Articles about full disclosure

A broken front door

That sound you hear is Splunk leaking data

Splunk has patched a slip in its JavaScript implementation that leaks user information. The advisory at Full Disclosure explains that the leak happens if an attacker tricks an authenticated user into visiting a malicious Web page. It only leaks the username, and whether or not that user has enabled remote access; but this …
Dunce's cap graffiti by cc 2.0 attribution

Mass break-in: researchers catch 22 more routers for the SOHOpeless list

Yet another disclosure tips 22 SOHO routers in the security bin, with everything from privilege escalation and authentication bypass to hard-coded credential backdoors. That disclosure – more than 60 vulnerabilities from big-name vendors including D-Link, Belkin, Huawei, Linksys, Netgear, Zyxel and Sagem – was made by Spanish …

Full Disclosure redux: under new management convenor Gordon Lyon (also author and maintainer of Nmap) has decided that the Full Disclosure list is too important a resource to let slide away into history, and has announced that he'll relaunch it. As reported last week, Full Disclosure's John …

RIP Full Disclosure: Security world reacts to key mailing list's death

The legendary Full Disclosure mailing list, where security researchers posted details of exploits and software vulnerabilities, is shutting down. The service, which had been running for nearly 12 years since July 2002, has been suspended indefinitely after list admin John Cartwright was no longer prepared to put up with the …
John Leyden, 19 Mar 2014
The Register breaking news

Sality botnet takedown plans posted online

Updated A self-describer "law-abiding citizen" has posted attack plans against the Sality botnet on the Full Disclosure security mailing list, along with a tongue-in-cheek warning not to enact them since that would be illegal. "It has come to my attention that it is not only possible but easy to seize control of version three of the …
Iain Thomson, 28 Mar 2012
The Register breaking news

MS fesses on silent security fixes

Microsoft has explained its rationale for quietly fixing some security vulnerabilities without issuing an associated bulletin. Such "silent updates" have been happening for years, but have escaped much notice outside the small community of reverse engineers. Normally the bugs in question are close relatives of disclosed …
John Leyden, 16 Feb 2011
The Register breaking news

McAfee inadvertently speeds creation of Metaploit IE exploit pack

A security researcher has credited McAfee for helping him to develop exploit code that cracks open an unpatched flaw in older versions of Internet Explorer. Moshe Ben Abu (AKA Trancer00t) used the flaw in IE 6 and 7 in knocking-up a module for the open-source Metasploit exploit database. "I didn't find the vuln', just found …
John Leyden, 12 Mar 2010
The Register breaking news

Frustrated bug hunters to expose a flaw a day for a month

A Russian security firm has pledged to release details of previously undisclosed flaws in enterprise applications it has discovered every day for the remainder of January. Intevydis intends to publish advisories on zero-day vulnerabilities in products such as Zeus Web Server, MySQL, Lotus Domino and Informix and Novell …
John Leyden, 12 Jan 2010
The Register breaking news

ImageShack hacked in oddball security protest

A hacking group has broken into one of the biggest image hosting websites on the net before uploading its manifesto. "Anti-Sec" broke into ImageShack to post a protest over sites that publish full disclosure material on security vulnerabilities, though how the attack furthers this agenda is unclear. The group, which also …
John Leyden, 13 Jul 2009
The Register breaking news

Romanian hacking group downs tools

A controversial Romanian hacker group famous for exposing security shortcomings on corporate and anti-virus websites has disbanded. The HackersBlog collective said it was calling it a day because their unpaid work in exposing SQL injection vulnerabilities was eating up the members' free time and had become boring. Well then, …
John Leyden, 24 Mar 2009
The Register breaking news

Firm threatens action against CCTV whistleblower

A row has broken out between a supplier of secure CCTV products and a whistle blower who discovered a vulnerability with the company's products that allowed world+dog to view static images from any camera connected to its servers. The flaw affects The LookC 4x4 server and Pro IX server, some of which are installed in primary …
John Leyden, 19 Sep 2008
The Register breaking news

Googlephone security team seeks bug hunters

Google's Android security team has appealed to bug hunters to help it iron out flaws in the platform. In a posting to a full disclosure mailing list, Android security staff concede that security bugs in complex software stacks are inevitable. They are inviting help from the security community in identifying and ironing out …
John Leyden, 20 Aug 2008

Linkedin spurns bug bounty hunter

Earlier this month, employees for LinkedIn, a social network site that caters to business people, received an unusual proposition from a security researcher who had just uncovered a vulnerability that put many of its users at serious risk. "If you are interested in the bug, we would like to give you first right of refusal to …
Dan Goodin, 31 Jul 2007
mozilla foundation

Mozilla: security researchers have too much power

Mozilla's security chief has stepped into the debate about the disclosure of security bugs by saying that software developers are at the mercy of bug hunters. Mozilla security chief Window Snyder called on security researchers to follow responsible disclosure guidelines, giving vendors a reasonable amount of time to fix bugs …
John Leyden, 26 Mar 2007

Create a news alert about full disclosure, or find more stories about full disclosure.

Biting the hand that feeds IT © 1998–2018