ritchie58 Posted September 28, 2010 Report Share Posted September 28, 2010 How confident are you that your computer is safe from an online attack? Chances are you rely on vendors like Microsoft and Apple to let you know when a security update is ready to be installed. (Google updates systems automatically.) But until a patch is released, that hole--known as a zero-day vulnerability--in effect makes your computer a sitting duck for anyone who writes an exploit for it and bothers to distribute it via e-mails and drive-by downloads on Web sites. EEye Digital Security launched a Web site recently that lists current zero-day vulnerabilities and offers an archive on ones that have been patched. The Zero Day Tracker compiles information on publicly disclosed security holes and provides details on them including what software they affect, how severe they are, the potential impact and suggestions for workarounds and other protection techniques. Marc Maiffret, co-founder and chief technology officer of EEye, describes the free site as a "one-stop shop" for zero-day information. "For the longest time the only company that would notify you about zero-days was Microsoft, and recently Adobe has started doing that," he said. "But there are still many other companies that have zero-day vulnerabilities that go unreported." The most widely used database of software vulnerabilities is the National Vulnerability Database sponsored by the Department of Homeland Security's National Cyber Security Division/US-CERT and run by the National Institute of Standards and Technology. There is also the Open Source Vulnerability Database, the US-CERT Vulnerability Notes Database and one run by SecurityFocus. But you have to do some digging on the sites to find the vulnerabilities that are unpatched. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.