CMPSCI 177 - Computer Security Fall 2011 First Homework - Security Terms and Obtaining Vulnerability Information Due: Thursday ,29SEP 11 2:00pm Part I Answer questions 1,4, 11, and 18 at the end of Chapter 1 in Bishop’stext. Part II 1. Your task is to find out the details of the Stuxnet worm. In particular ,what type of vulnerability (i.e., what feature, etc. failed) is it? Also, what applications were affected? 2. Is there a patch for this vulnerability? If yes, who generated the patch? Does it fix all occurrences of the vulnerability identified in question 1, above? If no, whynot? 3. What is a "zero-day exploit"? Did the Stuxnet worm contain a zero-day exploit? If yes, howmany? Part III The intent of this part is to get you familiar with the vulnerability databases that are available online. 1. Go to Mitre’s CVE web site (http://cve.mitre.org).
This is the end of the preview. Sign up
access the rest of the document.