|
In computer security, the word vulnerability refers to a weakness or other opening in a system. Vulnerabilities may result from bugs or design flaws in the system. A vulnerability can exist either only in theory, or could have a known exploit. Computer security is a field of computer science concerned with the control of risks related to computer use. ...
A computer bug is an error, flaw, mistake, failure, or fault in a computer program that prevents it from working correctly or produces an incorrect result. ...
An exploit is a common term in the computer security community to refer to a piece of software that takes advantage of a bug, glitch or vulnerability, leading to privilege escalation or denial of service on a computer system. ...
Vulnerabilities often result from the carelessness of a programmer, though they may have other causes. A vulnerability usually allows an attacker to trick the application into injecting data into its back end, execute commands on the system hosting the application, or use a flaw which allows for unintended access of memory to execute code with the privileges of the program. Some vulnerabilities arise from un-sanitized user input, often allowing the direct execution of commands or SQL statements (known as SQL injection), while others arise from more complex problems, such as unchecked buffers which can be overflowed so that code may be executed on the stack. SQL injection is a security vulnerability that occurs in the database layer of an application. ...
In computer programming, a buffer overflow is an anomalous condition where a program somehow writes data beyond the allocated end of a buffer in memory. ...
The method of disclosing vulnerabilities is a topic of debate in the computer security community. Some advocate immediate full disclosure of information about vulnerabilties once they are discovered. Others argue for limiting disclosure to the users placed at greatest risk, and only releasing full details after a delay, if ever. Such delays may allow those notified to fix the problem by developing and applying patches, but may also increase the risk to those not privy to full details. Such debates are have a long history in security; see full disclosure and security through obscurity. Full disclosure in computer security means to disclose all the details of a security problem which are known. ...
In computing, a patch is a software update meant to fix problems with a computer program. ...
Full disclosure in computer security means to disclose all the details of a security problem which are known. ...
In cryptography and computer security, security through obscurity (sometimes security by obscurity) is a controversial principle in security engineering, which attempts to use secrecy (of design, implementation, etc. ...
Several tools exist that can aid in the discovery of vulnerabilities in a system. Though these tools can provide an auditor with a good overview of possible vulnerabilities present on a network, they can not substitute the human element in vulnerability assessment. Vulnerability scanners can provide value in conjunction with an audit, but relying solely on scanners will mean false positives and a limited-scope view of the problems present in the infrastructure.
If one is concerned about the privacy and integrity of their system, they should take care to constantly apply patches and use tools which help mitigate the exploitation of vulnerabilities. Vulnerabilities have been found in every major OS, including Windows, MacOS, various forms of UNIX and Linux, and OpenVMS. Since security is an ongoing process, the only way to reduce the chance of a vulnerability being used against a system is constant vigilance.
External links
|
Feeds |
Contact