responsible disclosure

TechRepublic Resources

• sort by:
• Relevance
• Date
• Popularity

Firefox/Mozilla/Netscape exploit code

posted."Mozilla/Firefox/Netscape Browsers IDN URI Buffer OverflowDescription: Exploit code has been publicly posted for the IDN URIbuffer overflow in Mozilla, Firefox and Netscape browsers"Exploit Codehttp://www.frsirt.com/exploits/20050922.PwnZilla.phpThis exploit was reported last week, the code was released this week.but not to worry:"FireFox, Mozilla and Thunderbird Remote Command InjectionAffected:On UNIX platforms:Mozilla Firefox 1.0.6 and priorMozilla...

Tags: Web browsers, E-mail clients, Mozilla Corp., Mozilla Thunderbird, Mozilla Firefox

Discussion threads 2005-09-23

Bug hunters, software firms in uneasy alliance

Bug hunters, software firms in uneasy alliancearticle rootBug hunters, software firms in uneasy allianceAccording to Microsoft's "responsible disclosure" guidelines, bug hunters should delay the announcement of security holes until the company has provided a fix. However, independent security researcher Tom Ferris says that Microsoft takes way too long to fix...

Tags: alliance, bugs, flaws, full disclosure, hunter, microsoft, Microsoft Corp., Microsoft Response, responsible disclosure, security, software, Sonja Thompson

Discussion threads 2005-09-06

Additional Resources

Best Practices in e-Discovery and e-Disclosure: Using ZyIMAGE as Your Corporate Discovery and Disclosure Tool

Familiarity with discovery and disclosure processes is, by necessity, increasing. Many ZyLAB clients work in, or perform functions consistent with, investigative, intelligence and legal fields, so these clients typically have some type of existing knowledge about discovery and disclosure. However, compliance, auditing and security regulations have forced the corporate sector...

Tags: Disclosure, Discovery, Best Practice, Tool, Organizational Structure, Human Resources

White papers 2006-02-17

non-disclosure form

the company is seeking external system integrator to help solve some network issues. as the engineers/consultants will be accessing to the network information, the company would like to have the system integrator sign a non-disclosure form.appreciated someone able to share sample of a non-disclosure form? also shall this form...

Tags: non-disclosure form

Q&A 2006-08-25

Microsoft fights with researcher over Full Disclosure

Who's right on full disclosure?Should zero-day exploits ever be disclosed even if the vendor decides to wait a long time for the patch? Who's side do you take on this?http://blogs.techrepublic.com.com/Ou/?p=465

Tags: Patches, george_ou@..., Microsoft Corp.

Discussion threads 2007-04-09

Suffering in silence with data leaks

Recent state disclosure laws have had little impact when it comes to ensuring consumers are notified about data theft or loss. Merchants still have plenty of wiggle room when deciding whether to tell customers about security breaches.How can legislation effectively enforce these laws so that consumers are immediately informed when...

Tags: silence, data leak, Suffering, fraud, id theft, government, data, news, Sonja Thompson, security, Management

Discussion threads 2006-03-29

Conflict of Interest Disclosure Policy

Concerned that a client, vendor, consultant, or employee might have an undisclosed conflict of interest which may cause problems for your company? Implement a Conflict of Interest Disclosure policy. Use this policy as-is or customize it to meet your needs. This download is available...

Tags: Policy

Download resources 2008-08-22

Are BOTs aided by Open-Source model?

Dave Marcus ofMcAfee’s Avert Labs says that developers of malicious software includingTrojans and bots are benefiting from the open-source development model. Apparently developers of the Agobot malwarefamily are using CVS ConcurrentVersions System to manage source file and collaborate—this greatlyincreases the speed at which updates can be propagated and modificationschecked/tested.A...

Tags: bot, McAfeeÂ, open source

Blog posts 2006-07-28

404 Path disclosure in IIS 6.0

When I scan my SMS 2003 Site Server with GFI Languard, there is a medium level vulnerability that shows up. Its the "Web 404 path disclosure" vulnerability. Anyone know how I can remedy that? I've tried googling it and technet and even followed the link that GFI 6.0 provides but...

Tags: lsmith1989, Microsoft IIS 6.0, Microsoft IIS Server, Path, security, vulnerability

Discussion threads 2005-06-01

Thread safety and responsibility

Who should be responsible for thread safety?Should the component/object/function/library creator or consumer be responsible for maintaining thread safety?J.JaWho should be responsible for thread safety?I aslo want to know something about it.I hope to get the answer.Thank you!

Tags: Justin James, thread safety

Discussion threads 2007-03-28

IT Manager Webcast: Microsoft IT Compliance: Policy, HBI, SOX, and PCI (Level 200)

Disclosure of High Business Impact HBI information might cause severe material loss to Microsoft, the information asset owner, or relying parties. The attendee of this webcast will learn how Microsoft developed HBI policy that complies with SOX and the Payment Card Industry PCI standards. The attendee will also learn how...

Tags: Webcast, Sarbanes-Oxley Act, Compliance, PCI, Microsoft Corp., Sarbanes-Oxley, Regulatory Compliance, Asset Management, Quality, Regulations, Operational Accounting, Government, Financial Accounting, Finance, Human Resources, Policies And Procedures, Operational Planning, Business Operations

Webcasts 2008-04-03

The anxious new dawn of cybersnooping

It's in thereAt the risk of showing faulty memory, I think the Privacy Act already does more than the article gives it credit. It has always referred to systems of records MAINTAINED by an agency, with no reference to how the records were created or acquired. If an...

Tags: agency, FEDERAL REGISTER, Privacy Act, privacy, juststaff, it management

Discussion threads 2006-05-04

Prepare to comply with HIPAA privacy standards on individually identifiable information

On April 14, 2003, the Health Insurance Portability and Accountability Act HIPAA standards for the privacy of individually identifiable health information IIHI took effect. Healthcare organizations—including providers, insurers, and healthcare clearinghouses—must be fully aware of the effect of this pending regulation.You can read the official definitions of health information and...

Tags: compliance, HIPAA, HIPAA Privacy, individually identifiable health information, Scott Withrow

Technical articles 2003-07-07

A Guide to the Sarbanes-Oxley Act and Email Security

Email communication policy is an integral part of controls to safeguard information from unauthorized use, disclosure, modification, damage, or loss. Email communications is an important means of moving revenue and cost information to those analyzing it, a means of circulating financial reports internally, and communicating information to those who will...

Tags: Financial, Sarbanes-Oxley Act, E-mail Security, Email Communication Policy, Email Communication, E-mail, Cyberthreats, Sarbanes-Oxley, Regulatory Compliance, Online Communications, Security, Regulations, Government, Financial Accounting, Finance, Human Resources, Policies And Procedures

White papers 2004-11-01

What Happens to My Technotrash

During the last few years, GreenDisk have expanded their offering to serve consumers of electronics. The services are used by individuals and organizations that want to securely destroy their electronic information and properly dispose of their technotrash in a safe, legally compliant, and environmentally responsible fashion. GreenDisk will safely recycle...

Tags: GreenDisk

White papers 2007-02-02

Auto e

I'm running Exchange 2003 and need to embed a disclosure message for all outgoing e-mail. Can anyone tell me the easiest way to accomplish this task?

Tags: E-mail servers

Q&A 2005-02-10

Tech firms, rights groups to form Web conduct code

Freedom of speech carries responsibilitiesI believe strongly in the freedom of speech. However many journalists have and do abuse that freedom by ignoring the responsibilities that go with it.If we are to enjoy the freedom to express our thoughts and views freely we must accept the responsibility to differentiate between...

Tags: BobtheTec, feedback, Web

Discussion threads 2007-01-23

How to avoid without sacrificing benefits?

Sometimes you’ve been blamed for what you are not responsible for. People seem that you are the one and you should. But your responsibilities wouldn’t give the privileges to do the things. Others mistake been counted as your. Why this happens?I think if you are not a good communicator and...

Tags: adnan_abbasi@..., avoiding unjust situations, career, benefit

Discussion threads 2006-06-27

DNS Question

I have a customer who is getting email rejected because the ip address will not reverse lookup to a dns name. I am responsible for the mail server, their ISP provides the IP address, and yet another company provides the name servers for their domain. Who is responsible for the...

Tags: DNS, Internet Service Provider, johnfinlay, NameServer, networking, server

Discussion threads 2005-02-11

Download this policy template to outline proper relationships with vendors

IT leaders and staff are continually interacting with vendors and establishing relationships. Download this conduct policy and disclosure form to use as a template for your own policy to ensure that your staff knows the proper conduct expected of them.Vendors plying their wares and products constantly approach tech leaders and...

Tags: Business structures, Judith N. Mottl, disclosure form

Technical articles 2002-04-12