Posts with tag "zero day"

Smoke Break: Sunny Days Episode

Smoke break time Such a beautiful day outside but I forsake in order to bring you this episode of Smoke Break. In this show I talk about bloggers being ignored once again even though this blogger broke a story that can seriously affect live – and deaths. On a less important point I also take a look at a couple of Microsoft stories being talked about in the blogosphere as well as a suggestion that the early adopter crowd should try spending some time in the real world. The last item in the show has to do with online security and just how safe are we really as we move towards cloud computing and living an online life.

Hope you enjoy the show and any and all comments are more than welcome.

Referenced Links:

NY Times Just Can’t Bring Itself to Put CAAFlog Blogger Scoop in a Headline [nw] :: BL Ochman
New Microsoft Office subscription bundle to hit in mid-July [nw] :: Mary Jo Foley
Microsoft Launches Consumer Subscription Offering [nw] :: Live Side
Yahoo To Be Sold For Parts [nw] :: Stowe Boyd
Curse Of Being an Early Adopter and Tech Blogger [nw] :: David Risley
The Black Market Code Industry [nw] :: Fast Company

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

Or you can

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

for later

Share this post:

Even setting records don’t save you from 0-day exploits

 

Firefox has a problem already No sooner than the wave of record setting downloads are drawing to a close word is that a critical exploit has been discovered in Firefox 3. As being reported by c|net news security blog D3F3NS3 1N D3PTH (isn’t that such a cute name for a blog <gag>) the vulnerability was originally reported by Tipping Point’s Zero Day Imitative and rates the flaw as critical.

Nothing is being said about the vulnerability at this point so that the Firefox team has a chance to confirm (or deny) the problem and issue a fix for it. From the c|net post

Although the Zero Day Initiative team does not offer specifics until the vendor has a chance to patch it, the blog post did say this vulnerability, which also affects Firefox 2, requires user interaction and could result in an attacker executing arbitrary code.

Mozilla is reported to be working on a fix.

I wonder if this will get Mozilla another entry in the book of records as the quickest vulnerability report for a product immediately following it setting a download record.

Share this post: