SEARCH RESULTS
 
Showing 1-10 of 348 records
 
Expand article

The Bitrix open redirect vulnerability: a lesson in the absurd

2008-07-22 23:00:00 by Russ McRee in HolisticInfoSec.org
 
...vulnerability in Bitrix Site Manager 6.5, specifically CVE-2008-2052 2) The vulnerability is a simple one to reproduce, easily exploited by phishers and malware propagators. The issue is still unresolved by the vendor, so here's an example, still available, from their site http://www.bitrixsoft.com/bitrix/redirect.php?event1=demo out&event2...
 
Tags: vulnerability, redirect, redirect vulnerability, cve vulnerability advisory, redirect vulnerabilities, bitrix site manager, site, issue, secure issue
 
 
 
 
Expand article

Measuring Vulnerability

The Article has images
2008-04-14 14:31:38 by JonesJ in RiskAnalys.is
...vulnerability Apologies in advance, for the length of this post In a perfect world wed know which specific threat agent was going to act against us and know the capability of that threat agent in absolute terms (e.g., pounds per square inch), as well as know (through testing) what our resistance capabilities are in those same absolute terms....
 
Tags: threat capability curve, capability, human capability, human threat capability, describe control strength, control strength, capability curve, threat community capability, control
 
 
 
 
Expand article

Vulnerability Events

2008-03-30 17:20:05 by JonesJ in RiskAnalys.is
 
...vulnerability is discovered in (for example) an operating system, does that mean the system was vulnerable all along? As I see it, the answer is No The rationale behind this answer is based on the fact that weakness (a.k.a. vulnerability) is a relative term. Logically, a relative term requires at least two components one relative to another....
 
Tags: vulnerability, relative term, term, loss events occur, loss events, vulnerability events matter, loss, actual loss, relative term requires
 
 
 
 
Expand article

Are current vulnerability and compliance testing tools like answering the phone at 3am?

2008-05-19 23:16:18 by HASH0x8af1430 in StillSecure, After All These Years
 
...vulnerability assessment and compliance testing last week. The requirements for this customer was not unusual. They wanted to test for conventional CVE type vulnerabilities. Additionally, they also wanted to test for configuration compliance. Hotfixes, patch level, AV, etc. This direction is where a lot of the traditional vulnerability...
 
Tags: compliance, configuration compliance, compliance status, status, prime time hours, time, network, detect devices, devices
 
 
 
 
Expand article

The Ethics of Vulnerability Research

2008-05-14 11:29:45 by schneier in Schneier on Security
 
...vulnerability in a software program on it. This was true in the 1960s when buffer overflows were first exploited to attack computers. It was true in 1988 when the Morris worm exploited a Unix vulnerability to attack computers on the Internet, and it's still how most modern malware works Vulnerabilities are software mistakes--mistakes in...
 
Tags: software security experts, software, vulnerabilities nurtures, vulnerabilities, exploitable vulnerabilities, vulnerabilities lie dormant, security vulnerabilities, computer, computer security experts
 
 
 
 
Expand article

Dynamic vulnerability assessment

2008-06-09 11:38:11 by HASH0x8b35a58 in StillSecure, After All These Years
 
...vulnerability assessment being like a parody of an Obama/Hillary commerical. Who answers the phone at 3am? For vulnerability assessment, the results are only as good as who answers the scan. This has been a problem for security managers and vulnerability assessors for some time. Balancing scanning during prime time and impacting network...
 
Tags: vulnerability, vulnerability assessment, tradtional vulnerability checks, dynamic vulnerability assessment, vulnerability management, network, network performance versus, safe access, prime time
 
 
 
 
Expand article

Dynamic vulnerability assessment

2008-06-09 12:38:11 by ashimmy in StillSecure, After All These Years
 
...vulnerability assessment being like a parody of an Obama/Hillary commerical. Who answers the phone at 3am? For vulnerability assessment, the results are only as good as who answers the scan. This has been a problem for security managers and vulnerability assessors for some time. Balancing scanning during prime time and impacting network...
 
Tags: vulnerability, vulnerability assessment, dynamic vulnerability assessment, tradtional vulnerability checks, network, network performance versus, safe access, prime time, time
 
 
 
 
Expand article

Cost of vulnerability

2007-03-05 21:19:05 by RaviC in Musings on Information Security
 
...vulnerability in his code where a hacker could easily hijack a user session. I set up a demo scenario for this and walked up to his office to bring this to his attention. His response to my discovery was more amazing than the vulnerability itself. He thumped his clenched fist on the table and avered " My code is bullet proof". By his immature...
 
Tags: vulnerability, vulnerability determines, cost, demo scenario, easily, easily hijack, extremely brilliant, preserve company, bullet proof
 
 
 
 
Expand article

Vulnerability Management - Yeah Baby, Groovy!

The Article has images
2008-03-21 14:02:49 by HASH0x8b46e44 in StillSecure, After All These Years
...Vulnerability Management Tools . I felt like I had been in suspended animation for years and just woke up. I have not seen an article on vulnerability management in forever and ever. There was nothing earth shattering in this article. Meat and potatoes VM. That is vulnerability management, not virtual machines. The fact that VM is more...
 
Tags: vulnerability management, term vulnerability management, vulnerability management tools, austin powers moment, article, infosec world conference, speaks volumes, trendy anymore, virtual machines
 
 
 
 
Expand article

Vulnerability Management - Yeah Baby, Groovy!

The Article has images
2008-03-21 15:02:49 by ashimmy in StillSecure, After All These Years