August 10, 2007 3:44 PM PDT
Security Bites Podcast: Another look at perils of flaw disclosure
Listen Now
Robert Vamosi revisits a talk with Christopher Soghoian about the consequences of disclosing a vendor vulnerability to the public.
Listen to more episodes of this podcast at the Security Bites podcast archive.
Subscribe to this podcast
Subscribe to the podcast rss feed,
In this previous episode of the weekly Security Bites podcast, CNET's Robert Vamosi talks with security researcher Christopher Soghoian. A graduate student at Indiana University in Bloomington, Soghoian made a name for himself last year by making public an exploit for printing your own airline boarding pass. He went on to expose an Indiana University phishing scam, and report a man in the middle of an attack on the Bank of America key site authentication system.
In June, Soghoian went public with a flaw in how some vendors send updates to their extensions within Firefox. (The flaw isn't within Firefox. It concerns how the vendors--which include Google and Yahoo--choose to communicate with your browser through unencrypted servers.) Soghoian talks about the process of discovering this vulnerability and how he chose to work with the vendors before reporting it.
Security Bites will be back next week with a new episode and a slightly different format.
Continue the discussion
