ZDNet Definition for: Vulnerability Disclosure

Additional Resources

Sprint unveils location-based 'geobrowsing' on eve of WiMax launch

With the launch of its long-hyped WiMax service XOHM scheduled to debut in September in Baltimore, on Thursday Sprint announced a set of location-based personalization features that will enhance the user experience of WiMax subscribers by allowing them to, for example, quickly look up restaurants, check traffic and weather, and...

Tags: Sprint Xohm, Privacy, Sprint Communications, WiMAX, Wi-Fi, Wireless, Jason Hiner

Blog posts 2008-08-28

Intel ships BIOS fix for Rutkowska's Black Hat flaw

Intel has shipped a BIOS update with a fix for a privilege escalation vulnerability that was used by rootkit researcher Joanna Rutkowska to bluepill the Xen hypervisor. The vulnerability was discussed by Rutkowska at the Black Hat briefings earlier this month but details on the exploit were...

Tags: Black Hat, Hypervisor, Motherboard, BIOS Update, Intel Corp., Flaw, System Management Mode, Level Privilege, BIOS, Virtualization, Hardware, Components, Ryan Naraine

Blog posts 2008-08-27

Major security hole found in iPhone

Major security hole found in iPhonewhose fault?Seems to me you're blaming Apple for bad coverage when you should be blaming O2. Didn't they give you some sort of trial period when you sign up to see how the coverage was in your area?The risk Me-Firsters takeEr, I mean early...

Tags: Viruses and worms, Apple iPhone, security, 3G, security hole, phone

Discussion threads 2008-08-27

Who's Dumber: Bad Guys … Or Good Guys?

Who's Dumber: Bad Guys … Or Good Guys?Bad guys don't need applauseJust money. So they'll modestly attempt to avoid receiving their due when they compromise systems. I wouldn't assume that not hearing about a success means the success has not occurred.Also, this statement is confusing:Now, we have the...

Tags: SECURITY, flaw, exploit code, Bad Guys, exploit

Discussion threads 2008-08-27

Major security hole found in iPhone

Gizmodo has unearthed a security flaw in the iPhone OS and boy is it a doozy. According to the post it's simple to access a locked iPhone's address book, Mail, SMS, Contacts, and Safari. The vulnerability works like this on a password protected and locked iPhone: ...

Tags: Apple iPhone, Text Messaging/SMS/MMS, Telephony, Security, Viruses And Worms, Cellular Phones, Consumer Electronics, Personal Technology, Online Communications, Networking, Jason D. O\'Grady

Blog posts 2008-08-27

iPhone passcode lock rendered useless

Do not trust that passcode lock on Apple's iPhone. The feature, which lets users set a four-digit pincode to limit access to the device, can be easily bypassed with a few finger taps on the iPhone to give an intruder access to sensitive information. ...

Tags: Apple iPhone, Register, E-mail, Text Messaging/SMS/MMS, Telephony, Telecom & Utilities, Cellular Phones, Online Communications, Consumer Electronics, Personal Technology, Networking, Ryan Naraine

Blog posts 2008-08-27

Linux under attack: Compromised SSH keys lead to rootkit

Linux under attack: Compromised SSH keys lead to rootkitLinux under attack: Compromised SSH keys lead to rootkitLOL! And the hits to linux just keep coming! So thats 4 different incidents within a week's time of how badly linux sucks. Poor linus must be hiding under his bed trying...

Tags: Operating systems, UNIX, Rootkits, OPEN SOURCE, Linux, SSH, attack, Compromised SSH, Compromised, Microsoft Windows, rootkit, security

Discussion threads 2008-08-26

Linux under attack: Compromised SSH keys lead to rootkit

The U.S. Computer Emergency Readiness Team CERT has issued a warning for what it calls "active attacks" against Linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to...

Tags: Linux, SSH, Attack, U.S. Computer Emergency Readiness Team, Rootkits, Security, Spyware, Adware & Malware, Ryan Naraine

Blog posts 2008-08-26

Apple's biggest rumor: iPod or Jobs?

The Apple rumor mill is back in action - and this time the bloggers are calling the date: Sept. 9. That's the day the company is expected to announce a new look for the iPod Nano, a new version of iTunes, an OS X update and more.  Apple, of course,...

Tags: Job, Steve Jobs, Apple iPod, Health Care, Apple Inc., Vertical Industries, Benefits, Healthcare, Enterprise Software, Software, Human Resources, Sam Diaz

Blog posts 2008-08-26

Microsoft, eat your own dog food

Microsoft, eat your own dog foodReally?"Using hidden aspects of Windows to advantage Microsoft's own applications has been disallowed and behavioral remedies including disclosure demanded."I can't find these in the DOJ settlement, please help: http://www.usdoj.gov/atr/cases/f9400/9495.htmWe can of course look to the EU which did demand documentation of a small subset of...

Tags: .NET, Middleware, food, Microsoft Corp.

Discussion threads 2008-08-26

Patch issued for Ubuntu security flaw

Patch issued for Ubuntu security flawGood thing[i]A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service.[/i]Good thing I'd stopped letting malicious users into my house and giving them access to my desktop.RE: Patch issued for Ubuntu security flawLOL!!...

Tags: UNIX, Operating systems, OPEN SOURCE, Linux, security, Ubuntu security flaw, Ubuntu security, Ubuntu

Discussion threads 2008-08-26

Patch issued for Ubuntu security flaw

Canonical has warned users of all machines running recent versions of Ubuntu to patch their systems and shut an open door for hackers. Canonical is the latest Linux vendor to patch a vulnerability in the open-source operating system's kernel that could have left the door open for hackers to...

Tags: Ubuntu, Linux Company, Linux, Open Source, E-mail, UNIX, Operating Systems, Security, Software, Online Communications, Renai LeMay ZDNet Australia, Canonical, patch, vulverability, hackers

News items 2008-08-26

Facebook refuses to fix obvious security flaw

Facebook refuses to fix obvious security flawFixed.Looks like Facebook has fixed the bug. I just clicked the link and saw this text: The bug is fixed :)RE: Facebook refuses to fix obvious security flawSuch as the fact that applications completely ignore any user privacy options and have the ability to...

Tags: Viruses and worms, Facebook, obvious security flaw, security, security flaw

Discussion threads 2008-08-26

Carbon Control Software Home Edition (exe)

Every year inactive computers make a contribution to climate change in the form of millions of tones of CO2. Play your part in preventing global warming by using Carbon Control Software Home Edition. It works by switching off your computer when its not being used and can help reduce your...

Tags: Computer, Carbon Control Software, Productivity

Software downloads 2008-08-26

Facebook refuses to fix obvious security flaw

[ UPDATE:  Facebook has reversed itself and fixed this vulnerability ]  The Register's Dan Goodin has the scoop on an obvious security vulnerability that's being ignored by the powers at Facebook. The issue, as demonstrated by this proof-of-concept, shows...

Tags: Facebook, Social Networking, Security, Cyberthreats, Viruses And Worms, Online Communications, Marketing, Advertising & Promotion, Ryan Naraine

Blog posts 2008-08-25

New StopBadware guidelines take aim at software update bundling

If the StopBadware coalition has its way, software updaters from Sun Microsystems see screenshot above and Apple will carry the embarrassing "badware" label. According to a draft of revamped guidelines (.pdf) from the Google-backed computer security consortium, the badware label will expand to...

Tags: Software, Guideline, Automatic Update, Consent, Apple Inc., Software Update, Patches, Tools & Techniques, Security, Management, Ryan Naraine

Blog posts 2008-08-25

Democratic National Convention site requires Silverlight and Move

Democratic National Convention site requires Silverlight and MoveWow, just wowSo, a party supposed to govern USA can be bought out by Microsoft to support a flash wannabe plugin.I am speechless. Will they make Windows only policy in Govt. agencies too? Perhaps they should use "OOXML" instead of PDF too?What???The liberals...

Tags: Microsoft Silverlight, Office Open XML, Active-X, Microsoft Corp., Adobe PDF

Discussion threads 2008-08-25

The ugly truth: Satan, social networks and security

The ugly truth: Satan, social networks and securityLovely Satan !It was around 90's when I 1st used Satan, those days were so much fun to me.Social Networks - Know your poisonI'm afraid that social networks won't do too much to fix their code - They want it as open as...

Tags: security, SATAN, social networking, network

Discussion threads 2008-08-25

Intuit: software and services. Are you kidding me?

I must admit to have been befuddled by Larry Dignan's interpretation of Intuit's current go to market strategy as analogous to Microsoft's software plus services mantra. This is the salient quote from Intuit's Q4 earnings call my emphasis added: We've talked about the fact that our growth for the...

Tags: Software, Software-as-a-service, Intuit Inc., Payroll, Intuit QuickBooks, Service, SaaS Offering, Software As A Service (SaaS), Operational Accounting, Cloud Computing, Payroll Solutions, Emerging Technologies, Finance, Dennis Howlett

Blog posts 2008-08-25

Tech policy and presidential politics: Is it a vote getter?

Welcome to the week that is the Democratic National Convention followed by another one with the Republican National Convention. We'll get coverage out the wazoo with a heavy dose of the technology implications from our sister site and parent, News.com and CBS News, respectively. While the technology policies of Barack...

Tags: VP, Policy, Strategy, Regulations, Management, Government, Larry Dignan

Blog posts 2008-08-25