Vulnerabilities

[chaitanya]

Need Help,

What is Vulnerability of a (OS/Ports)?
What damage it can cause to any machine?
Can we control or remove that Vulnerability?

Stay Tuned.

[Soda_Popinsky]

A vulnerability is usually a software flaw that can be taken advantage of, in software that operates over ports. The damage depends on the flaw and the software, and can range to unauthorized complete control. To remove the vulnerability, update your OS and services. Are you on windows? windowsupdate.microsoft.com

Try a firewall as well. Give Kerio a shot. If you are willing to pay, give Norton Internet Security a shot.

[chaitanya]

Hey Soda_Popinsky, thanks for your help.

Please correct me if I am wrong.

So a vulnerability is usually a software bug/error that can be taken advantage of, in software that operates over ports.

Can I say that, there's a software, lets take Telnet which operates over a port, which might have a flaw and the one who finds that can take advantage of it and cause damage.

Can I detect a Vulnerability? Also help me on if I want to write my own program to find vulnerability.

Thanks

Stay Tuned

[Tedob1]

...and would you like someone to tell you how to exploit the hole that the program someone writes for you finds?

[TheSpecialist]

Nessus is your friend.

[SirDice]

Originally posted here by chaitanya
What is Vulnerability of a (OS/Ports)?

Taken from Marriam-Webster:

Main Entry: vul·ner·a·ble
Pronunciation: 'v&l-n(&-)r&-b&l, 'v&l-n&r-b&l
Function: adjective
Etymology: Late Latin vulnerabilis, from Latin vulnerare to wound, from vulner-, vulnus wound; probably akin to Latin vellere to pluck, Greek oulE wound
1 : capable of being physically wounded
2 : open to attack or damage : ASSAILABLE
3 : liable to increased penalties but entitled to increased bonuses after winning a game in contract bridge
- vul·ner·a·bil·i·ty /"v&l-n(&-)r&-'bi-l&-tE/ noun
- vul·ner·a·ble·ness /'v&l-n(&-)r&-b&l-n&s, 'v&l-n&r-b&l-/ noun
- vul·ner·a·bly /-blE/ adverb

What damage it can cause to any machine?

That depends on the vulnerability and what service/process is vulnerable.

Can we control or remove that Vulnerability?

Again this depends on the vulnerability but there's usually a patch available to fix it.
Sometimes you cannot install the patch because it may interfere with 3rd party software.
Then you'll need to take a look at what exactly is vulnerable and how it could be exploited.
If the vulnerable service isn't needed simply uninstall it or otherwise disable it.

Can I say that, there's a software, lets take Telnet which operates over a port, which might have a flaw and the one who finds that can take advantage of it and cause damage.

Yes, you're getting the idea.

Can I detect a Vulnerability?

That depends on your ability. But as TheSpecialist pointed out there are programs that can search for known vulnerabilities. You can also subscribe to a couple of mailinglists to get information about known or probable vulnerabilities (bugtraq and vuln-dev spring to mind). If you're guru you can actively search for them. But then you'll need a good solid understanding of the OS, the service/process, several programming languages, using debuggers and a certain "drive" to solve the puzzel.

Also help me on if I want to write my own program to find vulnerability.

You're on thin ice here. Nobody here will probably help you to "hack" a program but I'm sure everyone will help you to protect it.

[Cybr1d]

Retina and Shadow Security Scanner are your friends too