CERT

Vulnerability Analysis Blog


July 2008 Archives

Safely Using Package Managers

By Ryan Giobbi on July 10, 2008 9:48 AM | Permalink

Hi, it's Ryan. Package managers partially automate the process of installing and removing software packages. Most package managers use cryptographic signatures to verify the integrity of packages. In the article Attacks on Package Managers, the authors describe how an attacker can abuse package managers that use digital signatures.


Continue reading Safely Using Package Managers
Categories:  Analysis

ActiveX Vulnerability Discovery at the CERT/CC

By Will Dormann on July 3, 2008 9:55 AM | Permalink

Hi, it's Will. Anybody who has been keeping an eye on the US-CERT Vulnerability Notes has probably noticed that I've published a lot of ActiveX vulnerabilities. So it should be no surprise to learn that we have been testing ActiveX controls and discovering vulnerabilities in the process.


Continue reading ActiveX Vulnerability Discovery at the CERT/CC
Categories:  Discovery, Web

« June 2008 | Main Index | Archives | September 2008 »

Recent Entries

Categories

Search this Blog

Related Links

Subscribe

Feedback

Send us feedback.
The content on this site is made available on an "as is" basis without any warranties and solely for your personal viewing. Carnegie Mellon University is not liable for any consequences arising out of your use of such materials.