevent the installation of spyware on your computer. ... SpywareBlaster is lightweight, easy-to-use, and continually updated. Today I'm going to share a second spyware prevention tip. Are you ready? Spyware Prevention Tip #2 - Stop Using Internet Explorer Fact: Some popular forms of spyware specifically target vulnerabilities associated with Microsoft Internet Explorer. Fact: Internet Explorer has a ... (view more)

Pages

Subscribe to RSS - vulnerabilities