Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] More worms likely: expert

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] More worms likely: expert
Date: Mon, 22 Aug 2005 03:15:12 -0500 (CDT) 
http://www.smh.com.au/news/breaking/more-worms-likely-expert/2005/08/19/1123958226299.html

By Sam Varghese
August 19, 2005 

More worms could be in the works to exploit unpatched vulnerabilities 
in Microsoft's products, a US security professional says.

Marc Maiffret, chief hacking officer of eEye Digital Security, said
two critical flaws, among eight discovered by the company [1], could
be exploited by worms.

The details of all eight have been posted on the company's website. 
Maiffret would not specify which of the eight were open to remote 
exploits.

"Two of them are remotely exploitable and they are also both on the 
magnitude of the PNP vulnerability," Maiffret said, referring to the 
flaw in Microsoft Windows which was exploited by the Zotob worm and 
numerous other variants over the past week.

"But you never know with worms, (it) really just depends if there is 
someone that cares to write one."

eEye follows a policy of releasing limited information about a 
vulnerability publicly while sending full details to the vendor.

Although the company considers 60 days sufficient time to 
fix any flaw, it discloses full details of a bug only after the vendor 
has released a fix.

Full details of the eight vulnerabilities in Microsoft products have 
been sent to the vendor, one as long as four months ago.

Two vulnerabilities in the Real Audio player and one in Macromedia's 
products have also been listed.

eEye first shot to prominence in 2001 when it discovered a 
vulnerability in Microsoft's IIS web server which was later exploited 
by a worm named Code Red, causing major problems on the internet.

[1] http://www.eeye.com/html/research/upcoming/index.html



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] More worms likely: expert, InfoSec News <=
Previous by Date:  [ISN] SHA-1 compromised further, InfoSec News
Next by Date:  [ISN] Hackers Beating Efforts to Patch Software Flaws, InfoSec News
Previous by Thread:  [ISN] SHA-1 compromised further, InfoSec News
Next by Thread:  [ISN] Hackers Beating Efforts to Patch Software Flaws, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]