Michael Sutton's Blog
September 2006 - Posts
How Prevalent Are SQL Injection Vulnerabilities?
[Update 01.31.07 - A follow up blog on the prevalence of XSS vulnerabilities has now been posted.] [Update 01.17.07 - This blog is now also available as a webcast .] Earlier this month, Mitre revealed that web application vulnerabilities have now claimed
Read More...
What is Google Binary Search and Should We Fear It?
Background The so-called Google Binary Search (GBS) gained a fair bit of press attention in July 2006, when PC World published an article entitled ' Google's Binary Search Helps Identify Malware '. In the article, Websense revealed that they
Read More...
Microsoft Black Tuesday - September 2006
Well, it's the second Tuesday of the month, a day that I affectionately refer to as 'Black Tuesday'. Today is the day that Microsoft unleashes their latest set of patches and system administrators scramble to apply them, but this time around,
Read More...
The Invisible Hand of 'Responsible Disclosure'
This morning, I read an interesting survey on the meaning of responsible disclosure conducted by Federico Biancuzzi . He did a solid job of pulling together the major players including software vendors, independent researchers and commercial vulnerability
Read More...
0day Attacks: Part Deux
I was pleased with the debate generated from my September 1st blog posting "Why all the hype about 0day" . The Slashdot conversation was an active one and there were several solid points made regarding the risks of 0day vulnerabilities vs. known
Read More...
Why All The Hype About 0day?
The term "0day" has the power to make sys admins cringe. It the greatest fear of anyone tasked with protecting critical assets - a problem without an easy solution. Why? No, seriously why? 0day is a neon sign in the middle of Times Square. Once
Read More...
Search
Go
This Blog
Home
Email
Tags
0day
AJAX
Binary Search
Black Tuesday
blacklist
certificates
Code Search
ColdFusion
EV SSL
google
Microsoft
Patches
phishing
resolutions
SQL Injection
SSL
Web 2.0
XSS
Navigation
Home
Blogs
Forums
Photos
Downloads
Archives
January 2008 (1)
June 2007 (2)
May 2007 (1)
April 2007 (2)
March 2007 (1)
February 2007 (3)
January 2007 (5)
December 2006 (4)
November 2006 (4)
October 2006 (3)
September 2006 (6)
August 2006 (1)
SPI Links
SPI Product News
Developer Security
SPI Dynamics
SPICON 2006
Syndication
RSS 2.0
Atom 1.0