10 worst moments of security industry

InformationWeek Magazine - one of the world's leading IT magazines - has just released a list of the 10 worst moments of the world security industry .

Serious security flaws in the history of security industry

1. Security error in SQL

Just a week after Microsoft released a security patch for the SQL server database application, researcher David Litchfield presented his findings at the Black Hat forum. The slammer worm quickly exploited the application security flaw and slowed down the Internet system in 2003.

2. Security error in Windows 'Plug and Play' feature

In April 2005, Internet system security researchers found a bug in Windows ' Plug and Play ' feature that could allow hackers to take advantage of hijacking or executing remote code. on systems that make mistakes. Four months later (August 2005) Zotob worm with the ability to exploit the above security flaws has flared up strongly.

3. Buffer overflow error in Cisco IOS

In July 2005, Michael Lynn, a former ISS researcher, said hackers could take control of corporate networks through a security flaw in IOS software that controls network routers. (router) of Cisco. By April 2006, Cisco had just blocked this security hole and sued Lynn for revealing relevant information. The case later ended without any results.

4. Security error of Metafile format in Windows

In January 2006, HD Moore researcher, along with a number of others, posted code that exploited security flaws in the Windows file format metafile. Researcher Ilfak Guilfanov also successfully programed the exploit code. This is the reason why Microsoft must release the patch before the schedule up to 5 days.

5. Oracle's transparent data encryption error

In January 2006, researcher Alexander Kornbrust of Red-Database-Security officially published details of this security vulnerability. Oracle must also issue a patch shortly afterwards.

6. Error of Oracle PLSQL gateway gateway

In January 2006, in the presence of many people at the Black Hat Forum, Litchfield released a security error in the gateway Procedural Language extension to SQL (PLSQL) of the Oracle database application. So far this error has not been resolved.

7. Error in iChat Mac application

On February 13, 2006, an anonymous person was published on MacRumors.com website with an information link about the OSX / Leap.a trojan. This is considered the first virus targeting Apple OS X operating system.

8. Error creatingTextRange () of Internet Explorer

In March 2006, researcher Andreas Sandblad discovered this security error in Microsoft's Internet Explorer browser. Hackers can take advantage of exploiting malicious software such as spyware or keyloggers on users' systems. eEye and several other security vendors have released informal patches for this security error. On April 11, 2006, Microsoft fixed this error.

9. Security error in HTA file format of Internet Explorer

Dutch security researcher Jeffrey van der Stad, in March, warned Microsoft of a security flaw in the way Internet Explorer browser handles HTML tags. Van der Stad has removed the information about this security error on his website when Microsoft reflects on this public announcement.

10. Security error in SendMail SMTP

In March 2006, ISS detected a security error in the Sendmail server's SMTP protocol. Software developers have immediately released patches.