Home Vulnerabilities Exploits Hacking IT Security Malware
Twitter
RSS

Archive for the ‘Vulnerabilities’ Category

« Older Entries

SB10-249: Vulnerability Summary for the Week of August 30, 2010

By admin on Tuesday, September 7th, 2010 | No Comments

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be

Read the rest

Read More...

Seven Features To Look For In Database Assessment Tools

By admin on Tuesday, September 7th, 2010 | No Comments

As a follow-on to my “Essentials of Database Assessment” post, I want to go over some of the basic features and functions to look for in a database assessment product. There are many things to look for that differentiate one tool from another, but I’ll focus in on the top seven items you should review.

Here are the top seven features to evaluate in database assessment tools:

1. Expert Research &amp Current Policies: The principal cost in developing a database vulnerability assessment tool is the cost of building and maintaining a policy library. Thousands of man-hours go into policy research and creation, and how current the policies are have a major impact on the security of the database. Zero-day threats are just that, and the assessment vendors lead the database vendors in detection by days or weeks in advance. The vendor should release policy updates… Read the rest

Read More...

Keep Your Browser Updated

By admin on Tuesday, September 7th, 2010 | No Comments


Posted by Wolfgang Kandek,
Sep 7, 2010 09:55 AM


During the past Labor day weekend, I got pulled in by friends and relatives (some remotely) to take care of their computer-related problems.
We worked together on making sure automatic updates were enabled, removed unwanted software packages, and installed AV software where necessary. We also did some browser-related hygiene and in one case, removed five toolbars that had made their way into the system. These toolbars actually occupied one-third of theRead the rest

Read More...

Security vs. popularity

By admin on Tuesday, September 7th, 2010 | No Comments

Security is not obscurity. Popularity is not the only reason MS Windows is so poorly secured in general use. Maybe.

One idea in particular keeps coming up in discussions amongst IT professionals and software partisans: that the popularity of a piece of software is inversely correlated with its security. The assumption is that greater popularity of a piece of software makes it a more tempting target, and being a more tempting target makes it less secure.

There is some truth in that idea, but not nearly as much as many people think. If all else is equal, the more-popular software will be compromised first. On the other hand, all else is not equal, and being first is not necessarily the same as being only:

  • After the most popular piece of software is targeted, the next-most popular will also be targeted, if it has enough of an

Read the rest

Read More...

Anticipating The First Car Virus

By admin on Tuesday, September 7th, 2010 | No Comments

I’ve been thinking a lot about the McAfee acquisition by Intel and actually spent the afternoon with them a few days ago going over the strategy behind it. Intel doesn’t want to repeat the mistake that was made with the PC with regard to malware as we move to more common interfaces, operating systems, and network-connected TVs, appliances, manufacturing equipment, air conditioning and heating systems — and yes, automobiles and motorcycles. While a virus or an attack on a PC or server is certainly painful, the same attack on a plane or motor vehicle could be deadly.

We had a lot of warning with sneaker-net viruses that spread via floppy disk at the beginning of the PC era, but we didn’t take those warnings seriously. As a result, Microsoft focused exclusively on high levels of standardization and ease of use with no real focus on security… Read the rest

Read More...
« Older Entries