SecurityRatty: tag: vulnerability

Measuring Vulnerability

2008-04-14 14:31:38 by JonesJ in RiskAnalys.is

...vulnerability Apologies in advance, for the length of this post In a perfect world wed know which specific threat agent was going to act against us and know the capability of that threat agent in absolute terms (e.g., pounds per square inch), as well as know (through testing) what our resistance capabilities are in those same absolute terms....

Tags: threat capability curve, capability, human capability, human threat capability, describe control strength, control strength, capability curve, threat community capability, control

Vulnerability Events

2008-03-30 17:20:05 by JonesJ in RiskAnalys.is

...vulnerability is discovered in (for example) an operating system, does that mean the system was vulnerable all along? As I see it, the answer is No The rationale behind this answer is based on the fact that weakness (a.k.a. vulnerability) is a relative term. Logically, a relative term requires at least two components one relative to another....

Tags: vulnerability, relative term, term, loss events occur, loss events, vulnerability events matter, loss, actual loss, relative term requires

Are current vulnerability and compliance testing tools like answering the phone at 3am?

2008-05-19 23:16:18 by HASH0x8af1430 in StillSecure, After All These Years

...vulnerability assessment and compliance testing last week. The requirements for this customer was not unusual. They wanted to test for conventional CVE type vulnerabilities. Additionally, they also wanted to test for configuration compliance. Hotfixes, patch level, AV, etc. This direction is where a lot of the traditional vulnerability...

Tags: compliance, configuration compliance, compliance status, status, prime time hours, time, network, detect devices, devices

The DNS Vulnerability

2008-07-29 06:01:52 by schneier in Schneier on Security

...vulnerability discovered by Dan Kaminsky about six months ago have leaked. Hackers are racing to produce exploit code, and network operators who haven't already patched the hole are scrambling to catch up. The whole mess is a good illustration of the problems with researching and disclosing flaws like this The details of the vulnerability...

Tags: vulnerability, kaminsky, dan kaminsky, details, critical internet vulnerability, bank account details, discover kaminsky, patch, release details

The Ethics of Vulnerability Research

2008-05-14 11:29:45 by schneier in Schneier on Security

...vulnerability in a software program on it. This was true in the 1960s when buffer overflows were first exploited to attack computers. It was true in 1988 when the Morris worm exploited a Unix vulnerability to attack computers on the Internet, and it's still how most modern malware works Vulnerabilities are software mistakes--mistakes in...

Tags: software security experts, software, vulnerabilities nurtures, vulnerabilities, exploitable vulnerabilities, vulnerabilities lie dormant, security vulnerabilities, computer, computer security experts

Dynamic vulnerability assessment

2008-06-09 11:38:11 by HASH0x8b35a58 in StillSecure, After All These Years

...vulnerability assessment being like a parody of an Obama/Hillary commerical. Who answers the phone at 3am? For vulnerability assessment, the results are only as good as who answers the scan. This has been a problem for security managers and vulnerability assessors for some time. Balancing scanning during prime time and impacting network...

Tags: vulnerability, vulnerability assessment, tradtional vulnerability checks, dynamic vulnerability assessment, vulnerability management, network, network performance versus, safe access, prime time

Dynamic vulnerability assessment

2008-06-09 12:38:11 by ashimmy in StillSecure, After All These Years

...vulnerability assessment being like a parody of an Obama/Hillary commerical. Who answers the phone at 3am? For vulnerability assessment, the results are only as good as who answers the scan. This has been a problem for security managers and vulnerability assessors for some time. Balancing scanning during prime time and impacting network...

Tags: vulnerability, vulnerability assessment, dynamic vulnerability assessment, tradtional vulnerability checks, network, network performance versus, safe access, prime time, time

Cost of vulnerability

2007-03-05 21:19:05 by RaviC in Musings on Information Security

...vulnerability in his code where a hacker could easily hijack a user session. I set up a demo scenario for this and walked up to his office to bring this to his attention. His response to my discovery was more amazing than the vulnerability itself. He thumped his clenched fist on the table and avered " My code is bullet proof". By his immature...

Tags: vulnerability, vulnerability determines, cost, demo scenario, easily, easily hijack, extremely brilliant, preserve company, bullet proof

Vulnerability Management - Yeah Baby, Groovy!

2008-03-21 14:02:49 by HASH0x8b46e44 in StillSecure, After All These Years

...Vulnerability Management Tools . I felt like I had been in suspended animation for years and just woke up. I have not seen an article on vulnerability management in forever and ever. There was nothing earth shattering in this article. Meat and potatoes VM. That is vulnerability management, not virtual machines. The fact that VM is more...

Tags: vulnerability management, term vulnerability management, vulnerability management tools, austin powers moment, article, infosec world conference, speaks volumes, trendy anymore, virtual machines

Vulnerability Management - Yeah Baby, Groovy!

2008-03-21 15:02:49 by ashimmy in StillSecure, After All These Years

...Vulnerability Management Tools . I felt like I had been in suspended animation for years and just woke up. I have not seen an article on vulnerability management in forever and ever. There was nothing earth shattering in this article. Meat and potatoes VM. That is vulnerability management, not virtual machines. The fact that VM is more...

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo