Sophos Techknow
Welcome to another episode of Techknow, the podcast in which Sophos experts debate, explore and explain the often baffling world of computer security.
In this episode, entitled Understanding Vulnerabilities, Paul Ducklin and Chester Wisniewski demystify vulnerability jargon in a way that’s useful to IT administrators.
After all, we’ve become so used to abbreviations like RCE, EoP and DoS that they have begun to lose their significance.
They stand for Remote Code Execution, Elevation of Privilege and Denial of Service respectively – problems that sound serious when written out in full, but somehow become “just one of those things” when reduced to acronym form.
But is an RCE worse than an EoP? Is a DoS less serious than an EoP? Where do Information Disclosure bugs fit in?
Chet and Duck help you answer these questions, and more, not only for the sake of interest, but also so that you can prioritise your patches in a way that fits your organisation best.
In the past week or so we’ve had biggish updates from Microsoft, Adobe, Oracle, and Apple; then we had updates to Microsoft’s updates; then an emergency “Fix it” for Internet Explorer; and we’ve just this minute finished writing up the latest Firefox fixes.
So the timing of this Techknow could scarcely be better!
Listen now:
(18 September 2013, duration 15’08”, size 9.1MB)
Listen later:
Download Sophos Techknow – Understanding Vulnerabilities [MP3]:
Previous Techknow episodes:
- Two-factor Authentication
- All about Java
- Understanding SSL
- Patching: should you lead, follow, or get out of the way?
- Busting Password Myths
Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/o4NUOA-E4nI/