Do you trust your software provider to reveal and remedy vulnerabilities in their software quickly? Do they do it quickly enough for you? Would you appreciate a service independent of your vendor that lets you find zero day vulnerabilities more quickly? Keep reading to learn Eeye Digital Security's response to this problem.
A zero-day vulnerability is a hole or a weakness in software that has not yet been fixed or patched by the software's developers. These vulnerabilities are prime targets for hackers who choose to exploit them for their benefit. While most computer users have a tendency to rely on vendors such as Microsoft or Adobe for updated information on such vulnerabilities, they are not necessarily the speediest or most reliable sources due to a variety of factors. To provide the computing public with a new source of information regarding zero-day vulnerabilities, Eeye Digital Security launched a new website in the past few days known as the Zero Day Tracker.
The Zero Day Tracker is a way for the public to view up-to-date lists of zero-day vulnerabilities that currently exist, as well as those that have been patched in the past. The Eeye website lists the vulnerabilities that have already been disclosed publicly, even if those disclosures did not come from the vendors themselves. Each listing has detailed information, such as the severity of the hole, its potential impact, the software it affects, and how one can protect themselves until it gets patched.
The necessity for the Zero Day Tracker site was explained by Eeye's chief technology officer and co-founder, Marc Maiffret. Maiffret explained that while a couple of companies such as Microsoft and Adobe do report their zero-day holes, the majority still do not, leaving the pubic uninformed and susceptible to attacks by hackers. With the Zero Day Tracker site, the public now has a “one-stop shop,” as he described it, for such information. The website's layout is such that visitors can easily find the most recent unpatched holes, as they are listed at the top. Visitors can find details on patched zero-day holes by year, dating back to 2005. As of right now, the site lists 21 unpatched holes, with the most recent appearing on September 17 of this year. The oldest unpatched hole is from November of 2005.
There are other resources on the web that list zero-day vulnerabilities, although it has been said that they are harder to navigate. The Department of Homeland Security's National Vulnerability Database is the one that is most widely used. Others include the US-CERT Vulnerability Notes Database, the Open Source Vulnerability Database, and the SecurityFocus Vulnerabilities Database.
As for which companies dominate the zero-day listings, Microsoft is at the top, although Apple has not been exempt either. While there is an existing notion that Apple products are safer against attacks, Maiffret stated that it is not necessarily true. He stated that the enormous market for Windows users and the amount of systems running the software makes it a target more worthy of a hacker's time. If they can successfully affect Windows software, it will reach a wider audience.
The creation of the Zero Day Tracker site was not only meant to help inform the public. It was also developed to put pressure on software vendors. According to Maiffret, the act of disclosing zero-day holes will cause vendors to take swift action to patch them to avoid negative publicity.
To read more on this topic, visit http://news.cnet.com/8301-27080_3-20017356-245.html
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting Security Articles
More By wubayou