Latest News
ASX-listed Symal digs deeper into AI and DevOps with Microsoft Azure
Windows Server Update Services bug exploited in the wild
AWS outage caused by "unlikely interaction" between automated systems
ACMA rejects draft consumer code as calls to end self-regulation grow louder
Telstra finds firmware locked Samsung handsets to Vodafone for Triple-0 calls
vulnerability
Matt Watchinski, Vulnerability researcher, Sourcefire
I’ve been penetration testing since I was about 15 years-old. I got interested in these things in the days of bulletin boards and the 1,200 baud modem when you had to figure out things for yourself or talk to others on the boards.
Mar 8 2006 4:20PM
Security
The Common Vulnerability Scoring System: Get your threat priorities right
Over the years, I’ve seen and used a diverse range of methods to evaluate and explain the risks associated with a particular security threat or vulnerability. Depending on the audience and the nature of the environment being evaluated, there has always been – and always will be – a frequent need to reclassify the severity of a finding. This is particularly relevant when making use of findings derived from automated security tools.
Mar 6 2006 7:04PM
Security
Review: Auditor Enterprise
NetClarity’s Auditor is a fine example of a fully featured appliance that offers not just vulnerability assessment, but also ties results to compliance and ongoing information systems audit programs. Beginning from the superb documentation and ending with the high value for the money, this product shines.
Feb 1 2006 12:00AM
Security
Review: AZScan
AZScan has a way to go to become a world-class vulnerability assessment tool – the product is not intuitive. First, one needs to know quite a bit about the product being audited. Second, there is no online help or tool tips. Third, the menu choices don’t always behave as expected. Set-up seems easy at first, but details often don’t work.
Feb 1 2006 12:00AM
Security
Review: BindView Control Compliance Suite
The BindView Compliance Control Suite includes bv-Control for Windows, bv-Control for Internet Security and Compliance Center. This is a very complex suite of products and is part of a complete compliance and assessment toolkit that offers virtually every view necessary of the security compliance status of an enterprise. This very strength makes configuration and use of the product difficult at first.
Feb 1 2006 12:00AM
Security
Review: Core Impact
Core Impact is different in that while it performs vulnerability assessment, it is primarily a penetration testing tool. It behaves like a hacker, performing vulnerability and port scans then attempting to penetrate the target using the vulnerabilities it finds. There are real benefits to this approach.
Feb 1 2006 12:00AM
Security
Review: GFI LANGuard Network Security Scanner
This is a straightforward vulnerability scanner that also manages patch deployment. It can push patches and service packs out to target computers by means of a patch agent installed on the target. We found it generally competent and straightforward to install on our Windows 2000 notebook.
Feb 1 2006 12:00AM
Security
Developing a patch and vulnerability management strategy
In the first two quarters of 2005 more than 3,780 software
vulnerabilities were reported, leaving a wide range of system components and software open to exploits. With the popular operating systems often the key target of worm and virus writers, the majority of businesses are left open to attacks.
Oct 20 2005 11:03AM
Security
Windows vulnerability sparks viral warfare
The Zotob worm and its Windows hitting counterpart, Ircbot, are waged in viral warfare. Ircbots and a similar virus group known as Bozori are actively deleting Zotob viruses, the first to attack a newly announced Windows vulnerability.
Aug 18 2005 10:38AM
Security
