Today is March first, and that means the Month of PHP Bugs initiative has officially kicked off.  Every day for an entire month the folks from the Hardened-PHP Project will be releasing advisories for vulnerabilities in PHP.  If you have PHP installed on any of your servers, you should keep tabs on the outcome of this project. First and ...

The number of so called 0day vulnerabilities seems to be on the rise and in response to this threat, a number of security researchers are pooling their skills to produce third party patches. There are plenty of arguments for why we're seeing this increase. Some would argue that it's due to improving skills of researchers coupled with a ...

I was pleased with the debate generated from my September 1st blog posting "Why all the hype about 0day". The Slashdot conversation was an active one and there were several solid points made regarding the risks of 0day vulnerabilities vs. known vulnerabilities. In that post, my hope was not to suggest that 0day attacks do not ...

The term "0day" has the power to make sys admins cringe. It the greatest fear of anyone tasked with protecting critical assets - a problem without an easy solution. Why? No, seriously why? 0day is a neon sign in the middle of Times Square. Once people start talking about it (at which point it's really not 0day), everyone is ...