Vulnerabilities
Continuous news on hardware and software vulnerabilities from proof of concept to zero day, the dangerous to the novel. Follow the patching topic to narrow your news to emerging fixes.
Matt Watchinski, Vulnerability researcher, Sourcefire
I’ve been penetration testing since I was about 15 years-old. I got interested in these things in the days of bulletin boards and the 1,200 baud modem when you had to figure out things for yourself or talk to others on the boards.
Mar 8 2006 4:20PM
Security
The Common Vulnerability Scoring System: Get your threat priorities right
Over the years, I’ve seen and used a diverse range of methods to evaluate and explain the risks associated with a particular security threat or vulnerability. Depending on the audience and the nature of the environment being evaluated, there has always been – and always will be – a frequent need to reclassify the severity of a finding. This is particularly relevant when making use of findings derived from automated security tools.
Mar 6 2006 7:04PM
Security
Review: Auditor Enterprise
NetClarity’s Auditor is a fine example of a fully featured appliance that offers not just vulnerability assessment, but also ties results to compliance and ongoing information systems audit programs. Beginning from the superb documentation and ending with the high value for the money, this product shines.
Feb 1 2006 12:00AM
Security
Review: AZScan
AZScan has a way to go to become a world-class vulnerability assessment tool – the product is not intuitive. First, one needs to know quite a bit about the product being audited. Second, there is no online help or tool tips. Third, the menu choices don’t always behave as expected. Set-up seems easy at first, but details often don’t work.
Feb 1 2006 12:00AM
Security
Review: BindView Control Compliance Suite
The BindView Compliance Control Suite includes bv-Control for Windows, bv-Control for Internet Security and Compliance Center. This is a very complex suite of products and is part of a complete compliance and assessment toolkit that offers virtually every view necessary of the security compliance status of an enterprise. This very strength makes configuration and use of the product difficult at first.
Feb 1 2006 12:00AM
Security
Review: Core Impact
Core Impact is different in that while it performs vulnerability assessment, it is primarily a penetration testing tool. It behaves like a hacker, performing vulnerability and port scans then attempting to penetrate the target using the vulnerabilities it finds. There are real benefits to this approach.
Feb 1 2006 12:00AM
Security
Review: GFI LANGuard Network Security Scanner
This is a straightforward vulnerability scanner that also manages patch deployment. It can push patches and service packs out to target computers by means of a patch agent installed on the target. We found it generally competent and straightforward to install on our Windows 2000 notebook.
Feb 1 2006 12:00AM
Security
