A document that contains information and analysis about a threat or vulnerability. Advisories are sent out by an organization to a list of subscribers or is posted on a Web site such as CERT/CC Advisories at www.cert.org/advisories. See alert.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2008 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- Intel ships BIOS fix for Rutkowska's Black Hat flaw
- Intel has shipped a BIOS update with a fix for a privilege escalation vulnerability that was used by rootkit researcher Joanna Rutkowska to bluepill the Xen hypervisor. The vulnerability was discussed by Rutkowska at the Black Hat briefings earlier this month but details on the exploit were...
- Blog posts 2008-08-27
- iPhone passcode lock rendered useless
- Do not trust that passcode lock on Apple's iPhone. The feature, which lets users set a four-digit pincode to limit access to the device, can be easily bypassed with a few finger taps on the iPhone to give an intruder access to sensitive information. ...
- Blog posts 2008-08-27
- Linux under attack: Compromised SSH keys lead to rootkit
- Linux under attack: Compromised SSH keys lead to rootkitLinux under attack: Compromised SSH keys lead to rootkitLOL! And the hits to linux just keep coming! So thats 4 different incidents within a week's time of how badly linux sucks. Poor linus must be hiding under his bed trying...
- Discussion threads 2008-08-26
- Linux under attack: Compromised SSH keys lead to rootkit
- The U.S. Computer Emergency Readiness Team CERT has issued a warning for what it calls "active attacks" against Linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to...
- Blog posts 2008-08-26
- Red Hat (belatedly) confirms security breach
- More than a week after a cryptic note hinted at a security breach at Fedora, the open-source group has finally fessed up to two separate server intrusions that compromised the security of Red Hat's OpenSSH packages. The confirmation follows eight days of media speculation and conjecture over...
- Blog posts 2008-08-22
- More security holes appear in Microsoft Office
- In addition to this long list of missing Microsoft patches, there are at least three serious unpatched vulnerabilities in the Microsoft Office productivity suite. On August 12, the same day Microsoft released a slew of Office patches, TippingPoint's DV Labs published a bare-bones advisory warning about a...
- Blog posts 2008-08-21
- Exploit code published for Apache Tomcat flaw
- The United States Computer Emergency Response Team (US-CERT) has raised an alarm for a serious vulnerability in Apache Tomcat, warning that a proof-of-concept exploit is publicly available. The code, posted to Milw0rm.com, exploits a directory traversal vulnerability vulnerability in the way Apache Tomcat handles malformed requests. ...
- Blog posts 2008-08-21
- Opera patches 7 vulnerabilities but keeps one a secret
- Opera Software has shipped a new version of its flagship Web browser with fixes for at least seven documented security problems but details on one vulnerability -- a cross-site scripting issue reported by Chris Weber-- is being kept under wraps. Opera warned that one of the seven...
- Blog posts 2008-08-20
- uTorrent silently patches critical vulnerability
- If uTorrent is the client you use to download files, now might be a good time to hit that "check for updates" button. According to security alerts aggregator Secunia, there's a "highly critical" uTorrent vulnerability that could allow remote code execution attacks with rigged .torrent files. ...
- Blog posts 2008-08-18
- Levin out as Black Duck's CEO
- Black Duck Software -- a pioneer in the open source legal consulting business -- has lost its CEO. On Thursday, Douglas Levin, the company founder and a director at the Waltham, Mass.-based company, announced his resignation, effective Sept. 1. The announcement came the same day that...
- Blog posts 2008-08-15
- Microsoft investigating NSlookup.exe flaw, reported attacks
- Microsoft is investigating new public reports of a zero-day Windows vulnerability that's being exploited in the wild. According to a this SecurityFocus alert, the attacks are exploiting a remote code-execution vulnerability due to an unspecified error in NSlookup.exe, the command-line administrative tool used for testing and troubleshooting...
- Blog posts 2008-08-15
- Where on earth are these Microsoft patches?
- Lost in the shuffle of this month's Patch Tuesday barrage is the fact that a critical vulnerability in the ever-present Windows Media Player WMP was not fixed "because of a last minute quality issue." Microsoft originally listed the WMP update in the advance notice for August but,...
- Blog posts 2008-08-14
- Joomla hit by critical password-reset forgery flaw
- Heads-up to Joomla users:Â There's a patch out for a critical password-reset forgery issue that could compromise your content management system. Oh, by the way, it's already being actively exploited. The open-source group warns in an advisory that the issue affects Joomla version 1.5.5 and all previous...
- Blog posts 2008-08-13
- Jobs: App Store is huge; iPhone has a kill switch
- Jobs: App Store is huge; iPhone has a kill switchWhere are real journalists when you need them?Mr. Jobs also glossed over the fact one of the most useful apps, if not THE most useful, was booted off the AppStore presumably to appease AT&T. Netshare, which allows you to tether your...
- Discussion threads 2008-08-11
- MS Patch Tuesday: Critical IE, Office, Excel patches coming
- Next Tuesday (August 12th), Microsoft will ship 12 security bulletins with fixes for serious vulnerabilities in a wide range of of widely deployed products. Seven of the 12 bulletins will be rated "critical," Microsoft's highest severity rating. The critical bulletins will cover remotely exploitable...
- Blog posts 2008-08-07
- Adobe: Beware of fake Flash downloads
- Amidst confirmed reports that malicious hackers are starting to use fake Flash Player downloads as social engineering lures for malware, Adobe has issued a call-to-arms for users to validate installers before downloading software updates. The company's notice comes on the heels of malware attacks on Facebook, MySpace...
- Blog posts 2008-08-05
- Passports worth £2.5 million stolen in van hijack
- Passports worth £2.5 million stolen in van hijackInside Jobwhat a coincidence: the driver happened to stop for a paper and candy bar right at the spot where a couple of thieves saw an opportunity to take a van with a couple of cardboard boxes in them. ;)RE: Passports worth £2.5...
- Discussion threads 2008-07-29
- Apple CEO Jobs' life not in danger: report
- Apple CEO Jobs' life not in danger: reportFinally!I wonder if this will finally calm the fears of all these irrational people?RE: Apple CEO Jobs' life not in danger: reportAnd nothing was wrong and his health is still a private matter which is no one's business but his.RE: Apple CEO Jobs'...
- Discussion threads 2008-07-28
- FCC expected to rule against Comcast Aug. 1
- The Federal Communications Commission is expected to announce Aug. 1 that Comcast's network shaping of BitTorrent was wrong. According to the Wall Street Journal, regulators are expected to rule that Comcast violated policy by hampering BitTorrent sharing. The FCC has been dropping hints for weeks that Comcast...
- Blog posts 2008-07-27
- Gaping holes in RealPlayer patched
- Digital media delivery firm RealNetworks has shipped a high-prority patch to cover four gaping holes in its flagship RealPlayer software, warning that the vulnerabilities could put users at risk of code execution attacks. The patch comes a few hours after Secunia released an advisory warning for one...
- Blog posts 2008-07-25
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Intel IT Data Center Efficiency Initiative - Going Green
-
"See how Intel is consolidating down to 8 global data center hubs through the use of consolidation, virtualization and standardization. The initiative is expected to save Intel $1.8B by project completion.
- See how Intel plans to save $1.8 billion >>
- Sports and Technology
-
Major League Baseball pitches new app to iPhone users
At Apple's Worldwide Developers Conference in San Francisco, Jeremy Schoenherr of MLB.com demos At-Bat, a new iPhone app from Major League Baseball.
View the ZDNet video to learn more -
The SF Giants' new hi-tech ballpark
SF Giants CIO Bill Schlough discusses new technology upgrades at AT&T Park and outlines his dual role- managing technology operations at the backend while using hi-tech to improve player performance on the field.
View the ZDNet CIO Vision Series video - From our Sponsors
- Fantasy Football
-
-
3 Great Ways To Play Fantasy Football
Play for free, play to win cash prizes- up to $3500, or customize your own league.
Learn More » -
