vulnerability disclosure

Smashing Security #066: Passwords, pirates, and postcards

Flight simulators packed with password-grabbing malware, Facebook fighting Russian trolls, and how vulnerability researchers fear being sued.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Dave Bittner from The CyberWire podcast.


1 min read

Neutrino exploit kit adds former IE zero-day flaw to its arsenal

Guess what happened after vulnerability researchers published proof-of-concept code exploiting an Internet Explorer vulnerability?

A notorious exploit kit incorporated the code into its own arsenal.

David Bisson reports.


1 min read

heatsoftware.com

It’s time to get serious about the security of security products

Computer security vendors have been told to raise their game, and work more closely with vulnerability researchers.

Read more in my article on the Heat Software security blog.


0 sec read

Full Disclosure mailing list shuts down, but won’t fully disclose why

The Full Disclosure mailing list, which often published details of unpatched vulnerabilities, has announced it is shutting down.

But – ironically – it refuses to fully disclose why it is closing its doors.


8 sec read

“Hackers for Hire”. NATO video enters vulnerability disclosure debate

NATO turns its eye to hacking and the politics of vulnerability disclosure, in a newly-released video.


1 min read