Wednesday, July 30, 2008

How many BIG vulnerabilities will there be?

So far in 2008, there has been the Debian vulnerability with SSL Keys and the just recently publicized DNS flaw. There are two major conferences coming up (Black Hat and DefCon.) What's the next major flaw to be released/found? Or, how many flaws/vulnerabilities will pop up before 2008 is through?

In today's news, I see that HD Moore's site became a victim of the attack. I wonder where the responsibility lay? Is it AT&T and their server or an internal issue?

Also, I see that Oracle has released mitigation to a zero-day exploit that addresses a buffer overflow. For a company to release mitigation outside of their regular schedule means the vulnerability is pretty serious.

We're half way through the year. How many more "big ones" are coming? How swamped, as information security warriors, will we be?

No comments:

Post a Comment