Researchers slate 'month of bugs' launch for Wednesday
Claim to have unpatched vulnerabilities in Excel, IE and other Microsoft, Apple and Mozilla software
Computerworld - Starting tomorrow, a little-known group of security researchers will kick off a month of bug disclosures that target unpatched vulnerabilities in software from Adobe, Microsoft, Mozilla, Apple and others.
But the researcher who came up with the idea of month-long bugfests four years ago isn't optimistic that reviving the practice will have much of an impact on the general state of computer security.
The "Month Of Abysssec Undisclosed Bugs" (MOAUB) will feature flaws in Microsoft's Excel and Internet Explorer, the Linux-based cPanel Web hosting control panel, and other software, said Abysssec Security Research in a post to the firm's blog earlier this month.
"They're threatening -- at least, the companies affected will see it as a threat -- to release vulnerabilities on all kinds of software, from desktop applications to browsers," said Jamz Yaneza, threat research manager at Trend Micro, today.
Microsoft, which figured prominently in the MOAUB announcement, said it's aware of the group's plan. "As always, if and when a vulnerability is publicly disclosed, Microsoft will take immediate action to determine the appropriate response for our customers," said Jerry Bryant, group manager with the Microsoft Security Response Center (MSRC).
Yaneza said he had not heard of Abysssec before this.
According to the group's Web site, it is made up of four researchers -- none of whom were identified by a full name -- who specialize in penetration testing, exploit development and application security review. Abysssec's Web site was registered in 2008, but the WHOIS record is hidden behind a privacy wall.
However, LinkedIn listed Shahin Ramezany of Albany, N.Y, as a researcher at Abysssec. The group did not reply to an e-mailed request for an interview.
"Starting on the 1st of September, we will release a collection of [zero-days], Web application vulnerabilities, and detailed binary analysis (and [proof-of-concepts]) for recently released advisories by vendors such as Microsoft, Mozilla, Sun, Apple, Adobe, HP [and] Novel [sic]," the foursome said.
Yaneza said users should pay attention to the MOAUB disclosures, but he didn't seem worried about the threat.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts