Bug-hunters say firms ignoring security holes
News Major software firms may be neglecting security vulnerabilities and putting their users at serious risk, according to bug-hunters at Swedish security firm Defcom. David Litchfield, a well-known bug-hunter with security company @Stake says that...
[October 18, 2000, 9:00]
Bug hunters find 'cookie' hole in IE
News Computer bug-hunters have pointed out a way to snare personal information from a "cookie" file if the victim uses Microsoft Internet Explorer and clicks on a disguised string of JavaScript code. Concerns about online security have taken a higher...
[May 12, 2000, 8:39]
Mozilla: Vendors still at mercy of bug hunters
News Software makers are at the mercy of bug hunters when it comes to flaw disclosure, Mozilla's security chief said on Saturday. Instead of disclosing a flaw to the vendor, Aitel wants bug hunters to sell vulnerability information to him.
[March 26, 2007, 9:19]
Android security team appeals to bug hunters
News Help from security researchers in the form of usable bug reports and responsible timelines will greatly assist us in securing the ecosystem of Android devices as quickly as possible. The security team behind Google's mobile platform, Android, has...
[August 19, 2008, 16:51]
Start-up reignites bug-disclosure debate
News The practice, in either case, veers away from the more traditional ways bug hunters have worked with software vendors and security firms. Bug bounty hunters have a variety of means to generate income, security researchers say.
[August 3, 2007, 15:48]
Second Firefox 2 bug discovered
News Release of the new web browsers set off a race among bug hunters to come up with the first security hole in either program. Contrary to claims on security mailing lists, the bug cannot be exploited to run arbitrary code on a PC running Firefox 2...
[November 2, 2006, 9:50]
Security exploits: Who's to blame?
News Up to that point, Ferris did everything according to Microsoft's "responsible disclosure" guidelines, which call for bug hunters to delay the announcement of security holes until some time after the company has provided a fix.
[September 6, 2005, 16:40]
Apple patches QuickTime security flaw
News One of the bug hunters behind the Month of Apple Bugs said he is stunned by the time it took Apple to fix the flaw. The publication kicked off the "Month of the Apple Bugs" project, which has been publishing a new Apple software bug each day in...
[January 24, 2007, 7:37]
Cursor flaw throws doubt on Vista security
News The cursor flaw is like a sign post for the bug hunters. But Dhamankar argues that Microsoft forgot to recheck all the possibilities that could lead to a buffer overflow after the original bug was found and patched in 2005.
[April 4, 2007, 16:27]
Oracle patches 103 flaws
News Oracle's chief security officer, Mary Ann Davidson, has responded in turn by saying bug hunters themselves can be a problem when it comes to product security. The company recently said it was adding more automation to its bug-checking process.
[January 18, 2006, 13:40]
Mozilla downplays Firefox 2.0 bugs
News Bug hunters appear to be in a race to uncover new security flaws in both Firefox 2.0 and Internet Explorer 7, which Microsoft released last week. At least two bug reports that indicated they affected the new Firefox release crossed over popular...
[October 26, 2006, 11:00]
Trend Micro flaw puts PCs in firing line
News Trend Micro credits iDefense Vulnerability Labs, which offers a bounty to bug hunters, for reporting the problem. Trend Micro is warning of a serious security flaw in several of its products that could cause a vulnerable PC to crash or be hijacked.
[February 9, 2007, 8:00]
New flaw discovered in MS Hotmail
News Hotmail is what all the big hunters set their sights on. It's not a trivial bug that has to do with formatting; it's the essential nature of the software," Haselton said. Bennett Haselton, Webmaster for Peacefire.org, said the flaw involves sending...
[May 10, 2000, 16:52]
iDefense launches format testing kit
News New tools could help bug hunters find vulnerabilities in popular file formats, such as the JPEG and GIF image formats. Flaws in how applications handle those file formats are drawing interest among security researchers, according to speakers at the...
[July 29, 2005, 16:50]
Oracle releases flaw details
News Oracle's chief security officer, Mary Ann Davidson, has responded in turn by saying bug hunters themselves can be a problem when it comes to product security. As part of its quarterly patch cycle, Oracle on Tuesday released fixes for a long list of...
[April 19, 2006, 8:20]
Worms find fertile ground in IM
News Discovered by virus hunters in late June, the so-called Choke worm marked the second attack aimed at MSN Messenger in as many months. IM viruses discovered so far have been relatively innocuous compared with virulent email-borne infections such as...
[August 15, 2001, 9:12]
Apple patches OS X
News Over the past few weeks, bug hunters, as part of an initiative called the Month of the Kernel Bugs, have published details on several new vulnerabilities in Mac OS X. Apple on Tuesday released a security update for Mac OS X to repair 31...
[November 29, 2006, 7:25]
JavaScript attack maps secure networks
News Instead, bug hunters have been focused on finding Web browser flaws that allow for a quicker and simpler PC hijack, he said. Security researchers have found a way to use JavaScript to map a home or corporate network and attack connected servers or...
[July 31, 2006, 9:00]
iDefense ups ante for bounty hunters
News Programmes such those from TippingPoint and iDefense offer a legitimate way for them to get paid for their bug hunting. Both iDefense and TippingPoint work with the reporter of the bug to disclose it to the maker of the faulty software so a fix can...
[July 27, 2005, 9:50]
Avoid the seven most common pitfalls of job-hunting
News Most employers can see through it in less time than it takes clients to find a bug in the latest release of your software. There's one problem with following stock CV and interview advice: you'll sound like you're following stock advice.
[July 16, 2002, 10:45]
