Security Advisory for NetWare 6.5 OpenSSH
This is a little information clarifying the exploitability of ZDI-10-169. Novell has classified this bug as a Denial of Service and will not be issuing a patch. Narrated by the Old Spice Guy.
ZDI Disclosure Policy Changes
As the 5th year anniversary of the TippingPoint ZDI program rolls around we have had a chance to reflect on the frequently changing vulnerability disclosure best practices utilized within our industry. From the days of no-disclosure, to full, to responsible, to coordinated, our policy has remained relatively the same. Throughout the lifetime of the ZDI we have maintained the same process of procurement and responsible disclosure to affected vendors. In doing so we have abided by these vendors' w ...
ZDI 2010 Milestone
This week the Zero Day Initiative has reached an impressive milestone of 125 advisories published thus far in 2010. This is impressive because 2009 saw a total of 101 advisories and we have surpassed that already, only halfway through the year. After 5 years the Zero Day Initiative has seen amazing growth both in terms of researcher participation and vulnerabilities acquired, and therefore vulnerability disclosure. That all being said, this isn't a numbers game for TippingPoint's ...
MOBOTS: WeatherFist Exposed
Last week, San Francisco was kind enough to play host to the annual RSA Security Conference. As you may remember from Jason Avery's last post, several TippingPointers were on-hand for the festivities. My colleague Derek Brown and I were fortunate to be granted an engagement in the "Research Revealed" track. We presented our case study in mobile phone botnets entitled "MOBOTS: A Pocketful of Pwnage." Catchy, right? We both felt that the talk was a great success and, despite the modest yet respectable attendance, the audience seemed to enjoy our antics as much as we did. As is the norm for such things, our live demonstration ran long and we didn't get to parlance with the audience for as long as we'd hoped. To that end, and for the benefit of those not fortunate enough to make it to The City by the Bay, we would like to expound on some of the specifics of the talk that have garnered the much of the post-RSA interest.
RSA Conference 2010 Talks
Hey all! Jason here giving this year's RSA participates a heads up on talks to not miss. This year, TippingPoint is presenting five talks and panels, with three sessions by members of the DVLabs team. If you're going to be at the show, be sure not to miss these talks. Tuesday, March 02 01:00 PM Blue Room 103 Session Code: EXP-106 Session Title: The Seven Most Dangerous New Attack Techniques and What Is Coming Next Session Abstract: Nation states an ...
