|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Computer Security News The Latest Computer Security News |
 |
|
|
LinkBack | Thread Tools |
04-18-2009, 06:01 AM
|
#1 (permalink) |
|
Analyst, Security Team
|
Vendor gets cold feet about revealing software flaw
Researchers have pulled out of a presentation which was expected to reveal details of a major security vulnerability, citing concerns that hackers could exploit the flaw.
The last minute cancellation of a press conference at the Black Hat security event was because the flaw was so sensitive that even revealing the vendor affected could potentially cause hackers to start poking around with applications or operating systems to try to figure it out, said Jeff Moss, Black Hat's CEO. The unnamed vendor has told the researchers that it could have a patch ready in a month or so, but it could take as long as four months, Moss said. There are fears that the problem could be as serious as the one in DNS revealed by Dan Kaminsky last year. "Apparently, it's harder to patch and harder to fix so it's taking longer than they thought," Moss said. Security researchers who present at Black Hat are encouraged to practice what's called "responsible disclosure," where the vendor is notified and allowed to create a patch before the vulnerability is publicly revealed. Moss said it's hopeful that the vendor and the researchers would be able to release a patch and the details at the same time. It wouldn't be the first time Black Hat has been on the bleeding edge of vulnerability disclosure. This time at least there haven't been any legal threats from the vendor, Moss said. In 2005, Michael Lynn, who worked for Internet Security Systems (ISS) at the time, had prepared a talk about how Cisco Systems' routers could be remotely compromised. Cisco and ISS ganged up to stop him. Lynn changed his presentation and instead spoke about VoIP. After hearing boos from the crowd, he switched to his original topic. He didn't release attack code but instead provided proof it could be done. Lynn had to quit his ISS job, and was sued by ISS and Cisco, but the lawsuit was eventually dropped after he agreed not to discuss its contents. http://www.techworld.com/news/index....&NewsID=114434
__________________
If we have helped you then please consider donating  Proud Member of ASAP & UNITE Since 2007 |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
04-21-2009, 02:45 PM
|
#3 (permalink) |
|
TSF Enthusiast
Join Date: Nov 2007
Location: Planet Earth
Posts: 2,205
OS: Windows 2K, XP Pro sp3, Windows Vista, Windows 7, Ubuntu
|
Re: Vendor gets cold feet about revealing software flaw
Somebody will find a way to exploit it anyways
__________________
 Those who can't write, write manuals. Don't trouble trouble until trouble troubles you... |
|
|
|
|
| Thread Tools | |
|
|
