Attacker: Definition and additional resources from ZDNet

A person or other entity such as a computer program that attempts to cause harm to an information system; for example, by unauthorized access or denial of service. Human attackers are also called "crackers" and "hackers." See attack.

Reproduced with permission from Computer Desktop Encyclopedia.
Copyright (c) 1981-2007 The Computer Language Company Inc.
All rights reserved.

Additional Resources

Novell GroupWise 'mailto' URI handler buffer overflow vulnerability: Researcher Juan Pablo Lopez Yacubian has reported another URI abuse exploit. From Security Focus: Novell GroupWise is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue will allow an attacker to execute...; Tags: Novell Inc., Researcher, Vulnerability, Buffer-overflow, Novell GroupWise, E-mail Servers, E-mail Clients, Groupware, Viruses And Worms, Security, Enterprise Software, Software, Nathan McFeters; Blog posts 2008-04-29
MS08-025: Microsoft Windows kernel vulnerable to local privilege escalation flaw: From Microsoft: A local attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts. This is an important security update for all supported editions of Windows 2000, Windows XP, Windows Server...; Tags: Window, Microsoft Corp., Kernel, Flaw, Updates, Microsoft Windows, Security Administration, Operating Systems, Security, Software, Nathan McFeters; Blog posts 2008-04-29
Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers: There's been a lot of noise and violent thrashing over the last couple days regarding a flaw that was originally believed to be a flaw in Microsoft's IIS (Internet Information Server), but has since been pointed out as simply a well thought out SQL Injection attack. For those of...; Tags: Developer, Password, Web Application, Server, SQL, Site, SQL Injection, Microsoft IIS Server, Attack, Programming Languages, Security, Databases, Software Development, Software/Web Development, Enterprise Software, Software, Data Management, Nathan McFeters; Blog posts 2008-04-28
Recent CNN Distributed Denial of Service (DDoS) attack explained: According to Netcraft: "The CNN News website has twice been affected since an earlier distributed denial of service attack last Thursday. CNN fixed Thursday's attack by limiting the number of users who could access the site from specific geographical areas. Subsequently, an attack was purportedly organised to...; Tags: Denial Of Service, Distributed Denial Of Service, CNN, Attack, Danchev, Security, Nathan McFeters; Blog posts 2008-04-23
Oracle patches DB, apps: Oracle patches DB, appsOracle Critical Patch Update Risk Matrix & CVSSHi Larry! This is Eric Maurice of Oracle. An important document for Oracle customers, the Critical Patch Update (CPU) Advisory lists vulnerabilities addressed in the CPU as well as provides other information related to the patches (affected platforms,...; Tags: SECURITY, Common Vulnerability Scoring System, vulnerability, Oracle Corp., Critical Patch Update, matrice, CVSS 2.0, severity; Discussion threads 2008-04-16

Adobe patches 7 issues, including Pwn2Own contest flaw and DNS rebinding issues: Adobe published an advisory covering issues, including a fix for the Pwn2Own flaw that we previously discussed here. Adobe's details are published here. One of the issues that was patched was discovered by myself and fellow researcher (and co-worker at Ernst & Young's Advanced Security Center) Rob Carter, see the picture to the...; Tags: Adobe Systems Inc., DNS, Domain, Lookup, Microsoft Internet Explorer, Web Browser, Domain Name, Flaw, Rob, Flash, XmlHttp Request, Kicker, Domain Names, Web Browsers, Networking, Internet, Nathan McFeters; Blog posts 2008-04-09
Apple bolsters QuickTime defenses... or do they?: A couple of great articles came out recently, one from Ryan Naraine and one from our very own Larry Dignan, about some of the defenses that Apple is trying to build into QuickTime to defend Vista users. As we've talked about here before, with Vista, it's all...; Tags: Apple QuickTime, Blog, Microsoft Windows Vista, Apple Inc., Data Execution Prevention, ASLR, David Maynor, Microsoft Windows Vista (Longhorn), Blogging, Digital Music, Digital Media, Operating Systems, Microsoft Windows, Software, Internet, Personal Technology, Consumer Electronics, Nathan McFeters; Blog posts 2008-04-08
Adobe Flash Pwn2Own details released by ZDI...: ... and unfortunately leaves much to be desired. I think many people were hoping for the disclosure from ZDI to contain a lot of details on what could've been exploited with this issue, unfortunately, the details just aren't really there. In fact, after reading it, I think I have more...; Tags: User Interaction, Adobe Systems Inc., Vulnerability, Adobe Flash Player, ZDI Advisory, Security, Nathan McFeters; Blog posts 2008-04-08
Microsoft patches Vista, Windows Server 2008, IE: Microsoft delivered 10 patches including six critical ones on Tuesday. Among the critical patches for Vista, Windows Server 2008 and Internet Explorer. Critical patches by the CVEs: CVE-2008-0083: Covers Windows Vista and Windows Server 2008. Microsoft says: "A remote code execution vulnerability...; Tags: Web, Attacker, Microsoft Windows Server, Vulnerability, Microsoft Internet Explorer, Microsoft Corp., Microsoft Windows Server 2008, Microsoft Windows, Security, Operating Systems, Software, Larry Dignan; Blog posts 2008-04-08
Secure coding: the invisible elephant: The last couple of weeks, I've been trying to vaguely connect the dots between social computing, cloud computing and traditional process based systems. There are multiple legs to the story but one that had pretty much escaped my attention was the security angle. I will not claim any special expertise...; Tags: Software, Google Inc., Database, Cloud Computing, Information Technology, Computer Science, Microsoft Corp., Computer, Ms Davidson, Tools & Techniques, Security, Management, Dennis Howlett; Blog posts 2008-04-08
Hidden Secrets: The Nightmare (zip): Hidden Secrets: The Nightmare Attempted murder victim Flora Dale wakes up briefly as she is rushed into the ER. Uncertain of how she got there, and with her strength failing, she is unable to tell the doctors anything and quickly falls into a deep coma. As she lies trapped in...; Tags: Secret, GreenAppleGames, Security; Software downloads 2008-03-25
Defeating the Same Origin Policy part 2: In my first post in this series, I discussed the Same Origin Policy and how it protects us from some very serious attacks, the dangers of domain name based trust, and how to attack implementations of the Same Origin Policy within the Java Virtual Machine (JVM). In order to demonstrate...; Tags: Permission, Applet, Attack, Programming Languages, Java, Security, Software Development, Software/Web Development, Nathan McFeters; Blog posts 2008-03-24
Security: Lintel vs Wintel: In the PC community "security" just means defending against attacks aimed at destroying or misusing all or part of a computer system. In that context most of the complexities associated with trying to decide whether wintel or lintel will expose you to less security risk arise from the absense of...; Tags: Wintel, Attacker, Vulnerability, Flaw, National Vulnerability Database, Petreley, Security, Paul Murphy; Blog posts 2008-03-24
Microsoft confirms Word attacks: Microsoft has confirmed reports of vulnerability in Word that allows an attacker to exploit a system via the Microsoft Jet Database Engine, which shares data with Access, Visual Basic and third party applications. Microsoft in its advisory said the potential for attack is "very limited." Reports of...; Tags: Microsoft Corp., Attack, Microsoft Word, Word Processors, Microsoft Windows, Microsoft Office, Security, Office Suites, Software, Operating Systems, Larry Dignan; Blog posts 2008-03-24
Apple's week of patching: Camera compatibility flaw patched: Apple on Friday shipped a security update for Aperture 2, iPhoto 7.1.2 with iLife Support 8.2. Here's what Apple had to say in an advisory about CVE-2008-0987: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution Description: ...; Tags: Apple Inc., Security Update, Camera, Flaw, Security Administration, Patches, Security, Larry Dignan; Blog posts 2008-03-20
Security update breaks printer drivers, Instant Hijack component: Discussion boards are breaking with reports of SSH and printer problems caused by Apple's late Tuesday release of Mac OS X's Security Update 2008-002. However, fixes can be had. Rogue Amoeba Software released a compatibility fix for its Instant Hijack component that is often installed by the...; Tags: SSH, Printer Driver, Discussion Board, Instant Hijack, Leopard, PIE, Printers, Security, Hardware, Peripherals, David Morgenstern; Blog posts 2008-03-19
Major flaw in State of Pennsylvania online voter registration puts user data at risk: Update: Microsoft is NOT at fault for this! There seems to be some confusion within the talkbacks on this subject about this being Microsoft's fault, and also some strange claims that development shops who do only .NET programming are more likely to program insecurely. This is just, in fact,...; Tags: Google Inc., Pennsylvania, Detail, Application Security, Flaw, Voter Registration, Security, Nathan McFeters; Blog posts 2008-03-18
Someone get me rewrite: Apple delivers monster security update for OS X: Apple delivered a security update for Tiger and Leopard Tuesday with at least 80 patches addressing multiple vulnerabilities. You know it's a big patch haul from Apple when you read the advisory and: You're not sure where to begin; You're IMing fellow security...; Tags: Security, Apple Macintosh, Mac OS X Server, Server, Apple Inc., Apple Mac OS X, Apple Mac OS, Operating Systems, Desktops, Software, Hardware, Larry Dignan; Blog posts 2008-03-18
Defeating the Same Origin Policy part 1: Defeating the Same Origin Policy part 1ouh... That made my head hurt.Excellent post. I wasn't sure wither to laugh or scream. Worrisome, I will say that.And while this subject is, in fact, no laughing matter, the way you made it look so easy made me laugh anyway. ...; Tags: Same Origin Policy, attack, applet, JavaScript; Discussion threads 2008-03-14
Defeating the Same Origin Policy part 1: The Same Origin Policy is one of the guiding principles that seek to protect our browsing experience. The Same Origin Policy was originally released with Netscape Navigator 2.0 and has been incorporated in one form or another in every major browser since. The concept has additionally been extended...; Tags: Concept, Attacker, Java, Victim, Applet, Attack, Same Origin Policy, Nathan McFeters; Blog posts 2008-03-14