September 2006 - Michael Sutton's Blog -
Sign in
|
Join
|
Help
SHOP PRODUCTS & SERVICES
EXPLORE & CREATE
CONNECT WITH OTHERS
SUPPORT & DRIVERS
COMMUNITY HOME
HP BLOGS
APP SECURITY BLOGS
APP SECURITY FORUMS
September 2006 - Michael Sutton's Blog
Michael Sutton's Blog
Home
Contact
Syndication
RSS for Posts
Atom
RSS for Comments
Recent Posts
Michael Sutton's Blog Status Change
PCI Requirement 6.6 - The Clock is Ticking
Microsoft Black Tuesday - June 2007
Identifying Web Application Technologies
Microsoft Black Tuesday - May 2007
Archives
April 2009 (1)
January 2008 (1)
June 2007 (2)
May 2007 (1)
April 2007 (2)
March 2007 (1)
February 2007 (3)
January 2007 (5)
December 2006 (4)
November 2006 (4)
October 2006 (3)
September 2006 (6)
August 2006 (1)
Sort by:
Most Recent
|
Most Viewed
|
Most Commented
How Prevalent Are SQL Injection Vulnerabilities?
[Update 01.31.07 - A follow up blog on the prevalence of XSS vulnerabilities has now been posted.] [Update 01.17.07 - This blog is now also available as a webcast .] Earlier this month, Mitre revealed that web application vulnerabilities have now claimed...
Published
09-26-2006 1:01 PM
by
erik.peterson
What is Google Binary Search and Should We Fear It?
Background The so-called Google Binary Search (GBS) gained a fair bit of press attention in July 2006, when PC World published an article entitled ' Google's Binary Search Helps Identify Malware '. In the article, Websense revealed that they...
Published
09-14-2006 2:46 PM
by
erik.peterson
Microsoft Black Tuesday - September 2006
Well, it's the second Tuesday of the month, a day that I affectionately refer to as 'Black Tuesday'. Today is the day that Microsoft unleashes their latest set of patches and system administrators scramble to apply them, but this time around...
Published
09-12-2006 11:15 PM
by
erik.peterson
The Invisible Hand of 'Responsible Disclosure'
This morning, I read an interesting survey on the meaning of responsible disclosure conducted by Federico Biancuzzi . He did a solid job of pulling together the major players including software vendors, independent researchers and commercial vulnerability...
Published
09-06-2006 1:04 PM
by
erik.peterson
0day Attacks: Part Deux
I was pleased with the debate generated from my September 1st blog posting "Why all the hype about 0day" . The Slashdot conversation was an active one and there were several solid points made regarding the risks of 0day vulnerabilities vs. known...
Published
09-05-2006 10:34 AM
by
erik.peterson
Why All The Hype About 0day?
The term "0day" has the power to make sys admins cringe. It the greatest fear of anyone tasked with protecting critical assets - a problem without an easy solution. Why? No, seriously why? 0day is a neon sign in the middle of Times Square. Once...
Published
09-01-2006 11:29 AM
by
erik.peterson
Privacy Statement