Sophos Techknow - Understanding Vulnerabilities [PODCAST]

Filed Under: Adobe, Apple, Featured, Microsoft, Oracle, Podcast, Security threats, Vulnerability

Welcome to another episode of Techknow, the podcast in which Sophos experts debate, explore and explain the often baffling world of computer security.

In this episode, entitled Understanding Vulnerabilities, Paul Ducklin and Chester Wisniewski demystify vulnerability jargon in a way that's useful to IT administrators.

After all, we've become so used to abbreviations like RCE, EoP and DoS that they have begun to lose their significance.

They stand for Remote Code Execution, Elevation of Privilege and Denial of Service respectively - problems that sound serious when written out in full, but somehow become "just one of those things" when reduced to acronym form.

But is an RCE worse than an EoP? Is a DoS less serious than an EoP? Where do Information Disclosure bugs fit in?

Chet and Duck help you answer these questions, and more, not only for the sake of interest, but also so that you can prioritise your patches in a way that fits your organisation best.

In the past week or so we've had biggish updates from Microsoft, Adobe, Oracle, and Apple; then we had updates to Microsoft's updates; then an emergency "Fix it" for Internet Explorer; and we've just this minute finished writing up the latest Firefox fixes.

So the timing of this Techknow could scarcely be better!

Listen now:

Listen later:

Download Sophos Techknow - Understanding Vulnerabilities [MP3]:

Other episodes you might like

, , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog