What is a Vulnerability?
In discussions and meetings with other information security professionals, I hear a lot of misinformation. I’m a geek and like to be more precise, rather than less. The use of the term vulnerability is a special pet-peeve of mine. The core of information assurance is making sure you don’t have serious vulnerabilities. So, what exactly […]
Bypassing User Activation Controls
My last blog about User Activation Controls suggested that they were of little help, even when they work. After all, user data (your documents, spreadsheets and such) are the most valuable things you have. Now, we’ll just trash UAC by bypassing it. We’ll do this by relying on a flaw: Microsoft loves itself. Remember, UAC […]
This Java Threat Is Really Confusing
For several months, there were rumblings in the hacker underground about some serious threats to Java and Apple’s OS X. ComputerWorld reported in late February 2012 that a new variant of an exploit called Flashback was making its rounds of Macs by using the browser and Java to get in. CNN followed by reporting that […]