Targetting the OS is old hat….
The Register sums up the Black Hat briefings pretty well. The Operating System level has received a lot of scrutiny in recent years for security flaws and as a result there has been a good deal of improvement there and so now, researchers are heading to the low hanging fruit of the REST of the software stack, be it the drivers, or browsers, or office software. Another area of software were those class of programs that run checking for updates for OTHER software. It’s time to realize that most ANY piece of software could compromise system security and updates need to be expected for most any part of the “software stack”.
What’s troubling though is reports that many of these software vendors are unprepared for security disclosures from researchers. Many do not have an easy way to be contacted with security related issues. What this mean is that we may be in for somewhat of a rocky ride as malware writers would seem to gain an upper hand by software developers lack of preparedness. Hopefully though, it will force most all shops (large and small) to adopt standard was of dealing with security related issues and announcements.
BTW, the original article showed up at Security Focus and was redistributed by the Register.
Popularity: 1% [?]
Related Posts - Antivirus update response times We know that for Windows systems especially antivirus is a must. Up to date antivirus is the MOST important though. So how do the different vendors do in responsiveness and quick antivirus definition updates...? The SecurityFix has an article on just that today. The comparison is courtesy of av-test.org. Some......
- How to Remove Internet Security 2010 | Internet Security 2010 Removal Guide Internet Security 2010 is the name of a rogue antivirus application that is one of the more recent to be making the rounds. It will typically install itself on your system through the use of other malware. These rogue antivirus applications typically will pop up warnings and alerts about the......
- Opera Software patches Security holes Opera Software has released an update to the Opera web browser. The update addresses 2 security flaws. One flaw was related to the FlashPlayer plugin, the other was a code execution bug and affected Unix or Linux users. Opera 8 has recently been released for free download (without ads as......
Related Websites - webOS 1.4.5 Now Available For Sprint Palm Pre and Palm Pixi Users Last week, Palm finally released the webOS 1.4.5 update for the Sprint Palm Pre and Palm Pixi. While the latest OS upgrade is available in Europe since last month, there's still no news as to when Palm plans to release the webOS 1.4.5 update for Verizon and AT&T customers. If you......
- Black Hat // Webcast 28 - HTTP Parameter Pollution Vulnerabilities in Web Applications HTTP Parameter Pollution Vulnerabilities in Web Applications // Marco Balduzzi http://links.covertchannel.blackhat.com/ctt?kn=4&m=36625440&r=ODMwMzU3MTg2MAS2&b=2&j=MTAxNjM3NzA1S0&mt=1&rt=0 ----------------------------------- OVERVIEW: While input validation vulnerabilities such as XSS and SQL injection have been intensively studied, a new class of injection vulnerabilities called HTTP Parameter Pollution (HPP) has not received as much attention. HPP attacks consist of injecting encoded......
- Lending Club Update: Earning 15.6% NAR on P2P Lending Investments ~ ~ ~ April 2011 Update: Shutting Down My Lending Club Investments over Q&A Change ~ ~ ~ My Lending Club investment portfolio is continuing to look fairly impressive as we close the books on 2010. Summary Net Annual Return is up to 15.64% NAR. My highest observed NAR was 15.69%,......
Similar Posts
- The “secure software” dilemma
- McAfee Antivirus gives Windows XP Autoimmune disorder….
- A couple warnings related to fake security sites
- More Fake security sites
- Wireless Driver Vulnerabilities