Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: Exploit Code / Malware

What will help significantly make Vista more secure

December 1, 2006 – 8:31 am – Richard Bejtlich wrote an article at CSO magazine describing what will make a difference in Vista’s security. It should be noted that Memory Address Randomization will significantly help prevent the spread of attacks via exploits. It is a feature turned on by default. This was not mentioned…
By Kenneth F. Belva | Posted in General | Also tagged , , , | Comments (0)

Healthy Skepticism for “Year” of 0-day Oracle Bugs

November 20, 2006 – 9:24 pm – While I know that Cesar Cerrudo has shown proficiency at finding vulnerabilities. I worry when I read these two quotes next to each other on his website: We could do the Year of Oracle Database Bugs but we think a week is enough to show how flawed Oracle software is, also we don’t want to…
By Kenneth F. Belva | Posted in General | Also tagged | Comments (0)

FUD, FUD and More FUD: ToorCon and Firefox Zero-day - Vulnerability Confusion Strikes Again!

October 3, 2006 – 7:15 am – In August it was Apple, now it’s Mozilla/Firefox. The media reports (here and here) that two Toorcon researchers claim that Firefox is “critically flawed” and “impossible to patch.” The media also reports that “an attacker could commandeer a computer”,…
By Kenneth F. Belva | Posted in General | Also tagged , , , , | Comments (3)

The Case for Full-Disclosure: When The Public Cannot Trust the Researchers, the Media or the Corporation

August 18, 2006 – 11:05 pm – There is major confusion about exactly what the Blackhat Apple wireless exploit represents. At various times it was reported that it was the flaw in the OS, the wireless driver shipped with the OS or a third-party wireless driver. The security researchers claim one thing, the press claims…
By Kenneth F. Belva | Posted in General | Also tagged , | Comments (3)