10 Infamous Moments In Security Research
Posted by jericho
10 Infamous Moments In Security Research InformationWeek - Apr 17, 2006
1. SQL Slammer
2. Windows Plug and Play
3. Cisco IOS heap overflow
4. Windows Metafile
5. Oracle transparent data encryption
6. Oracle PLSQL gateway
7. Apple Mac iChat
8. Internet Explorer createTextRange()
9. Internet Explorer HTA files
10. Sendmail SMTP server software
While many of these are notable events, this list seems very centered around the last couple of years and doesn’t consider the bigger picture. The initial discovery/disclosure of certain vulnerability classes (Overflow, XSS, SQL Injection) seem like they would be big moments. What else should have been on the list?
they should have included the rpc-dcom bug, exploits of which (go bots!) still flooding the internet.
and the iis ida isapi vuln, which was exploited later on by code red.
Most of these don’t belong. It’s not the research, but the attacks that made them infamous. That said:
The Morris worm.
The research into how PGP got out of the country and associated persecution of Phil Zimmerman
NIST’s research that lead them to think it was a good idea to certify DES for another 5 years in 1997.
OSVDB’s decision to require registration to comment.
Requiring registration cuts the blog bot spam down to a few posts a day, vs dozens and dozens each day. Even with registration required, there is a way to bypass this in Word Press and still get a comment through. It isn’t posted, but still gets to the moderation queue when it shouldn’t.