Why the Shellshock Vulnerability Is A Perfect 10

Why the Shellshock Vulnerability Is A Perfect 10

Another big buzz in the media again. Looks like there has been another dangerous vulnerability identified and rated a 10 for impact, and a 10 for exploitability. This is the threat we now know as the Shellshock Vulnerability.

The major concern is that, if an attacker has the skill to craft a packet to take advantage of the vulnerability, they can inject code that compromises a target machine.

That seems simple enough – and from a conceptual perspective, it is. So why it is rated so high? And how does it compare to the Heartbleed bug we recently heard so much about?

[Read more…]

Java Zero Day: Six ways to protect yourself

Java Zero Day

I am assuming you are reading this now because you saw this Security Alert for CVE-2013-4022 Released and:

  1. the panic has set in, or
  2. Oracle and Java have taken its toll or
  3. You are now getting e-mails from your executives asking if you are aware, and what you are doing about this!

Let’s quickly assess what the Internet is yelling at us about, and what the real threats are. [Read more…]