code access security bug
Does open source pose a security risk?
News It found that all or nearly all of the projects examined failed to provide access to an internal security expert, reduce the number of security flaws in successive releases or make use of bug-catching tools such as FindBugs or Fortify's own Java... [22 Jul 2008]
Microsoft warns of ActiveX attack targetting Access
News L is for Love Bug An attacker would have to lure a victim, via a link in an email for example, to a specially crafted web page that could exploit the security hole to allow remote code execution. Microsoft issued a security advisory on Monday... [08 Jul 2008]
Insider security risks exposed
News L is for Love Bug Rushing Rupa is someone under pressure to finish a task to deadline - writing code for example - meaning they may miss out critical elements which could compromise security. Samar said the use of code-scanning technology to detect... [10 Apr 2008]
Repartee for Windows E-mail Integration
White Paper The "Love Bug" and the "Melissa" viruses were mainly perpetuated using Outlook. The Preview pane's default setting allows the execution of attached code, which is most likely a virus which would send itself to the user's contact list. [20 Feb 2008]
Microsoft Outlook: Security Features and Vulnerabilities
White Paper The "Love Bug" and the "Melissa" viruses were mainly perpetuated using Outlook. The Preview pane's default setting allows the execution of attached code, which is most likely a virus which would send itself to the user's contact list. [20 Feb 2008]
Happy 10th birthday Mozilla - there's a bug in your cake
News L is for Love Bug On 22 January, 1998, Netscape Communications Corporation announced its plans to make the source code for the Netscape Communicator client software available with free licensing on the internet. [25 Jan 2008]
Apple fixes 'hack-a-Mac hole'
News Apple credits bug hunter Dino Dai Zovi and the TippingPoint Zero Day Initiative for reporting the issue. Dai Zovi subsequently submitted the bug to TippingPoint, which sweetened the competition by offering a $10,000 bounty through its Zero Day... [02 May 2007]
Apple patches QuickTime flaw at last
News The publication kicked off the "Month of the Apple Bugs" project, which has been publishing a new Apple software bug each day in January. One of the bug hunters behind the Month of Apple Bugs said he is stunned by the time it took Apple to fix the... [24 Jan 2007]
Passwords at risk from Firefox, IE flaw
News No fix had been issued at the time of writing by Mozilla, although a bug report has been filed. An exploit for this flaw has already been seen on social networking site MySpace, and could affect anyone using a blog or forum that allows user... [23 Nov 2006]
Open source bug hunters make short work of clean-up
News It had the highest number of bugs per 1,000 lines of code, with a bug density of 1.237. XMMS, an audio player, had the lowest bug density, with 0.051 defects per 1,000 lines of code. Developers have quickly fixed many bugs in popular open source... [05 Apr 2006]
US government funds open source bug hunt
News Engler defended the initiative, noting that the Department of Homeland Security is effectively paying for a commercial bug-checking tool to be applied to open-source software. The project will expand an existing Coverity initiative that already... [11 Jan 2006]
Google desktop exploited by IE flaw
News There is a bug in the way the web browser processes CSS rules, Matan Gillon wrote in a description of his hack posted on Wednesday. Microsoft is not currently aware of malicious code that takes advantage of the flaw, but is monitoring the situation... [05 Dec 2005]
Exploit unleashed for Windows plug-and-play flaw
News The code takes advantage of a bug related to plug-and-play technology in Windows 2000 and Windows XP. Exploit code was published on Friday for a Windows flaw similar to the vulnerability that led to the Zotob worm that wreaked havoc in August. [24 Oct 2005]
Are vulnerable times responsible times?
Comment This is why software companies want security bug catchers to tell them when they find a flaw. What if software vendors started paying bug-finders for information about security flaws: would this help or hinder? [02 Mar 2005]
Microsoft considers source code release
News In theory, access to the code and known bugs will allow programmers to better understand the tool and separate a product bug from their own. Microsoft's Burke said he would like to release the code of Windows Forms as well as a bug-tracking database. [08 Feb 2005]
Keep updated for stories matching code access security bug via RSS
