Vulnerability: Definition and additional resources from ZDNet

A security exposure in an operating system or other system software or application software component. Before the Internet became mainstream and exposed every organization in the world to every attacker on the planet, vulnerabilities surely existed, but were not as often exploited.

In light of this madness, mostly perpetrated against Microsoft, the architecture of future operating systems has changed. Designing software to be bulletproof against attacks is like building a house where every square inch is fortified with steel and sensors that detect intrusions. Patching an existing operating system written by hundreds of programmers who were not dwelling on this issue when they wrote the code is an onerous job.

Security firms maintain databases of vulnerabilities based on version number of the software. If exploited, each vulnerability can potentially compromise the system or network. For a database of common vulnerabilities and exposures, visit http://icat.nist.gov/icat.cfm. See network security scanner and vulnerability disclosure.

Reproduced with permission from Computer Desktop Encyclopedia.
Copyright (c) 1981-2008 The Computer Language Company Inc.
All rights reserved.

Additional Resources

Storm Worm's Independence Day campaign: A Storm Worm's Independence Day campaign is circulating online using email as propagation vector, attempting to trick users into visiting a Storm Worm infected host, where a multitude of what looks like over five different exploits attempt to automatically infect the visitors next to the malware binary fireworks.exe. Historically, Storm...; Tags: Software, Malware, Worm, Exploit, Storm Worm, Day Vulnerability, Cyberthreats, Spyware, Adware & Malware, Viruses And Worms, Security, Dancho Danchev; Blog posts 2008-07-04
On deck from MS: Four 'important' patches but nothing for IE: On deck from MS: Four 'important' patches but nothing for IEAm I correct that uninstalling Safari mitigates the problem?I realize it isn't a fix but am I correct in believing that for the time being, removing Safari effectively closes off the only known attack vector that can utilize this vulnerability?...; Tags: Web browsers, SECURITY, patch management, flaw, Apple Safari, Apple Inc., Microsoft Corp., Microsoft Internet Explorer; Discussion threads 2008-07-03
On deck from MS: Four 'important' patches but nothing for IE: Next Tuesday, Microsoft plans to ship four security updates for multiple flaws affecting Windows, Microsoft SQL Server and Microsoft Exchange Server but the absence of fixes for publicly known Internet Explorer issues is causing raised eyebrows among security professionals. According to the company's advance notice for July's...; Tags: Patch Management, Microsoft Internet Explorer, Microsoft Corp., Flaw, Web Browsers, Microsoft Windows, Security, Internet, Operating Systems, Software, Ryan Naraine; Blog posts 2008-07-03
Apple caught neglecting iPhone security: Apple caught neglecting iPhone securityApple doesn't really care.I believe that Apple puts security of its products at the bottom of the list, with cool design at the top. All this stuff just proves me right, that sure they have a neat casing and a touch screen, but underneath it...; Tags: Apple Inc., Apple iPhone, security, iPhone security; Discussion threads 2008-07-03
Apple caught neglecting iPhone security: If you're waiting on iPhone 2 to standardize your business on the awesome new device (yeah, I'll be on line to buy one), you might want to pay attention to the conspicuous absence of iPhone security patches over the last four months. As WaPo's Brian Krebs reports,...; Tags: Apple iPhone, Apple Inc., Krebs, Apple Mac OS X, Operating Systems, Security, Software, Apple Mac OS, Ryan Naraine; Blog posts 2008-07-03

Tiller Beauchamp on the Recon 2008 conference: Guest Editorial by Tiller Beauchamp Earlier this month I had the opportunity to present RE:Trace at the Recon conference, a reverse engineering conference held every other year in Montreal, Canada. The conference consisted of three days of training and three days of talks in a single track. Topics...; Tags: Reverse Engineering, Kernel, Conference, Novell NetWare, LDAP, Operating Systems, Servers, Directory Services, Enterprise Software, Software, Hardware, Nathan McFeters; Blog posts 2008-07-02
Firefox 2 dirty dozen: Critical vulnerabilities patched: Mozilla has shipped a high-priority update for Firefox 2, warning that there are at least five serious vulnerabilities that could lead to code execution attacks. With Firefox 2.0.0.15, Mozilla fixes at least 12 documented vulnerabilities -- five rated critical -- that could put users at risk...; Tags: Mozilla Firefox 3.0, Mozilla Firefox, Critical Vulnerability, XSS, Mozilla Firefox 2.0, MFSA, Web Browsers, Internet, Ryan Naraine; Blog posts 2008-07-02
Remote code execution flaw in VLC Media Player: Researchers at Secunia have found a "highly critical" vulnerability that puts users of the cross-platform VLC Media Player at risk of remote code execution attacks. The vulnerability is confirmed in version 0.8.6h on Windows. Prior versions may also be affected. A patch is expected soon from...; Tags: Vulnerability, WAV, Secunia, Flaw, Security, Ryan Naraine; Blog posts 2008-07-02
Study: 637 million Google users surfing with insecure browser: According to a new study from researchers at Google, IBM and ETH Zurich, there are about 637 million Google users surfing the Internet with a vulnerable Web browser. Using data from Google search queries and security vulnerability aggregator Secunia, the study HTML or PDF found that a...; Tags: Google Inc., Mozilla Firefox, Apple Safari, Web Browser, Web Browsers, Internet, Ryan Naraine; Blog posts 2008-07-01
News to know: Apple patches; Adobe; XP-Vista; Yahoo: Notable headlines: Ryan Naraine: Apple plugs 25 Mac OS X security vulnerabilities. David Morgenstern: Apple releases Leopard 10.5.4 update Apple update notice. Robin Harris: Why computers fail Adobe: Adobe Advances Rich Media Search on the Web ...; Tags: Apple iPhone, Adobe Systems Inc., Google Inc., Web, Larry Dignan, Yahoo! Inc., Patch Management, Apple Inc., IBM Consulting Service, Web 2.0, 3G, Microsoft Windows, Channel Management, Open Source, Internet, Cellular Phones, Consumer Electronics, Personal Technology, Operating Systems, Software, Marketing; Blog posts 2008-07-01
Exploit code released for unpatched IE 7 vulnerability: Exploit code released for unpatched IE 7 vulnerabilityYour picture looks like Google hacked MicrosoftGoogle pages enter unannounced.Can this happen if another window isn't open?or a tab?There has to be somebody looking at the doc model, right?So if one uses IE one window, one website at a time, is this safe?I...; Tags: Web browsers, Construction, Microsoft Internet Explorer, exploit code, Microsoft Internet Explorer 7; Discussion threads 2008-06-30
Exploit code released for unpatched IE 7 vulnerability: Another day, another gaping hole affecting fully patched versions of Microsoft's Internet Explorer browser. According to a warning from US-CERT, proof-of-concept exploit code has been published for a new zero-day bug that can be used for a variety of malicious attacks against Windows users running IE 6,...; Tags: Attacker, Vulnerability, Frame, Microsoft Internet Explorer 7, Domain, Exploit Code, Microsoft Internet Explorer, Web Page, Web Browsers, Internet, Ryan Naraine; Blog posts 2008-06-30
HSBC sites vulnerable to XSS flaws, could aid phishing attacks: What would the perfect phishing attack from a social engineering perspective? The one that compared to using typosquatted domains impersonating the bank's web application directory structure is in fact using the bank's legitimate domain names as redirectors due to XSS flaws within. It's even more interesting to measure the average...; Tags: Bank, Vulnerability, XSS, Flaw, Phishing, Cyberthreats, Financial Services, Security, Viruses And Worms, Spam And Phishing, Dancho Danchev; Blog posts 2008-06-29
An effective way to treat Web 2.0 vulnerabilities: I'm personally a huge fan of the Matasano blog, and have a lot of respect for their group. I took a peek over at their blog today and noticed an article by Dave Goldsmith that deals with "Vulnerability Reporting in a Web 2.0 World Continued". In this...; Tags: Web, Web 2.0, Vulnerability, Defect, Security, Nathan McFeters; Blog posts 2008-06-28
Critical security alert issued for Tor: If you use Tor for anonymity/privacy on the Web, you might want to pay attention to this critical security announcement from project leader Roger Dingledine. According to the advisory, a known vulnerability in the Debian GNU/Linux distribution's OpenSSL package could allow an attacker to figure out private...; Tags: OpenSSL, Security Alert, Tor, Ssl/Tls, Security, Ryan Naraine; Blog posts 2008-06-27
Internet Explorer 'feature' causing drive-by malware attacks: Internet Explorer 'feature' causing drive-by malware attacksNo surprise hereEver single vulnerability in IE is due to a built in feature.In fact, IE itself can be considered a "zero day" attack friendly vector. The primary point of failure in IT security.what version?what version?RE: Internet Explorer 'feature' causing drive-by malware attacks[i]taking advantage...; Tags: Web browsers, Spyware, adware & malware, Cyberthreats, SECURITY, Microsoft Internet Explorer, malware, malware attack; Discussion threads 2008-06-27
Internet Explorer 'feature' causing drive-by malware attacks: My colleague at Kaspersky Lab Roel Schouwenberg see disclosure has discovered a drive-by malware download taking advantage of what Microsoft describes as an Internet Explorer "feature" to launch cross-site scripting attacks. The attack, discovered at a compromised legitimate site, is using a modified GIF file to exploit...; Tags: GIF, XSS, Malware, Microsoft Internet Explorer, Microsoft Corp., Attack, Schouwenberg, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Ryan Naraine; Blog posts 2008-06-27
ICANN and IANA's domains hijacked by Turkish hacking group: What happens when the official domain names of the organizations that issue the domain names in general, and provide all the practical guidance on how the prevent DNS hijacking, end up having their own domain names hijacked? A wake up call for the Internet community. The official...; Tags: Hacking, DNS, ICANN, Domain, Domain Name, Internet Assigned Numbers Authority, Domain Names, Internet, Networking, Dancho Danchev; Blog posts 2008-06-26
Zero-day flaw haunts Internet Explorer: Zero-day flaw haunts Internet ExplorerJelloWow, Ryan, that really tells me a lot. What does this vulnerability do? Change my hard drive into Jello?While the information is appreciatedit would have been nice if the headline had included that little number 6. It makes a huge difference.this flaw haunts only OLD Internet...; Tags: Web browsers, Manuel Caballero, Microsoft Internet Explorer, zero-day bug, Mozilla Firefox, vulnerability; Discussion threads 2008-06-26
Zero-day flaw haunts Internet Explorer: An unpatched cross-domain vulnerability in Microsoft's flagship Internet Explorer browser could expose Windows users to cookie hijacks and credentials theft attacks, according to a warning from security researchers. The zero-day flaw, which has been reported to Microsoft, is a variation of Eduardo Vela's IE Ghost Busters talk:...; Tags: Microsoft Internet Explorer, Zero-day Bug, Web Browsers, Internet, Ryan Naraine; Blog posts 2008-06-26

ZDNet Definition for: Vulnerability

Additional Resources

Neighboring Terms

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Cracking Open

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads

Site Help & Feedback

Site Map