Good news ! Hackbusters community is waiting for you !
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at:

Shellshock a Fail for Security Disclosure

Shellshock and the Xen vulnerability. One of these things is not like the other, and an expert says they can teach us a lot about how to disclose security vulnerabilities.

TORONTO: At the annual SecTor Toronto security conference, one of the key highlights for the last several years has been the Fail Panel, which examines the areas where the security industry did not succeed and where lessons of the past have still not been learned.

This year was no exception. At the 2014 edition of the Fail Panel, the major topic of discussion was the big brand-name vulnerabilities like Heartbleed, Shellshock and POODLE and how they are properly -- or in some cases improperly -- disclosed.

Securosis CEO and analyst Rich Mogull took particular aim at the Shellshock vulnerability and how it was disclosed. Shellshock is technically a vulnerability in the BASH (Bourne Again Shell) that could have enabled an attacker to inject and execute arbitrary commands on a vulnerable server.

Mogull noted...(continued)

View All Trending Stories