This article is part of the June 2005 issue of With SSL VPNs on the offense, will IPSec VPNs eventually be benched?
TECHKNOWLEDGE Exploit frameworks are the machine guns of automated attacks. Don't get caught on the wrong end of the barrel. The time between discovery of a vulnerability and the appearance of its exploit in the wild is shrinking from months to weeks to days. Soon, it could be a matter of hours. The reason: frameworks that make exploits alarmingly easy to create and launch. Sploits, street lingo for exploits, were once painstakingly difficult to create. Attackers would have to manually craft their scripts to exploit a buffer-overflow vulnerability or format-string flaw, manipulate a machine's memory locations, load their machine language code, and calculate the offsets needed to make the target box execute the code. It was a tedious process that gave software vendors the time to develop patches and workarounds, and enterprises the time to apply fixes. Sloppy coding often produced bug-ridden sploits that were unable to take full advantage of their target's vulnerability. No more. High-quality sploits are much easier to create with the maturation of exploit ... Access >>>
Premium Content for Free.
Nothing But 'Net: SSL VPNs provide cheap secure remote access
by Michael S. Mimoso, Editorial Director
SSL VPNs provide The Sports Authority, and a growing number of enterprises, with cheaper secure remote connectivity. Will they eventually slam dunk IPSec?
CrossTec's NetOp Desktop Firewall 3.0 Product Review
In this product review of small and medium sized business (SMB) Cross Tec NetOp Desktop Firewall 3.0 product, get information on the products logging, reporting and policy capabilities.
Unsecured RPCs can leave you open to attack. Take steps to secure your networks.
Hot Pick: Sana Security's Primary Response 3.0
Sana Security's Primary Response 3.0
Secure Reads: The Black Book on Corporate Security
Read a review of The Black Book on Corporate Security.
- Nothing But 'Net: SSL VPNs provide cheap secure remote access by Michael S. Mimoso, Editorial Director
Microsoft's regular patch release cycle is a combination of information, process and automated tools that makes updates go more smoothly.
Exploit frameworks are the machine guns of automated attacks. Don't get caught on the wrong end of the barrel.
TriGeo Network Security's TriGeo Security Information Manager 3.0
A review of the security information management product: TriGeo Network Security's TriGeo Security Information Manager 3.0.
E-mail Security: Symantec Mail Security 8200 series
Symantec's Symantec Mail Security 8200 series
Recent Releases: Security product briefs, June 2005
Learn about security products released in June 2005.
- Patch Tuesday
More Premium Content Accessible For Free
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...
Mobile device security is one of the biggest nightmares InfoSec pros face in the era of bring your own everything (BYOE). Simply banning employees ...