Browsing Tag: vulnerabilities

Categories: Vulnerabilities

By any measure, Luigi Auriemma is a prolific vulnerability researcher. In the first ten months of 2011, the pay-for-bugs program Zero Day Initiative credited Auriemma with discovering 30 vulnerabilities, ranging from issues in Sybase enterprise software to Adobe Shockwave to Apple Quicktime. In its Upcoming Advisories section, ZDI listed Auriemma with finding another 35 vulnerabilities that still await fixes from their developers. The vulnerability researcher, who has made his name in part by finding SCADA bugs, is not yet ready to leave his day job. Despite ZDI’s bonus system, his independent research is not a career, he says.

Read more...

The Black Hole exploit kit is really becoming a serious pain in the neck for people trying to use the Internet. At some point, it may become easier to start a list of the URLs that aren’t hosting the exploit kit, rather than the ones that are. For the time being, the latest entry in the latter category is a group of thousands of WordPress blogs that have been compromised and are now redirecting visitors to sites serving the Black Hole exploit kit.

Read more...

Categories: Malware, Vulnerabilities

The Android platform has become one of the go-to choices for developers and device manufacturers in the last year or so, and that popularity has of course attracted the attention of attackers who have been busily coding up as much malware as they can for the platform. They’ve been quite successful, with hits such as DroidDream and its sequels popping up in dozens of compromised apps in the Android Market this year. Now, defenders are getting some tools of their own to help address the problem, with the release of the Android Reverse Engineering suite.

Read more...

WASHINGTON–The U.S. government has a lot of money. Not as much as it used to have, of course, but still, it has a lot. It also has a lot of computers and servers and routers and other things that move and store data. In fact, they have so many that they don’t really know what all of them are doing at any given time. That’s turning into a fairly thorny security problem for some of the country’s more vital networks, and even the most well-funded agencies are having a hard time addressing it.

Read more...