Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] 10 Infamous Moments In Security Research

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] 10 Infamous Moments In Security Research
Date: Mon, 17 Apr 2006 01:46:17 -0500 (CDT) 
http://www.informationweek.com/security/showArticle.jhtml?articleID=185301327

InformationWeek 
Apr 17, 2006

1. SQL Slammer - Researcher David Litchfield presents findings at
   Black Hat one week after Microsoft issues its SQL patch. Slammer
   worm that exploits that flaw dramatically slows Internet traffic in
   2003.

2. Windows Plug and Play - Internet Security Systems researchers in
   April 2005 discover Windows vulnerability that lets attacker take
   control of affected systems and remotely execute code. By August,
   Zotob worm exploits it.

3. Cisco IOS heap overflow - Former ISS researcher Michael Lynn in
   July 2005 shows hackers could take control of a company's network.
   Cisco had issued a patch in April, but it still sues Lynn over the
   speech.  The suit is later dropped.

4. Windows Metafile - Researcher H.D. Moore and others post exploit
   code of this flaw in January, and researcher Ilfak Guilfanov writes
   unauthorized workaround. This prompts Microsoft to issue a patch
   five days ahead of schedule.

5. Oracle transparent data encryption - Red-Database-Security
   researcher Alexander Kornbrust reports vulnerability in January
   2006; Oracle patches it the same month.

6. Oracle PLSQL gateway - Litchfield in January shows Black Hat
   attendees a vulnerability in Oracle's Procedural Language extension
   to SQL. Oracle has yet to patch.

7. Apple Mac iChat - An unknown person posts on MacRumors.com an
   external link to the OSX/Leap.a Trojan on Feb. 13, 2006, the first
   virus for the Apple Mac OSX platform.

8. Internet Explorer createTextRange() - Researcher Andreas Sandblad
   discovers flaw in March that lets hackers install malwarelike
   keystroke loggers. eEye Digital Security issues a patch.

9. Internet Explorer HTA files - Dutch researcher Jeffrey van der Stad
   in March alerts Microsoft to problem with how IE processes HTML
   apps. Van der Stad pares back information about the bug on his Web
   site when Microsoft complains.

10. Sendmail SMTP server software - ISS in March finds vulnerability
    in this popular Internet E-mail transfer agent. Sendmail issues
    patch immediately.




_________________________________
LayerOne 2006 : Pasadena Hilton : Pasadena, CA
Infomation Security and Technology Conference
http://layerone.info
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] 10 Infamous Moments In Security Research, InfoSec News <=
Previous by Date:  [ISN] At Afghan Bazaar, Military Offers Dollars for Stolen Data, InfoSec News
Next by Date:  [ISN] Internet Use In Zimbabwe Limited, InfoSec News
Previous by Thread:  [ISN] At Afghan Bazaar, Military Offers Dollars for Stolen Data, InfoSec News
Next by Thread:  [ISN] Internet Use In Zimbabwe Limited, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]