Posts Tagged ‘vulnerability’

New NATO video about vulnerability market

Posted on: July 30th, 2013 by No Comments

In a recent video, titled Hackers for Hire, the world’s most powerful military organization looks at the life of hackers who search for vulnerabilities in operating systems and software products, for a bounty paid by their vendors. These hackers find security holes in systems, and tell the developers about them, giving them time to fix the bug and come out with a patch before telling the world about it.

Some other hackers choose the less ethical way, and sell these vulnerability details to the highest bidder on the open market, who may then use these details to exploit the weaknesses. One way or another, there is certainly an increasing market for vulnerabilities, as these bugs are worth a lot of money, according to the video.

The leader of Microsoft’s Security Outreach Team is an ex-hacker, who regularly seeks skilled IT security specialists to improve the company’s research efforts, using a huge talent pool of white hat hackers.

By Gergely Sumegi

Internet security tips – What is Microsoft EMET?

Posted on: July 29th, 2013 by No Comments

As the everyday PC user has more and more software on their computer originating from vendors big and small, the likelihood of an exploitable vulnerability remaining unpatched is ever growing. The developers of your anti-virus software or the vulnerable program might not be able to patch the vulnerability as quickly as they get discovered, but there are some helpful tools to make these vulnerabilities as hard to exploit as possible. One of these tools is Microsoft EMET.

Microsoft EMET stands for Enhanced Mitigation Experience Toolkit, and it is a utility that helps preventing software vulnerabilities from being exploited. EMET is using security mitigation technologies to achieve this goal to make exploitation as difficult as possible, as a possible attacker will face extra obstacles to get through. It can be used with any software, regardless of when it was written and who the author or vendor is; it doesn’t need to be a software product of Microsoft.

EMET can be downloaded from the Microsoft TechNet page, and requires the Microsoft .NET Framework to operate, which can be downloaded from the Download section of Microsoft’s website. The latest version, EMET 4.0 has got a Certificate Trust feature to detect man-in-the-middle attacks leveraging the public key infrastructure.

After installing, EMET must be configured to protect the piece of software you want to be protected. For this, you need to provide the name of the program and its location on your PC. The above mentioned Certificate Trust will need you to provide the list of websites you want to protect. For a detailed introduction please visit where you can download the latest version that comes with a detailed user guide.

By Gergely Sumegi