vulnerability

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

'Dumbing down' the security profession

* Ryan Naraine is traveling. Guest editorial by Shyama Rose The market for the development and implementation of source code analysis static and dynamic tools is swelling. Companies are increasingly relying on source code analysis tools to identify security-related vulnerabilities. The demand and reliance...

Tags: Analysis Tool, Vulnerability, Analysis, Tool, Productivity, Security, Ryan Naraine

Blog posts 2008-12-01

Google: no evidence of a Gmail vulnerability

Following the speculations on the resurrection of what's thought to be an already fixed Gmail flaw which could assist in domain name hijackings, yesterday Google commented that their investigation indicated that the recent domain hijacks should be attributed to a phishing campaign, rather than to a Gmail flaw. The phishers...

Tags: Google Inc., Google Gmail, Attacker, Vulnerability, Phishing, Cyberthreats, Spam, E-mail Providers, Security, Viruses And Worms, Spam And Phishing, Internet, Dancho Danchev

Blog posts 2008-11-26

VoIP vulnerabilities in Microsoft Communicator

Researchers at VoIPshield Labs have pinpointed a wide range of denial-of-service vulnerabilities in Microsoft Communicator, the unified communications that features business-grade instant messaging , voice, and video tools. The flaws, rated "high severity," could cripple VoIP-powered communications on Office Communications Server 2007, Office Communicator and Windows Live Messenger....

Tags: Denial Of Service, VoIP, Vulnerability, Microsoft Corp., Security, Ryan Naraine

Blog posts 2008-11-17

Firefox security makeover: 11 vulnerabilities, 4 critical

 Mozilla has released a new version of its flagship Firefox browser to fix a total of 11 vulnerabilities that expose users to code execution, information stealing or denial-of-service attacks. Four of the 11 flaws covered with the new Firefox 3.0.4 are rated "critical" because of the risk...

Tags: Mozilla Firefox, Vulnerability, JavaScript, Web Browser, Mozilla Corp., Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2008-11-12

Google fixes critical XSS vulnerability

All your accounting data are not belong to us. Hours after a proof of concept example detailing a XSS vulnetability at Google's account login page was posted at the XSS Project's clearing house, the company quickly took notice and fixed it. "Security researcher "Xylitol" is...

Tags: Google Inc., Vulnerability, XSS, XSSed, Security, Dancho Danchev

Blog posts 2008-11-12

MS Patch Tuesday: Critical Windows, Office flaws fixed

Microsoft's scheduled batch of patches for November crossed the wires today with fixes for at least four documented vulnerabilities affecting millions of Windows and Office users. As previously reported, the company released two security bulletins -- one rated critical, one rated important -- with fixes for flaws...

Tags: Web, Attacker, Microsoft Office, Flaw, Vulnerability, Microsoft Windows, Microsoft Corp., Security, Ryan Naraine

Blog posts 2008-11-11

'Highly critical' vulnerabilities in VLC media player

'Highly critical' vulnerabilities in VLC media player'Highly critical' vulnerabilities in VLC media playerThat is funny, I just upgraded to 0.9.4 yesterday from 0.8.6i. How long until we see a 0.9.6 build for us Windows users? They haven't released a 0.9.5 for Windows due to lack of developers for...

Tags: VLC Media Player, vulnerability

Discussion threads 2008-11-07

'Highly critical' vulnerabilities in VLC media player

A pair of "highly critical" vulnerabilities in the cross-platform VLC Media Player could put millions of users at risk of remote code execution attacks, according to a warning from security researchers. The issues, reported in versions 0.5.0 through 0.9.5, could let hackers take complete control of compromised...

Tags: Vulnerability, Buffer-overflow, Media Player, Media Players, Security, Digital Music, Digital Media, Viruses And Worms, Consumer Electronics, Personal Technology, Ryan Naraine

Blog posts 2008-11-07

Heads up: Patch your Adobe Reader now

See important update below for information on patching this vulnerability. Heads up for Windows users: There's a critical, remotely exploitable vulnerability in Adobe Acrobat/Reader version 8. According to an advisory from Core Security, Adobe Reader suffers from a stack buffer overflow when parsing...

Tags: Adobe Systems Inc., Adobe Acrobat, Vulnerability, JavaScript, Adobe Acrobat Reader, Product Update, Security, Ryan Naraine

Blog posts 2008-11-04

Black market for zero day vulnerabilities still thriving

One would assume that popular sources for zero day vulnerabilities+Poc's such as Full-Disclosure, Bugtraq or Milw0rm are the primary sources for obtaining responsibly or irresponsibly released flaws. They'd be wrong. The black market for zero day vulnerabilities and the concept of over-the-counter OTC trade of zero day flaws, has been...

Tags: Web, Vulnerability, Web Application, SQL Injection, Exploit, Day Vulnerability, E-shop, Security, Dancho Danchev

Blog posts 2008-11-02

Opera sings the security blues

Guest editorial by Aviv Raff If you ask any Opera fanboy, he will tell you that Opera is the most secured browser. Well frankly, it really is a good and secure browser, implementing many restrictions that other browsers simply ignore. For example, while...

Tags: Opera Software, Vulnerability, Resource, Web Browser, Web Browsers, Security, Internet, Ryan Naraine

Blog posts 2008-10-30

Adobe nukes 'critical' Pagemaker flaws

Adobe has released a patch to fix a pair of critical vulnerabilities in its PageMaker 7 software, warning that a hacker could exploit these flaws to "take control of the affected system." A third vulnerability, confirmed by Adobe, remains unpatched, the company acknowledged in an advisory. ...

Tags: Adobe Systems Inc., PageMaker, Flaw, Vulnerability, Security, Ryan Naraine

Blog posts 2008-10-30

Talkback Tuesday: latest MS vulnerability

Talkback Tuesday: latest MS vulnerabilityThey will have to....If Apple wants to get into the enterprise, they will have to patch on the fly if there is a threat. As of now they are very quiet about their patches and the details. Oh well almost every software I have worked...

Tags: Patches, Talkback Tuesday, Microsoft Corp.

Discussion threads 2008-10-28

Talkback Tuesday: latest MS vulnerability

Everyone was discussing the MS08-067 vulnerability and its out-of-cycle patchlast week. My post on the topic elicited several comments from our readers, including the following by frgough: If this had been Apple, the article slant would have been all about poor security models, inherently flawed structure...

Tags: Process Management, Vulnerability, Apple Inc., Microsoft Corp., Security, Enterprise Software, Software, Adam O\'Donnell

Blog posts 2008-10-28

Latest MS Vuln eerily similar to one from two years previous

The recently discovered critical Windows vulnerability that necessitated an out-of-cycle patch is extremely similar to one that first appeared two years ago. The MS08-067 vulnerability, which was originally spotted by analyzing in-the-wild captures, is remarkably similar to the MS06-040 vulnerability that enabled the spread of a variant of the...

Tags: Vulnerability, Microsoft Corp., Software Architecture, Security, Adam O\'Donnell

Blog posts 2008-10-23

MS ships emergency patch for Windows worm hole

Microsoft has released an out-of-band patch to fix an extremely critical worm hole that exposes Windows users to remote code execution attacks. The emergency update comes just one week after the regularly scheduled Patch Tuesday and follows the discovery of a targeted zero-day attack, Microsoft said in...

Tags: Microsoft Windows Server, Vulnerability, Microsoft Corp., Windows Server Service, Microsoft Windows, RPC, Security, Operating Systems, Software, Networking, Ryan Naraine

Blog posts 2008-10-23

Adobe ships fix for clickjacking, clipboard hijack threats

Adobe has released Flash Player 10 Techmeme discussion with a chock-full of major security improvements, including patches and mitigation for at least five serious security vulnerabilities. The vulnerabilities covered with Flash Player 10 could allow an attacker to bypass the software's security controls, Adobe warned. ...

Tags: Adobe Systems Inc., Vulnerability, Macromedia Flash Player, Security, Ryan Naraine

Blog posts 2008-10-15

Debate around 'partial disclosure' heats up

There are many ways of telling the world about a security vulnerability. A vulnerability can be announced without telling the vendor, it can be announced after giving the vendor a period of time to fix the issue, or it may just be circulated amongst the underground without ever coming...

Tags: Disclosure, Researcher, Vulnerability, Security, Adam O\'Donnell

Blog posts 2008-10-13

MS Patch Tuesday heads-up: 11 bulletins, 4 critical

It will be a very busy Patch Tuesday for administrators managing Microsoft Windows computer systems. According to Microsoft's advance notice mechanism, 11 security bulletins will drop next Tuesday (October 14, 2008), covering a wide range of serious vulnerabilities. Four of the 11 bulletins are...

Tags: Vulnerability, Exploit Code, Microsoft Corp., Bulletin, Security, Ryan Naraine

Blog posts 2008-10-09

Mac OS X Patch Day: 40 security flaws fixed

Apple has shipped another whopper of a patch to cover a total of 40 documented vulnerabilities affecting the Mac OS X ecosystem. The Security Update 2008-007, available for Tiger and Leopard, covers a range of third-party components and Mac OS X flaws that could users at risk...

Tags: Apple Macintosh, Vulnerability, Arbitrary Code Execution, Application Termination, Apple Mac OS X, Security, Operating Systems, Software, Apple Mac OS, Ryan Naraine

Blog posts 2008-10-09