vulnerability
RSS vulnerabilityA Shatter Attack: How it works
News In a statement issued to ZDNet UK in response to the whitepaper, Microsoft argued that these messaging exploits do not "meet Microsoft's definition of a security vulnerability". A security expert has sparked fresh controversy regarding the security... [09 Aug 2002]
Open source security group born
News Internetworked Security Information Service (ISIS) is the amalgamation of software security glitch watchdogs Alldas.de, Open Source Vulnerability Database, PacketStorm and Vulnwatch. Four independent hacker and security expert groups have joined... [06 Aug 2002]
HP aims legal threats at security breach blabbermouth
News HP is threatening to use a controversial US copyright law to prevent publication of product vulnerability. The vulnerability was posted on Security Focus' BugTraq mailing list by a researcher called Phased, a member of SnoSoft. [31 Jul 2002]
Microsoft owns up to "critical" SQL hole
News A third vulnerability could allow a denial of service attack to be performed. Microsoft has discovered "critical" holes in its SQL server product which could allow a malicious attacker to gain control of a machine. [25 Jul 2002]
PHP flaw found
News US security researchers have found a serious vulnerability in server scripting software PHP. The US-based security research laboratory Cert has found a vulnerability in PHP which could allow a remote attacker to execute arbitrary code or crash the... [23 Jul 2002]
Worm warning: Frethem's running free and spreading fast
News It manages this by exploiting a well-known vulnerability in Microsoft Outlook email software which is still unpatched by many. A new family of email worms that can spread without users even clicking on an email attachment has been discovered in the... [15 Jul 2002]
Apple leaves Mac users open to hackers
News A hacker has posted details on the BugTraq mailing list on how to exploit the vulnerability on any Mac running the OS X operating system. Apple has been warned that hackers can take advantage of a hole on the company's online software update... [09 Jul 2002]
Apache hole is an open door to hackers
News According to Cert there is a vulnerability in the processing of large chunks of data in Apache versions 1.3 to 1.3.24 and 2.0 to 2.0.36. In an advisory on its site Cert said: "Several sources have reported that this vulnerability can be used by... [18 Jun 2002]
Microsoft warns of further IIS server flaws
News The vulnerability was uncovered by US security consultant Riley Hassell at eEye Digital Security. Microsoft has warned users of its IIS server software of another raft of vulnerabilities. The flaw could allow hackers to control websites, steal... [14 Jun 2002]
Solaris faces hacker threat
News The vulnerabilities are a buffer overflow exploit in SNMP (Simple Network Management Protocol) components in the OS, and a format string vulnerability in the same component. A format string vulnerability comes when a hacker can manipulate the... [06 Jun 2002]
Internet Explorer hole uncovered
News Online Solutions said it was going public with the vulnerability anyway because Microsoft's timetable to get the problem fixed was too slow. Responsible security researchers work with the vendor of a suspected vulnerability issue to ensure that... [05 Jun 2002]
Microsoft debugger has a bug
News Microsoft has discovered a vulnerability in the debugging program itself which could allow a hacker to take advantage of this feature. Microsoft has owned up to a flaw in its debugging software which could give a malicious hacker complete control... [24 May 2002]
Chip security undermined by Cambridge boffin
News Boffins at Cambridge University have discovered a vulnerability in chip design which they say will lead to a total rethink of chip security. While the theoretical vulnerability has been known about for years, nobody has yet been able to exploit it... [15 May 2002]
MSN Messenger flaw opens PCs up to hackers
News Hackers can exploit the vulnerability to impose a buffer-overflow attack, according to Microsoft. Microsoft has admitted that a security flaw in its MSN Messenger software could allow hackers to delete files or cripple a user's computer. [10 May 2002]
EDS bans instant messaging
News For this reason in particular, I would have a great deal of sympathy with EDS's view that Messenger has no part of their corporate information architecture, and would agree that it represents a potential security vulnerability within otherwise... [08 May 2002]
