Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: Vulnerability Commentary

FUD, FUD and More FUD: ToorCon and Firefox Zero-day - Vulnerability Confusion Strikes Again!

October 3, 2006 – 7:15 am – In August it was Apple, now it’s Mozilla/Firefox. The media reports (here and here) that two Toorcon researchers claim that Firefox is “critically flawed” and “impossible to patch.” The media also reports that “an attacker could commandeer a computer”,…
By Kenneth F. Belva | Posted in General | Also tagged , , , , | Comments (3)

On eEye & Microsoft: No more thanks…

August 25, 2006 – 12:47 am – Eweek reports that Microsoft removed the Thanks to eEye for bulletin MS06-042. This is a curious case. One wonders: Is it possible that alternative agendas were at play here under the guise of the full-disclosure/responsible disclosure debate? eEye has an interest in gaining publicity by…
By Kenneth F. Belva | Posted in General | Also tagged , | Comments (0)

HSBC Security Flaw: Don't Overreact

August 11, 2006 – 11:13 pm – The HSBC security flaw is very low on my list of security issues. If the client (or end point) is compromised there is very little that may be done. The HSBC vulnerability prompted Martin McKeay to blog about it: “And unless the endpoint, your desktop, is properly protected, there’s…
By Kenneth F. Belva | Posted in General | Also tagged | Comments (0)

Comments on the HSBC Online Banking Security Flaw

August 10, 2006 – 11:36 pm – The BBC reports that there is a flaw in HSBC’s authentication mechanism. This is an interesting flaw because according to the analysis, an attacker can reverse engineer the account number from collecting pin entries via a keystroke logger. What I find amusing is they why would anyone…
By Kenneth F. Belva | Posted in General | Also tagged | Comments (0)