.

ZERT - Zeroday Emergency Response Team

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Oct 21, 2006 7:09 pm

ZERT - Zeroday Emergency Response Team

ZERT, in a nutshell, is a group of security researchers that creates unofficial patches for zero day vulnerabilites before MS can.

Their Manifesto:

ZERT is a group of engineers with extensive experience in reverse engineering software, firmware and hardware coupled with liaisons from industry, community and incident response groups. While ZERT works with several Internet security operations and has liaisons to anti-virus and network operations communities, ZERT is not affiliated with a particular vendor.

ZERT members work together as a team to release a non-vendor patch when a so-called "0day" (zero-day) exploit appears in the open which poses a serious risk to the public, to the infrastructure of the Internet or both. The purpose of ZERT is not to "crack" products, but rather to "uncrack" them by averting security vulnerabilities in them before they can be widely exploited.

It is always a good idea to wait for a vendor-supplied patch and apply it as soon as possible, but there will be times when an ad-hoc group such as ours can release a working patch before a vendor can release their solution.


Their disclaimer:

Please keep in mind that while ZERT tests these patches, they are NOT official patches with vendor support and are provided as-is with no guarantee as to fitness for your particular environment. Use them at your own risk or wait for a vendor-supported patch.


http://zert.isotf.org/

Add your thoughts,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

skel

User avatar

Jr. Member
Jr. Member

Posts: 60

Joined: Wed Aug 30, 2006 11:31 am

Post Mon Oct 23, 2006 5:45 am

Re: ZERT - Zeroday Emergency Response Team

IMHO MS has never been a poineering company. MS has always had the philosopy of copy first and do better than the original.

So in this case too ZERT is pushing MS. I think more companies should be doing this. Eventually some of these unoffical patches may make windows more vulnerable and bring a bad name for MS products ( as if they dont have a bad name now  ;D he he he....)

Once MS feels threatned it will push their upgrades/ patches faster and better and ZERT will be no more.  :)
Skel
<<

Kev

Post Thu Oct 26, 2006 11:17 am

Re: ZERT - Zeroday Emergency Response Team

We need even more organizations like this one. The reality is MS pushed almost brutally to be the words only OS. Sometimes in what might be considered almost unethical in their tactics. The US government certainly thought so years ago when they found them guilty.

  Well, MS has gotten what they wanted, at least as far as most home users are concerned and now is the most cash rich company in the world.    Therefore in my opinion they should do whatever it takes to make sure their system is really secure. They have had a history of “if it ain’t broke why fix it” and has never been good at taking preventative measures.  Only after damage is done and people lives have been messed up have they taken action. 

Return to Links to cool sites.

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software