Zero Day – vulnerability is an undisclosed and uncorrected computer application vulnerability that could be exploited to adversely affect the computer programs, data, additional computers or a network. It is known as a “zero-day” because once a flaw becomes known, the programmer or developer has zero days to fix it.
Interestingly, the Microsoft search result poisoning exploit came just days after John Howie, senior director of online services security and compliance governance at Microsoft, told Britain’s Computing magazine that unlike RSA or Sony, Microsoft was extremely unlikely to be hacked by an advanced threat. “Sony was brought down because it didn’t patch its servers, it ran out of date software, and it coded badly. These are rookie mistakes,” said Howie. He likewise labeled RSA being exploited by a social engineering attack as a “rookie mistake.”
Read the full story here: http://www.informationweek.com/news/windows/security/231001352
Happy New Year! This is the first post of the year 2011! From CES 2011 here is Steve Ballmer with Microsoft’s Keynote at CES and they have some good stuff planned for 2011.