Month: April 2006

  • Microsoft Silently Patches…

    [This was originally published on the OSVDB blog.] Sure, the news that Microsoft silently patches vulnerabilities made the rounds. But honestly, who was surprised in the least? We’ve all known it is a common practice among many vendors, not just Microsoft. As you may have guessed, the reasoning behind this practice is a commonly heard…

  • Just Because It Is A Game..

    [This was originally published on the OSVDB blog.] Does the nature of a product determine vulnerability status? Without giving much thought, most people would classify a ‘game’ as nothing of concern. No way it could possibly pose a security threat to you.. besides, it’s fun! In reality though, games are just as likely to bite…

  • The Upside to the Provenance Problem

    [This was originally published on the OSVDB blog.] As mentioned before, Christey of CVE mentions an ongoing problem in the vulnerability world is that of “provenance”, meaning “where the hell did that come from?!” Vulnerability Databases (VDB’s) like CVE and OSVDB are big on provenance. We want to know exactly where the information came from…

  • 10 Infamous Moments In Security Research

    [This was originally published on the OSVDB blog.] 10 Infamous Moments In Security ResearchInformationWeek – Apr 17, 2006 1. SQL Slammer2. Windows Plug and Play3. Cisco IOS heap overflow4. Windows Metafile5. Oracle transparent data encryption6. Oracle PLSQL gateway7. Apple Mac iChat8. Internet Explorer createTextRange()9. Internet Explorer HTA files10. Sendmail SMTP server software While many of…