Welcome Guest. | Log In| Register | Membership Benefits
July 05, 2006 (12:48 PM EDT)

Researcher Promises Browser Bug-A-Day

By Gregg Keizer , TechWeb Technology News

A security researcher has promised to release one browser vulnerability each day for the next month as part of his self-proclaimed "Month of Browser Bugs."

H.D. Moore, the lead developer for the Metasploit Framework open-source exploit project, and someone who regularly comes up with attack code, wrote on the group's blog that he intends to issue at least one Web browser flaw each day during July.

"The vendors have been notified and the time has come to start publishing the results," Moore said.

The five bugs posted as of Wednesday to yet another blog include three within Internet Explorer, one in Firefox, and another inside Apple's Safari browser.

As security vendor Symantec pointed out to its DeepSight alert system customers on Monday, Moore didn't initially spell out whether any of the flaws he intended to release had been fixed. As of Wednesday, however, Moore noted that one of the IE vulnerabilities and the Firefox bug have been patched.

French bug tracker FrSIRT has posted alerts on some of the browser bugs. Its warning on the Safari flaw -- the most recent disclosed by Moore -- classified the unpatched vulnerability as "low risk," for example.


SECURITY WHITE PAPERS AND REPORTS
Emerging Best Practices for Carrier IP Transformation
This vendor white paper – prepared by Alcatel-Lucent – identifies emerging best practices for planning, implementation, migration, and operations based on hands-on experience with IP Transformation initiatives across the globe.

Configuration Audit and Control for Virtualized Environments
Find out how to maintain the same level of stability and security across both virtual and physical environments, using the same software and approach.

CIGNA Finds Good Therapy: Builds a More Efficient Risk Management, Streamlined Compliance, and System Security Program
To bolster the vulnerability management portion of its overall risk management program, CIGNA selected QualysGuard, thus enabling the company to streamline control of its entire vulnerability management lifecycle: asset discovery, vulnerability assessments, track security fixes, and meet federal, state, and internal policy regulations.

Best Practices for Windows Vista Planning, Migration, and Ongoing Management
It is vital to ensure PC system and data security during migration to Windows Vista. This white paper highlights considerations that must be addressed over the entire migration process.

CAREER CENTER
Ready to take that job and shove it?
SEARCH
Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More Articles From Our Career Center

Advertisement


TechSearch for related stories



Specialty Resources

Featured Microsite


Microsites

Featured Topic

Additional Topics

Crush The Competition

TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.

Techencyclopedia

Get definitions for more than 20,000 IT terms.

Techwebcasts

Editorial and vendor perspectives


Vendor Resources


Focal Points