10 Infamous Moments In Security Research - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Feature
News
4/13/2006
02:55 PM
50%
50%

10 Infamous Moments In Security Research

1. SQL Slammer Researcher David Litchfield presents findings at Black Hat one week after Microsoft issues its SQL patch. Slammer worm that exploits that flaw dramatically slows Internet traffic in 2003.

2. Windows Plug and Play Internet Security Systems researchers in April 2005 discover Windows vulnerability that lets attacker take control of affected systems and remotely execute code. By August, Zotob worm exploits it.

3. Cisco IOS heap overflow Former ISS researcher Michael Lynn in July 2005 shows hackers could take control of a company's network. Cisco had issued a patch in April, but it still sues Lynn over the speech. The suit is later dropped.

4. Windows Metafile Researcher H.D. Moore and others post exploit code of this flaw in January, and researcher Ilfak Guilfanov writes unauthorized workaround. This prompts Microsoft to issue a patch five days ahead of schedule.

5. Oracle transparent data encryption Red-Database-Security researcher Alexander Kornbrust reports vulnerability in January 2006; Oracle patches it the same month.

6. Oracle PLSQL gateway Litchfield in January shows Black Hat attendees a vulnerability in Oracle's Procedural Language extension to SQL. Oracle has yet to patch.

7. Apple Mac iChat An unknown person posts on MacRumors.com an external link to the OSX/Leap.a Trojan on Feb. 13, 2006, the first virus for the Apple Mac OSX platform.

8. Internet Explorer createTextRange() Researcher Andreas Sandblad discovers flaw in March that lets hackers install malwarelike keystroke loggers. eEye Digital Security issues a patch.

9. Internet Explorer HTA files Dutch researcher Jeffrey van der Stad in March alerts Microsoft to problem with how IE processes HTML apps. Van der Stad pares back information about the bug on his Web site when Microsoft complains.

10. Sendmail SMTP server software ISS in March finds vulnerability in this popular Internet E-mail transfer agent. Sendmail issues patch immediately.

Continue to the sidebar:
Avoid Alert Overload

Return to the story:
The Fear Industry

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
What Becomes of CFOs During Digital Transformation?
Joao-Pierre S. Ruth, Senior Writer,  2/4/2020
News
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
Slideshows
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
Register for InformationWeek Newsletters
Video
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll