6 of 15Image
Adobe Flash: Quick! Everyone update again!
The Adobe Flash Player Security Bulletins page shows 101 security updates, fixing some much larger number of vulnerabilities in the product since the release of version 9 a little over five years ago. None of these vulnerabilities was all that more egregious than the others, but the sheer number of them and Flash's weak updating process have meant that there are always large numbers of users who are vulnerable to known Flash vulnerabilities.
One of the most famous and consequential Flash vulnerabilities was used to penetrate RSA (the company) in order to compromise their SecureID two factor authentication tokens. Remediating this problem was expensive and, in the interim, large numbers of high-value customers were exposed.
Adobe has improved the update process, and both Google and Microsoft have (ironically) built Flash directly into their web browsers in order to use their stronger update processes to force Flash updates.
IIS is a sitting duck
Before Microsoft got its security act together, one of their most vulnerable products was one of the most exposed: IIS (Internet Information Server), the web server that comes with Windows. Both the Code Red and Nimda botnets were highly successful in exploiting vulnerabilities simply by sending HTTP requests to IIS servers.
eEye Digital Security employees Marc Maiffret and Ryan Permeh. They named it "Code Red" because Code Red Mountain Dew was what they were drinking at the time.
Code Red was the first widespread use of IIS vulnerabilities and must have been one of the major motivations behind Bill Gates's decision to make security a major priority at Microsoft. Within a few years IIS did a Charles Atlas, going from 90 pound security weakling to the most secure web server available. But at the time, IIS's reputation was deservedly in the gutter.
Nimda was also a pioneer in the use of multiple infection vectors: it could also spread via email, network shares, by surfing compromised web sites, and through back doors left by other bots.
iPwn! Hack an iPhone with an SMS message
Charlie Miller, now an engineer at Twitter, has long been known as one of the top researchers of Apple products. In August 2009 at the Black Hat security conference, Miller outdid himself with an iPhone hack that must have rattled some chains at Apple.
Miller, along with Collin Mulliner, demonstrated how they could send an SMS text message to an iPhone and compromise the phone automatically when the message was received.
The vulnerability led to no real-world attacks because Miller reported it responsibly to Apple, who had an update out in time for Black Hat. Had the wrong people discovered it earlier the consequences would have been severe.
To this day, the iPhone SMS hole remains one of the most eye-opening security vulnerabilities ever.
Image: Charlie Miller