
Blog Posts
Signed Java Applet Security Improvements
Hi folks, it's Will Dormann. A few months ago I published a blog entry called Don't Sign that Applet! that outlined some concerns with Oracle's guidance that all Java applets....
• By Will Dormann
In CERT/CC Vulnerabilities
One Weird Trick for Finding More Crashes
Hi folks. It's Will Dormann from the CERT Vulnerability Analysis team. Today we're announcing the release of updates to both of our fuzzing tools, the CERT Basic Fuzzing Framework (BFF)....
• By Will Dormann
In CERT/CC Vulnerabilities
Forensics Software and Oracle Outside In
Hi, it's Will. In this post I will discuss the risks of using forensics software to process untrusted data, as well as what can be done to mitigate those risks....
• By Will Dormann
In CERT/CC Vulnerabilities
The Risks of Microsoft Exchange Features that Use Oracle Outside In
The WebReady and Data Loss Prevention (DLP) features in Microsoft Exchange greatly increase the attack surface of an Exchange server....
• By Will Dormann
In CERT/CC Vulnerabilities
Don't Sign that Applet!
Hi, it's Will. I've recently been looking into the state of signed Java applet security. This investigation was triggered by the Oracle blog post IMP....
• By Will Dormann, CERT Insider Threat Center
In CERT/CC Vulnerabilities
Java 7 Attack Vectors, Oh My!
While researching how to successfully mitigate the recent Java 7 vulnerability (VU#636312, CVE-2012-4681), we (and by "we" I mean "Will Dormann") found quite a mess....
• By Art Manion, Will Dormann
In CERT/CC Vulnerabilities
AMD Video Drivers Prevent the Use of the Most Secure Setting for Microsoft's Exploit Mitigation Experience Toolkit (EMET)
Microsoft EMET is an effective way of preventing many vulnerabilities from being exploited; however, systems that use AMD or ATI video drivers do not support the feature....
• By Will Dormann
In CERT/CC Vulnerabilities
Signed Java and Cisco AnyConnect
A few years ago, I published a blog entry called Signed Java Applet Security: Worse than ActiveX? In that entry, I explained the problems that arise when a vulnerability is …
• By Will Dormann
In CERT/CC Vulnerabilities
Effectiveness of Microsoft Office File Validation
Microsoft recently released a component for Office called Office File Validation that is supposed to help protect against attacks using malformed files....
• By Will Dormann
In CERT/CC Vulnerabilities
A Security Comparison: Microsoft Office vs. Oracle Openoffice
Recently, Dan Kaminsky published a blog entry that compared the fuzzing resiliency of Microsoft Office and Oracle OpenOffice....
• By Will Dormann
In CERT/CC Vulnerabilities
Get updates on our latest work.
Sign up to have the latest post sent to your inbox weekly.