Tag: OSVDB

Security expert dubs July the ‘Month of browser bugs’

[This was originally published on the OSVDB blog.] Security expert dubs July the ‘Month of browser bugs’ By Greg Sandoval Each day this month, a prominent security expert will highlight a new vulnerability found in one of the major Internet browsers. HD Moore, the creator of Metasploit Framework, a tool that helps test whether a…

July 31, 2006
Proof of Concept

[This was originally published on the OSVDB blog.] PoC aka ‘Proof of Concept’. Please, stop and read those words.. actually think about what it means. The term was originally used to label code that demonstrated that a concept or idea was actually valid. ResearcherX would say that SoftwareY contained an exploitable overflow in FunctionZ. Since…

July 3, 2006
Browser Fun

[This was originally published on the OSVDB blog.] http://browserfun.blogspot.com/ This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure. To kick off this blog, we are announcing the Month of Browser Bugs (MoBB), where we will publish a new browser hack, every day, for the entire month of July. The…

July 2, 2006
For Example…

[This was originally published on the OSVDB blog.] Did you know that RFC 2606 provides for the Internet Assigned Numbers Authority (IANA) to reserve several top level domains, as well as three second level domains in order to provide a safe domain name? To avoid conflict and confusion the domains example.com, example.net and example.org are…

May 17, 2006
Why I’m So Behind

[This was originally published on the OSVDB blog.] Another night of working on OSVDB, mainly focusing on vulnerability import and creating our entries to cover issues. Most nights end with between 25 and 50 new entries and a feeling of accomplishment. Well, other manglers can see the accomplishment if they check the back end, and…

May 11, 2006
Microsoft Silently Patches…

[This was originally published on the OSVDB blog.] Sure, the news that Microsoft silently patches vulnerabilities made the rounds. But honestly, who was surprised in the least? We’ve all known it is a common practice among many vendors, not just Microsoft. As you may have guessed, the reasoning behind this practice is a commonly heard…

April 25, 2006
Just Because It Is A Game..

[This was originally published on the OSVDB blog.] Does the nature of a product determine vulnerability status? Without giving much thought, most people would classify a ‘game’ as nothing of concern. No way it could possibly pose a security threat to you.. besides, it’s fun! In reality though, games are just as likely to bite…

April 19, 2006
The Upside to the Provenance Problem

[This was originally published on the OSVDB blog.] As mentioned before, Christey of CVE mentions an ongoing problem in the vulnerability world is that of “provenance”, meaning “where the hell did that come from?!” Vulnerability Databases (VDB’s) like CVE and OSVDB are big on provenance. We want to know exactly where the information came from…

April 19, 2006
10 Infamous Moments In Security Research

[This was originally published on the OSVDB blog.] 10 Infamous Moments In Security ResearchInformationWeek – Apr 17, 2006 1. SQL Slammer2. Windows Plug and Play3. Cisco IOS heap overflow4. Windows Metafile5. Oracle transparent data encryption6. Oracle PLSQL gateway7. Apple Mac iChat8. Internet Explorer createTextRange()9. Internet Explorer HTA files10. Sendmail SMTP server software While many of…

April 18, 2006
Vulnerability History

[This was originally published on the OSVDB blog.] Steven Christey (CVE) recently posted about vulnerability history and complexity. The recent sendmail vulnerability has brought up discussion about both topics and adds another interesting piece of history to the venerable sendmail package. One point to walk away with is that while sendmail has a long history…

March 29, 2006