underlying vulnerability as Code Red.
By that point, the vulnerability was
known for almost nine months and
widely reported because of Code
Red. Attacks that appear to come out
of nowhere are, in many cases, caused
by vulnerabilities that are almost a
year old.”
If You Think You Have
Found a New Vulnerability ...
Contact the vendor for that
software. First, go to their security and
vulnerability lists and try to find a
contact. If you can’t do that, then
reach the Computer Emergency
Response Team (CERT) at www.
cert.org. “Try to Email them and say
you think you have found something
new and are not able to get through
to the vendor,” Winkler advises.
You can also report viruses to
CERT, though you should report them
to the vendor of your anti-virus
software first. They should have an
email address or a channel through
the program itself for virus reporting.
It would be good to know the
channel for reporting them before the
situation arises.
There are also a few things not to
do. “Many people put vulnerabilities
up on Bugtraq, another mailing list
[now archived at www.security
focus.com/archive/1]. But that gets it
out to all the bad guys sooner than the
good guys and helps the bad guys
break in,” warns Mr. Winkler.
Realize, too, that once you have
been infected, the damage is already
done. Though your anti-virus vendor
may have an update that will kill the
bug after the fact, reporting mostly
helps others to make ready before
they are hit. NV
About the Author
David Geer is a freelance
technology writer — www.geer
com.com — and sometimes
computer guru. Contact david@
geercom.com.
YOUR COMPLETE BATTERY SOURCE
2-way Radio ● Cellular ● Digital ● Camcorder
Laptop ● Chargers ● Analyzers ● Cells
HIGHER CAPACITY ● HUGE SAVINGS!
Custom Assembly & Battery Rebuilding for:
• Handheld Radios • Laptop • Camcorder • Test Equipment
For More Information
O1:NCon
isagEtact Ira Winkler, info@
.com, for information
about his books, presentations,
pen tests, and appearances.
Authorized Dealer
OEM Battery Packs
sales@nicdlady.com
20585 Camino Del Sol Unit B, Riverside, CA 92508
5000+ Batteries Online
WWW.NICDLADY.COM
Toll Free
800/906-6423
T2:WThe
EspioObook Corporate
nage is available
through www.amazon.com used,
and new from various private
sellers (though it’s no longer in
print, an updatedversion may be
published soon).
T3:HMic
softRroso
.comEft is
. Eat www.micro
F4:OUni
opeUx, L
n sRinux, and VMS are
ource systems with
some proprietary exceptions.
F5:ICI
orVS C
g. SE ontact www.cisecurity.
elect Contact CIS in the
top menu.
S6:ICE
coXRT Contact: www.cert.org/
ntact_cert.
May 2007 65
