Security Balance

A lot of noise about a new research that “cracked” WPA was made this week. Well, there are more details about it today, and they clearly show that the WPA sky is not falling. There is a very good abstract of what is happening on the article above: “To describe the attack succinctly, it’s a [...]

I was visiting Dan Kaminsky’s blog today and I noticed that he is creating a community council to help on the disclosure of big vulnerabilities like the one he found on DNS and others that followed, including that famous one on TCP that Robert E. Lee and Jack Louis are planning to disclose after vendors [...]

This is how Chris Hoff is calling the fact that vulnerability researchers don’t spend time looking for holes in commercial (and expensive) software products, like virtualization platforms. I think we are living with this for a long time. I can mention mainframe software (even without buying hardware researchers could run it on emulators like Hercules), [...]