Tag: Symantec

  • Symantec Bites the Hand That Feeds…

    [This was originally published on the OSVDB blog.] Just over ten years ago (95-09-15) *Hobbit* wrote a little tool called netcat (aka nc), swiftly dubbed the “TCP/IP Swiss Army knife”. *Hobbit* was affiliated with the l0pht, which was later purchased by @stake, which was later purchased by Symantec. At some point (circa 1998), Weld Pond…

  • Mail List Archives 101 (or Why SF Hates VDBs)

    [This was originally published to the OSVDB blog.] Running a mail list archive is a straight forward task. Collect, organize and make mail list posts available via the web. You can see such archives at seclists.org or the Neohapsis arhive. Most folks that use archives like this have their favorites for various reasons. Speed, the…

  • Vendor Protection Rackets

    [This was originally published on the OSVDB blog.] I had planned on writing about this weeks ago but got swamped with that pesky day job along with the steady stream of new vulnerabilities released daily. That steady stream that absolutely will not get better with vendors taking a new approach to dealing with them. Fortunately…

  • “OSS means slower patches” – huh?!

    [This was originally posted on the OSVDB blog.] http://australianit.news.com.au/articles/0,7204[..].htmlOSS means slower patchesChris JenkinsSEPTEMBER 19, 2005 This was posted to Full-Disclosure where I first replied, and ISN picked up. Articles like this do nothing positive for our industry. Jenkins should not waste his time writing fluff pieces like this, and he should do some digging or…

  • Vuln info from public sources and VDB ‘rules’?

    [This was originally published on the OSVDB blog.] This has come up in the past, and again more recently. Is information found on a vendor website, such as a changelog or bugzilla entry, fair game for inclusion in a vulnerability database? Some vendors seem to think this material is off limits. If a person keeps…

  • Predicting Vulnerabilities, Quotes and More

    [This was originally published on the OSVDB blog.] Interesting article for several reasons. Below are some of the interesting quotes that stood out to me and may prove to be interesting topics. http://news.bbc.co.uk/1/hi/technology/3485972.stm Hackers exploit Windows patchesBy Mark WardLast Updated: Thursday, 26 February, 2004, 10:54 GMT “We have never had vulnerabilities exploited before the patch…

  • Random Comments on the Symantec Internet Threat Report 2005

    [Originally posted to the ISN Mail List. Shortly after, modified for attrition.org. This was republished at The Age (AU) and the Sydney Morning Herald.] Some interesting stuff in the Symantec report that is being talked about in various news articles:http://www.zdnet.com.au/news/security/0,2000061744,39185387,00.htmhttp://uk.news.yahoo.com/050322/152/ferr7.htmlhttp://continuitycentral.com/news01804.htmhttp://www.macobserver.com/article/2005/03/23.4.shtml[..] The original Symantec release for this report:http://enterprisesecurity.symantec.com/content.cfm?articleid=1539 Symantec Internet Security Threat ReportTrends for July 04…

  • Anti-Virus Companies: Tenacious Spammers

    [This was originally published on attrition.org.] No one can argue that the spam problem is getting better. Despite advances in anti-spam technology and legislation against spam, unwanted junk mail is flowing into our inboxes at an increased rate. Stock tips, enhancement drugs, Nigerian scams, DVD copy software and hundreds of other products or services get…