Search Results for: search

Microsoft and Google are?bashing each other on the zero-day exploit in Windows 8.1 that was disclosed by Google last week following a 90 days grace period. Disclosing is a broad term when speaking about vulnerabilities and exploits – you can disclose to the public the fact that there is a vulnerability and then you can disclose how to exploit it with an example source code. There is a big difference between just telling the world…

Continue reading

In recent ten years, I was involved in the disclosure of multiple vulnerabilities to different organizations and each story is unique and diverse as there is no standard way of doing it. I am not a security researcher and did not find those vulnerabilities on my own, but I was there. A responsible researcher, subjective to your definition of what is responsible, discloses first the vulnerability to the developer of the product via email or…

Continue reading

I got a call last night on whether I want to come to the morning show on TV and talk about Google?s recent findings of alleged Russian sponsored political advertising. Advertising that could have impacted the last US election results, joining other similar discoveries on Facebook and Twitter and now Microsoft is also looking for clues. At first instant, I wanted to say, what is there to say about it but still, I agreed as…

Continue reading

Public disclosure of vulnerabilities has always bothered me and I wasn’t able to put a finger on the reason until now. As a person who has been involved personally in vulnerabilities disclosure, I am highly appreciative of the contribution security researchers on awareness and it is very hard to imagine what would the world be like without disclosures. Still, the way attacks are being crafted today and their links to such disclosures got me into…

Continue reading

The beginning of the cyber park There are very few occasions in life where you personally experience a convergence of unrelated events that lead to something?something BIG! I am talking about Beer-Sheva, Israel?s desert capital. When I started to work with Deutsche Telekom Innovation Laboratories at Ben-Gurion University 9 years ago it was a cool place to be, though still quite small. Back then, security?which was not yet referred to as cybersecurity?was one of the…

Continue reading

Overview The security level of a computerized system is as good as the security level of its weakest links. If one part is secure and tightened properly and other parts are compromised, then your whole system is compromised, and the compromised ones become your weakest links. The weakest link fits well with attackers? mindset which always looks for the least resistant path to their goal. Third parties in computers present an intrinsic security risk for…

Continue reading