検索:
ホーム   »     »   Ten Infamous Moments in Security Research

Ten Infamous Moments in Security Research

  • 投稿日:2006年4月19日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

According to InformationWeek, that is.




  1. SQL Slammer
  2. Windows Plug and Play
  3. Cisco IOS heap overflow
  4. Windows Metafile
  5. Oracle transparent data encryption
  6. Oracle PLSQL gateway
  7. Apple Mac iChat
  8. Internet Explorer createTextRange()
  9. Internet Explorer HTA files
  10. Sendmail SMTP server software

No doubt that these are noteworthy events, but distilling “infamous moments” in security research to just 10 tends to miss out other significant infamous moments. As some security blogs (OSVDB) points out, “initial discovery/disclosure of vulnerability classes (Overflow, XSS, SQL Injection) seem like they would big moments.” Moreover, the “list seems to be very centered around the last couple of years.”


Personally, I would like to add these.



  1. RPC-DCOM bug (MS03-026) – bots love this


  2. LSASS bug (MS04-011) – bots also love this


  3. IIS IDA/IDQ ISAPI Filter Buffer Overflow (MS02-010) – to be exploited later on by code red


  4. PHP remote file inclusion vulnerability – not a bug in PHP per se, but in applications written in PHP. This bug class left a lot of linux/unix systems using affected PHP applications vulnerable. Most of the Linux bots found these days uses some form of this vulnerability to spread.

These ones are off the top of my head. Of course, there are a lot others that I’ve missed. But then again, adding more would make the length of the list greater than 10, which is the purpose of the original article.


No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.