underlying vulnerability as Code Red.
By that point, the vulnerability was
known for almost nine months and
widely reported because of Code
Red. Attacks that appear to come out
of nowhere are, in many cases, caused
by vulnerabilities that are almost a
If You Think You Have
Found a New Vulnerability ...
Contact the vendor for that
software. First, go to their security and
vulnerability lists and try to find a
contact. If you can’t do that, then
reach the Computer Emergency
Response Team (CERT) at www.
cert.org. “Try to Email them and say
you think you have found something
new and are not able to get through
to the vendor,” Winkler advises.
You can also report viruses to
CERT, though you should report them
to the vendor of your anti-virus
software first. They should have an
email address or a channel through
the program itself for virus reporting.
It would be good to know the
channel for reporting them before the
There are also a few things not to
do. “Many people put vulnerabilities
up on Bugtraq, another mailing list
[now archived at www.security
focus.com/archive/1]. But that gets it
out to all the bad guys sooner than the
good guys and helps the bad guys
break in,” warns Mr. Winkler.
Realize, too, that once you have
been infected, the damage is already
done. Though your anti-virus vendor
may have an update that will kill the
bug after the fact, reporting mostly
helps others to make ready before
they are hit. NV
About the Author
David Geer is a freelance
technology writer — www.geer
com.com — and sometimes
computer guru. Contact david@
YOUR COMPLETE BATTERY SOURCE
2-way Radio ● Cellular ● Digital ● Camcorder
Laptop ● Chargers ● Analyzers ● Cells
HIGHER CAPACITY ● HUGE SAVINGS!
Custom Assembly & Battery Rebuilding for:
• Handheld Radios • Laptop • Camcorder • Test Equipment
For More Information
isagEtact Ira Winkler, info@
.com, for information
about his books, presentations,
pen tests, and appearances.
OEM Battery Packs
20585 Camino Del Sol Unit B, Riverside, CA 92508
5000+ Batteries Online
nage is available
through www.amazon.com used,
and new from various private
sellers (though it’s no longer in
print, an updatedversion may be
. Eat www.micro
n sRinux, and VMS are
ource systems with
some proprietary exceptions.
g. SE ontact www.cisecurity.
elect Contact CIS in the
coXRT Contact: www.cert.org/
May 2007 65