Zero-Day attacks have been in the news all year long, with one vulnerability after another. Whether it’s been Windows, Apple, Adobe or any of the other software vendors out there today, they have all had to chase down a patch, at some point, over the past 12 months. Zero-Day exploits, in case you are not familiar, are exploits that come out after the public release of a particular vulnerability and before (or on the same day) of a patch for that vulnerability. This window of opportunity can be minutes, days, weeks or even longer and Zero-Day refers to this period of time.
For the most part, the general public is kept in the dark when it comes to most Zero-Day vulnerabilities, but WorldStart readers aren’t the general public and I’m going to show you guys a cool Web service that will help keep you one step ahead of the attackers.
eEye Research is a company that has made a commitment to stay on top of current vulnerabilities and create solutions for them. They also provide, as one of their services, an online Zero-Day information Control Panel that they call the Zero-Day Tracker. What a great idea to have a list of all active and patched Zero-Day vulnerabilities, complete with full descriptions, work-arounds and other important information. Better yet, it’s all in one centralized location too!
With eEye’s Zero-Day Tracker, you can easily see if anything new has popped up on the cyber horizon that you should keep your “eEyes” open for and steer clear of.
For instance, if you link out there, at the moment, you would see (along with a slew of Microsoft susceptibilities) that there is an Apple QuickTime issue that is yet to be resolved. That tells me to maybe think twice about downloading that video player from the Web. That is, at least until they have a patch for it. Well, looky there. You just proactively protected your system, based on information and intelligent decision making. That will do a better job than any antivirus program on any day.
I’m going to pick on the QuickTime exploit again, because I think it’s funny when Apple has vulnerabilities. (I’m only going to use it to illustrate some useful points though!) For example, all the information you can get from the detailed descriptions of a particular Zero-Day exploit with the Zero-Day Tracker. In the image below, you will notice that there is an incredible amount of information regarding this specific Zero-Day exploit. You will also see some of the actions you can take to mitigate the potential effects of any potential exploits.
This is a very valuable addition to anyone’s security arsenal and it should be used semi-regularly, along with, of course, your updates and your Microsoft Baseline Security Analyzer. Oh, and don’t forget, your antivirus and anti-spyware scans.
I hope you find eEye’s Zero-Day Tracker as informative and useful as I did. Until next week, stay safe out there!
~ Chad Stelnicki