Slashdot Mirror
Domain: secunia.com
Stories and comments across the archive that link to secunia.com.
Comments · 2,642
-
Answer a question
QUESTION: How many unpatched security issues are there in those tools from Microsoft?
http://secunia.com/advisories/product/42761/
http://secunia.com/advisories/product/40664/
http://secunia.com/advisories/product/28234/
http://secunia.com/advisories/product/17543/
http://secunia.com/advisories/product/29592/
http://secunia.com/advisories/product/16896/
http://secunia.com/advisories/product/42480/
http://secunia.com/advisories/product/43263/
http://secunia.com/advisories/product/29809/
http://secunia.com/advisories/product/32977/
?
APK
P.S.=> This ought to be good for a laugh in watching you completely avoid answering the question above based on those products from Microsoft (which are pretty much all you need to create just above any business system no less)... apk
-
Answer a question
QUESTION: How many unpatched security issues are there in those tools from Microsoft?
http://secunia.com/advisories/product/42761/
http://secunia.com/advisories/product/40664/
http://secunia.com/advisories/product/28234/
http://secunia.com/advisories/product/17543/
http://secunia.com/advisories/product/29592/
http://secunia.com/advisories/product/16896/
http://secunia.com/advisories/product/42480/
http://secunia.com/advisories/product/43263/
http://secunia.com/advisories/product/29809/
http://secunia.com/advisories/product/32977/
?
APK
P.S.=> This ought to be good for a laugh in watching you completely avoid answering the question above based on those products from Microsoft (which are pretty much all you need to create just above any business system no less)... apk
-
You didn't ignore me (lol, liar)
You replied avoiding questions - That b.s. = "best you got"? You FAIL!"Run, Forrest: RUN!!!": I was correct: You've done ZERO! (Despite you cutting others down on a "lack of know-how" as you did (you pot-calling-a-kettle-black hypocrite))!
Thus your handle/nickname here FITS you & as far as you "ignoring me"? Your reply shows QUITE otherwise, lol...
Yes - You truly ARE "absolute zero", & have zero to combat my statements & challenges to you with.
"I'll stick with ignoring you, thanks. You do a great job of making my case for me without my help
You mistyped that: "I'll stick with my fud lies and you did a great job of putting me in my hypocritical talk a lot but did zero on my end, hence my nickname here"
FTFY... lol!
---
Here - chew on these now - they're security advisories from a reputable & respectable enough source:
http://secunia.com/advisories/product/42761/
http://secunia.com/advisories/product/40664/
http://secunia.com/advisories/product/28234/
http://secunia.com/advisories/product/17543/
http://secunia.com/advisories/product/29592/
http://secunia.com/advisories/product/16896/
http://secunia.com/advisories/product/42480/
http://secunia.com/advisories/product/43263/
http://secunia.com/advisories/product/29809/
http://secunia.com/advisories/product/32977/
* QUESTION: How many unpatched security issues are there in those tools from Microsoft?
---
You should be able to answer it - after all, lmao:
The answer = part of your name here, lol, & your personal level of accomplishments in the art & science of computing!
Go on:
Answer it (you won't - just like you avoided my others challenges to you, & I was correct on that too, lol: You're full of it, & haven't done SQUAT... but you sure "talk a big game". Clue - deeds are greater than hot air words!).
No, instead? All you have is bogus downmods vs. facts I stated & challenges put to you that you cannot match -> http://tech.slashdot.org/comments.pl?sid=4117625&cid=44642607
APK
P.S.=> By the way - the products I list above from Microsoft are pretty much ALL anyone needs to build things at any level almost!
( & yes, they are solid per that data from a respected enough source in the security realm in computing... which is MORE than a windbag like yourself has going for him by FAR!)
.. apk
-
You didn't ignore me (lol, liar)
You replied avoiding questions - That b.s. = "best you got"? You FAIL!"Run, Forrest: RUN!!!": I was correct: You've done ZERO! (Despite you cutting others down on a "lack of know-how" as you did (you pot-calling-a-kettle-black hypocrite))!
Thus your handle/nickname here FITS you & as far as you "ignoring me"? Your reply shows QUITE otherwise, lol...
Yes - You truly ARE "absolute zero", & have zero to combat my statements & challenges to you with.
"I'll stick with ignoring you, thanks. You do a great job of making my case for me without my help
You mistyped that: "I'll stick with my fud lies and you did a great job of putting me in my hypocritical talk a lot but did zero on my end, hence my nickname here"
FTFY... lol!
---
Here - chew on these now - they're security advisories from a reputable & respectable enough source:
http://secunia.com/advisories/product/42761/
http://secunia.com/advisories/product/40664/
http://secunia.com/advisories/product/28234/
http://secunia.com/advisories/product/17543/
http://secunia.com/advisories/product/29592/
http://secunia.com/advisories/product/16896/
http://secunia.com/advisories/product/42480/
http://secunia.com/advisories/product/43263/
http://secunia.com/advisories/product/29809/
http://secunia.com/advisories/product/32977/
* QUESTION: How many unpatched security issues are there in those tools from Microsoft?
---
You should be able to answer it - after all, lmao:
The answer = part of your name here, lol, & your personal level of accomplishments in the art & science of computing!
Go on:
Answer it (you won't - just like you avoided my others challenges to you, & I was correct on that too, lol: You're full of it, & haven't done SQUAT... but you sure "talk a big game". Clue - deeds are greater than hot air words!).
No, instead? All you have is bogus downmods vs. facts I stated & challenges put to you that you cannot match -> http://tech.slashdot.org/comments.pl?sid=4117625&cid=44642607
APK
P.S.=> By the way - the products I list above from Microsoft are pretty much ALL anyone needs to build things at any level almost!
( & yes, they are solid per that data from a respected enough source in the security realm in computing... which is MORE than a windbag like yourself has going for him by FAR!)
.. apk
-
You didn't ignore me (lol, liar)
You replied avoiding questions - That b.s. = "best you got"? You FAIL!"Run, Forrest: RUN!!!": I was correct: You've done ZERO! (Despite you cutting others down on a "lack of know-how" as you did (you pot-calling-a-kettle-black hypocrite))!
Thus your handle/nickname here FITS you & as far as you "ignoring me"? Your reply shows QUITE otherwise, lol...
Yes - You truly ARE "absolute zero", & have zero to combat my statements & challenges to you with.
"I'll stick with ignoring you, thanks. You do a great job of making my case for me without my help
You mistyped that: "I'll stick with my fud lies and you did a great job of putting me in my hypocritical talk a lot but did zero on my end, hence my nickname here"
FTFY... lol!
---
Here - chew on these now - they're security advisories from a reputable & respectable enough source:
http://secunia.com/advisories/product/42761/
http://secunia.com/advisories/product/40664/
http://secunia.com/advisories/product/28234/
http://secunia.com/advisories/product/17543/
http://secunia.com/advisories/product/29592/
http://secunia.com/advisories/product/16896/
http://secunia.com/advisories/product/42480/
http://secunia.com/advisories/product/43263/
http://secunia.com/advisories/product/29809/
http://secunia.com/advisories/product/32977/
* QUESTION: How many unpatched security issues are there in those tools from Microsoft?
---
You should be able to answer it - after all, lmao:
The answer = part of your name here, lol, & your personal level of accomplishments in the art & science of computing!
Go on:
Answer it (you won't - just like you avoided my others challenges to you, & I was correct on that too, lol: You're full of it, & haven't done SQUAT... but you sure "talk a big game". Clue - deeds are greater than hot air words!).
No, instead? All you have is bogus downmods vs. facts I stated & challenges put to you that you cannot match -> http://tech.slashdot.org/comments.pl?sid=4117625&cid=44642607
APK
P.S.=> By the way - the products I list above from Microsoft are pretty much ALL anyone needs to build things at any level almost!
( & yes, they are solid per that data from a respected enough source in the security realm in computing... which is MORE than a windbag like yourself has going for him by FAR!)
.. apk
-
You didn't ignore me (lol, liar)
You replied avoiding questions - That b.s. = "best you got"? You FAIL!"Run, Forrest: RUN!!!": I was correct: You've done ZERO! (Despite you cutting others down on a "lack of know-how" as you did (you pot-calling-a-kettle-black hypocrite))!
Thus your handle/nickname here FITS you & as far as you "ignoring me"? Your reply shows QUITE otherwise, lol...
Yes - You truly ARE "absolute zero", & have zero to combat my statements & challenges to you with.
"I'll stick with ignoring you, thanks. You do a great job of making my case for me without my help
You mistyped that: "I'll stick with my fud lies and you did a great job of putting me in my hypocritical talk a lot but did zero on my end, hence my nickname here"
FTFY... lol!
---
Here - chew on these now - they're security advisories from a reputable & respectable enough source:
http://secunia.com/advisories/product/42761/
http://secunia.com/advisories/product/40664/
http://secunia.com/advisories/product/28234/
http://secunia.com/advisories/product/17543/
http://secunia.com/advisories/product/29592/
http://secunia.com/advisories/product/16896/
http://secunia.com/advisories/product/42480/
http://secunia.com/advisories/product/43263/
http://secunia.com/advisories/product/29809/
http://secunia.com/advisories/product/32977/
* QUESTION: How many unpatched security issues are there in those tools from Microsoft?
---
You should be able to answer it - after all, lmao:
The answer = part of your name here, lol, & your personal level of accomplishments in the art & science of computing!
Go on:
Answer it (you won't - just like you avoided my others challenges to you, & I was correct on that too, lol: You're full of it, & haven't done SQUAT... but you sure "talk a big game". Clue - deeds are greater than hot air words!).
No, instead? All you have is bogus downmods vs. facts I stated & challenges put to you that you cannot match -> http://tech.slashdot.org/comments.pl?sid=4117625&cid=44642607
APK
P.S.=> By the way - the products I list above from Microsoft are pretty much ALL anyone needs to build things at any level almost!
( & yes, they are solid per that data from a respected enough source in the security realm in computing... which is MORE than a windbag like yourself has going for him by FAR!)
.. apk
-
You didn't ignore me (lol, liar)
You replied avoiding questions - That b.s. = "best you got"? You FAIL!"Run, Forrest: RUN!!!": I was correct: You've done ZERO! (Despite you cutting others down on a "lack of know-how" as you did (you pot-calling-a-kettle-black hypocrite))!
Thus your handle/nickname here FITS you & as far as you "ignoring me"? Your reply shows QUITE otherwise, lol...
Yes - You truly ARE "absolute zero", & have zero to combat my statements & challenges to you with.
"I'll stick with ignoring you, thanks. You do a great job of making my case for me without my help
You mistyped that: "I'll stick with my fud lies and you did a great job of putting me in my hypocritical talk a lot but did zero on my end, hence my nickname here"
FTFY... lol!
---
Here - chew on these now - they're security advisories from a reputable & respectable enough source:
http://secunia.com/advisories/product/42761/
http://secunia.com/advisories/product/40664/
http://secunia.com/advisories/product/28234/
http://secunia.com/advisories/product/17543/
http://secunia.com/advisories/product/29592/
http://secunia.com/advisories/product/16896/
http://secunia.com/advisories/product/42480/
http://secunia.com/advisories/product/43263/
http://secunia.com/advisories/product/29809/
http://secunia.com/advisories/product/32977/
* QUESTION: How many unpatched security issues are there in those tools from Microsoft?
---
You should be able to answer it - after all, lmao:
The answer = part of your name here, lol, & your personal level of accomplishments in the art & science of computing!
Go on:
Answer it (you won't - just like you avoided my others challenges to you, & I was correct on that too, lol: You're full of it, & haven't done SQUAT... but you sure "talk a big game". Clue - deeds are greater than hot air words!).
No, instead? All you have is bogus downmods vs. facts I stated & challenges put to you that you cannot match -> http://tech.slashdot.org/comments.pl?sid=4117625&cid=44642607
APK
P.S.=> By the way - the products I list above from Microsoft are pretty much ALL anyone needs to build things at any level almost!
( & yes, they are solid per that data from a respected enough source in the security realm in computing... which is MORE than a windbag like yourself has going for him by FAR!)
.. apk
-
You didn't ignore me (lol, liar)
You replied avoiding questions - That b.s. = "best you got"? You FAIL!"Run, Forrest: RUN!!!": I was correct: You've done ZERO! (Despite you cutting others down on a "lack of know-how" as you did (you pot-calling-a-kettle-black hypocrite))!
Thus your handle/nickname here FITS you & as far as you "ignoring me"? Your reply shows QUITE otherwise, lol...
Yes - You truly ARE "absolute zero", & have zero to combat my statements & challenges to you with.
"I'll stick with ignoring you, thanks. You do a great job of making my case for me without my help
You mistyped that: "I'll stick with my fud lies and you did a great job of putting me in my hypocritical talk a lot but did zero on my end, hence my nickname here"
FTFY... lol!
---
Here - chew on these now - they're security advisories from a reputable & respectable enough source:
http://secunia.com/advisories/product/42761/
http://secunia.com/advisories/product/40664/
http://secunia.com/advisories/product/28234/
http://secunia.com/advisories/product/17543/
http://secunia.com/advisories/product/29592/
http://secunia.com/advisories/product/16896/
http://secunia.com/advisories/product/42480/
http://secunia.com/advisories/product/43263/
http://secunia.com/advisories/product/29809/
http://secunia.com/advisories/product/32977/
* QUESTION: How many unpatched security issues are there in those tools from Microsoft?
---
You should be able to answer it - after all, lmao:
The answer = part of your name here, lol, & your personal level of accomplishments in the art & science of computing!
Go on:
Answer it (you won't - just like you avoided my others challenges to you, & I was correct on that too, lol: You're full of it, & haven't done SQUAT... but you sure "talk a big game". Clue - deeds are greater than hot air words!).
No, instead? All you have is bogus downmods vs. facts I stated & challenges put to you that you cannot match -> http://tech.slashdot.org/comments.pl?sid=4117625&cid=44642607
APK
P.S.=> By the way - the products I list above from Microsoft are pretty much ALL anyone needs to build things at any level almost!
( & yes, they are solid per that data from a respected enough source in the security realm in computing... which is MORE than a windbag like yourself has going for him by FAR!)
.. apk
-
You didn't ignore me (lol, liar)
You replied avoiding questions - That b.s. = "best you got"? You FAIL!"Run, Forrest: RUN!!!": I was correct: You've done ZERO! (Despite you cutting others down on a "lack of know-how" as you did (you pot-calling-a-kettle-black hypocrite))!
Thus your handle/nickname here FITS you & as far as you "ignoring me"? Your reply shows QUITE otherwise, lol...
Yes - You truly ARE "absolute zero", & have zero to combat my statements & challenges to you with.
"I'll stick with ignoring you, thanks. You do a great job of making my case for me without my help
You mistyped that: "I'll stick with my fud lies and you did a great job of putting me in my hypocritical talk a lot but did zero on my end, hence my nickname here"
FTFY... lol!
---
Here - chew on these now - they're security advisories from a reputable & respectable enough source:
http://secunia.com/advisories/product/42761/
http://secunia.com/advisories/product/40664/
http://secunia.com/advisories/product/28234/
http://secunia.com/advisories/product/17543/
http://secunia.com/advisories/product/29592/
http://secunia.com/advisories/product/16896/
http://secunia.com/advisories/product/42480/
http://secunia.com/advisories/product/43263/
http://secunia.com/advisories/product/29809/
http://secunia.com/advisories/product/32977/
* QUESTION: How many unpatched security issues are there in those tools from Microsoft?
---
You should be able to answer it - after all, lmao:
The answer = part of your name here, lol, & your personal level of accomplishments in the art & science of computing!
Go on:
Answer it (you won't - just like you avoided my others challenges to you, & I was correct on that too, lol: You're full of it, & haven't done SQUAT... but you sure "talk a big game". Clue - deeds are greater than hot air words!).
No, instead? All you have is bogus downmods vs. facts I stated & challenges put to you that you cannot match -> http://tech.slashdot.org/comments.pl?sid=4117625&cid=44642607
APK
P.S.=> By the way - the products I list above from Microsoft are pretty much ALL anyone needs to build things at any level almost!
( & yes, they are solid per that data from a respected enough source in the security realm in computing... which is MORE than a windbag like yourself has going for him by FAR!)
.. apk
-
You didn't ignore me (lol, liar)
You replied avoiding questions - That b.s. = "best you got"? You FAIL!"Run, Forrest: RUN!!!": I was correct: You've done ZERO! (Despite you cutting others down on a "lack of know-how" as you did (you pot-calling-a-kettle-black hypocrite))!
Thus your handle/nickname here FITS you & as far as you "ignoring me"? Your reply shows QUITE otherwise, lol...
Yes - You truly ARE "absolute zero", & have zero to combat my statements & challenges to you with.
"I'll stick with ignoring you, thanks. You do a great job of making my case for me without my help
You mistyped that: "I'll stick with my fud lies and you did a great job of putting me in my hypocritical talk a lot but did zero on my end, hence my nickname here"
FTFY... lol!
---
Here - chew on these now - they're security advisories from a reputable & respectable enough source:
http://secunia.com/advisories/product/42761/
http://secunia.com/advisories/product/40664/
http://secunia.com/advisories/product/28234/
http://secunia.com/advisories/product/17543/
http://secunia.com/advisories/product/29592/
http://secunia.com/advisories/product/16896/
http://secunia.com/advisories/product/42480/
http://secunia.com/advisories/product/43263/
http://secunia.com/advisories/product/29809/
http://secunia.com/advisories/product/32977/
* QUESTION: How many unpatched security issues are there in those tools from Microsoft?
---
You should be able to answer it - after all, lmao:
The answer = part of your name here, lol, & your personal level of accomplishments in the art & science of computing!
Go on:
Answer it (you won't - just like you avoided my others challenges to you, & I was correct on that too, lol: You're full of it, & haven't done SQUAT... but you sure "talk a big game". Clue - deeds are greater than hot air words!).
No, instead? All you have is bogus downmods vs. facts I stated & challenges put to you that you cannot match -> http://tech.slashdot.org/comments.pl?sid=4117625&cid=44642607
APK
P.S.=> By the way - the products I list above from Microsoft are pretty much ALL anyone needs to build things at any level almost!
( & yes, they are solid per that data from a respected enough source in the security realm in computing... which is MORE than a windbag like yourself has going for him by FAR!)
.. apk
-
You didn't ignore me (lol, liar)
You replied avoiding questions - That b.s. = "best you got"? You FAIL!"Run, Forrest: RUN!!!": I was correct: You've done ZERO! (Despite you cutting others down on a "lack of know-how" as you did (you pot-calling-a-kettle-black hypocrite))!
Thus your handle/nickname here FITS you & as far as you "ignoring me"? Your reply shows QUITE otherwise, lol...
Yes - You truly ARE "absolute zero", & have zero to combat my statements & challenges to you with.
"I'll stick with ignoring you, thanks. You do a great job of making my case for me without my help
You mistyped that: "I'll stick with my fud lies and you did a great job of putting me in my hypocritical talk a lot but did zero on my end, hence my nickname here"
FTFY... lol!
---
Here - chew on these now - they're security advisories from a reputable & respectable enough source:
http://secunia.com/advisories/product/42761/
http://secunia.com/advisories/product/40664/
http://secunia.com/advisories/product/28234/
http://secunia.com/advisories/product/17543/
http://secunia.com/advisories/product/29592/
http://secunia.com/advisories/product/16896/
http://secunia.com/advisories/product/42480/
http://secunia.com/advisories/product/43263/
http://secunia.com/advisories/product/29809/
http://secunia.com/advisories/product/32977/
* QUESTION: How many unpatched security issues are there in those tools from Microsoft?
---
You should be able to answer it - after all, lmao:
The answer = part of your name here, lol, & your personal level of accomplishments in the art & science of computing!
Go on:
Answer it (you won't - just like you avoided my others challenges to you, & I was correct on that too, lol: You're full of it, & haven't done SQUAT... but you sure "talk a big game". Clue - deeds are greater than hot air words!).
No, instead? All you have is bogus downmods vs. facts I stated & challenges put to you that you cannot match -> http://tech.slashdot.org/comments.pl?sid=4117625&cid=44642607
APK
P.S.=> By the way - the products I list above from Microsoft are pretty much ALL anyone needs to build things at any level almost!
( & yes, they are solid per that data from a respected enough source in the security realm in computing... which is MORE than a windbag like yourself has going for him by FAR!)
.. apk
-
You didn't ignore me (lol, liar)
You replied avoiding questions - That b.s. = "best you got"? You FAIL!"Run, Forrest: RUN!!!": I was correct: You've done ZERO! (Despite you cutting others down on a "lack of know-how" as you did (you pot-calling-a-kettle-black hypocrite))!
Thus your handle/nickname here FITS you & as far as you "ignoring me"? Your reply shows QUITE otherwise, lol...
Yes - You truly ARE "absolute zero", & have zero to combat my statements & challenges to you with.
"I'll stick with ignoring you, thanks. You do a great job of making my case for me without my help
You mistyped that: "I'll stick with my fud lies and you did a great job of putting me in my hypocritical talk a lot but did zero on my end, hence my nickname here"
FTFY... lol!
---
Here - chew on these now - they're security advisories from a reputable & respectable enough source:
http://secunia.com/advisories/product/42761/
http://secunia.com/advisories/product/40664/
http://secunia.com/advisories/product/28234/
http://secunia.com/advisories/product/17543/
http://secunia.com/advisories/product/29592/
http://secunia.com/advisories/product/16896/
http://secunia.com/advisories/product/42480/
http://secunia.com/advisories/product/43263/
http://secunia.com/advisories/product/29809/
http://secunia.com/advisories/product/32977/
* QUESTION: How many unpatched security issues are there in those tools from Microsoft?
---
You should be able to answer it - after all, lmao:
The answer = part of your name here, lol, & your personal level of accomplishments in the art & science of computing!
Go on:
Answer it (you won't - just like you avoided my others challenges to you, & I was correct on that too, lol: You're full of it, & haven't done SQUAT... but you sure "talk a big game". Clue - deeds are greater than hot air words!).
No, instead? All you have is bogus downmods vs. facts I stated & challenges put to you that you cannot match -> http://tech.slashdot.org/comments.pl?sid=4117625&cid=44642607
APK
P.S.=> By the way - the products I list above from Microsoft are pretty much ALL anyone needs to build things at any level almost!
( & yes, they are solid per that data from a respected enough source in the security realm in computing... which is MORE than a windbag like yourself has going for him by FAR!)
.. apk
-
Re:Very poor advice
OK, I'll bite.
You said Linux had the same preventative technologies that windows has. I pointed out that:
- Fedora has SELinux, and everyone complains about and disables it
- AppArmor is an extremly lightweight form of MAC, and only Ubuntu implements it correctly. It also only applies to applications that ship with the distro.
- Most distributions don't include applications compiled with support for DEP and ASLR, despite the support being in the kernel.
You were able to concede that applications need to be compiled to support ASLR, so that's something.
I also disagree that Windows has less vulnerabilities than Linux. As a security researcher, the linux philosophy regarding security is horrible. There are many quotes from Linus and Greg K-H saying they don't treat security bugs any differently than normal bugs. To them a 0 day that can give a remote root shell is "just another bug".
The Windows dev team started taking that shit seriously about the time of Vista, and they have really done a good job.
Vulnerabilities are a pretty poor measure of security, but if you really want to use that metric, let's compare Ubuntu, the most popular Linux Distro, with Windows 7, the most popular version of Windows.
According to Secunia, a pretty reliable company for these sorts of things, Windows 7 has 310 vulnerabilities, while Ubuntu Linux has 1199 vulnerabilities.
Just to make that clear, Ubuntu 12.04 has 889 more vulnerabilities than Windows 7.
Are we done?
-
Re:Very poor advice
OK, I'll bite.
You said Linux had the same preventative technologies that windows has. I pointed out that:
- Fedora has SELinux, and everyone complains about and disables it
- AppArmor is an extremly lightweight form of MAC, and only Ubuntu implements it correctly. It also only applies to applications that ship with the distro.
- Most distributions don't include applications compiled with support for DEP and ASLR, despite the support being in the kernel.
You were able to concede that applications need to be compiled to support ASLR, so that's something.
I also disagree that Windows has less vulnerabilities than Linux. As a security researcher, the linux philosophy regarding security is horrible. There are many quotes from Linus and Greg K-H saying they don't treat security bugs any differently than normal bugs. To them a 0 day that can give a remote root shell is "just another bug".
The Windows dev team started taking that shit seriously about the time of Vista, and they have really done a good job.
Vulnerabilities are a pretty poor measure of security, but if you really want to use that metric, let's compare Ubuntu, the most popular Linux Distro, with Windows 7, the most popular version of Windows.
According to Secunia, a pretty reliable company for these sorts of things, Windows 7 has 310 vulnerabilities, while Ubuntu Linux has 1199 vulnerabilities.
Just to make that clear, Ubuntu 12.04 has 889 more vulnerabilities than Windows 7.
Are we done?
-
Re:Use after free is *not* just a DOS vulnerbabili
Should it really be considered a vulnerability of the library and not of the product using the library? For all intents and purposes, it is a vulnerability of the product.
Why? We don't report vulnerabilities in the GNU C library (glibc) as being vulnerabilities of every program that has links to it. Even Secunia reports vulnerabilities in glibc as vulnerabilities of the library, not the individual programs using it. [cite: https://secunia.com/advisories/search/]
You can argue that it ought to be the other way, but at the very least Secunia should be consistent with their own practice. Flagging VLC because of a vulnerability in ffmpeg is not consistent with Secunia's own past practice.
-
Re: Critical Bugs
There are ciritical fixes released for the
True, neither is flawless.
But one of them appears to have been considerably better designed (or better QC):
.NET 4: 34 vulnerabilities Released 2010-04
Java 1.7: 216 vulnerabilities Released 2011-07
or the previous incarnations:
.NET 2: 53 vulnerabilities Released 2006-12
Java 1.6: 432 vulnerabilities Released 2006-01
Java experiences 6-8 times the number of vulnerabilities, even over shorter time frames.
-
Re: Critical Bugs
There are ciritical fixes released for the
True, neither is flawless.
But one of them appears to have been considerably better designed (or better QC):
.NET 4: 34 vulnerabilities Released 2010-04
Java 1.7: 216 vulnerabilities Released 2011-07
or the previous incarnations:
.NET 2: 53 vulnerabilities Released 2006-12
Java 1.6: 432 vulnerabilities Released 2006-01
Java experiences 6-8 times the number of vulnerabilities, even over shorter time frames.
-
Re: Critical Bugs
There are ciritical fixes released for the
True, neither is flawless.
But one of them appears to have been considerably better designed (or better QC):
.NET 4: 34 vulnerabilities Released 2010-04
Java 1.7: 216 vulnerabilities Released 2011-07
or the previous incarnations:
.NET 2: 53 vulnerabilities Released 2006-12
Java 1.6: 432 vulnerabilities Released 2006-01
Java experiences 6-8 times the number of vulnerabilities, even over shorter time frames.
-
Re: Critical Bugs
There are ciritical fixes released for the
True, neither is flawless.
But one of them appears to have been considerably better designed (or better QC):
.NET 4: 34 vulnerabilities Released 2010-04
Java 1.7: 216 vulnerabilities Released 2011-07
or the previous incarnations:
.NET 2: 53 vulnerabilities Released 2006-12
Java 1.6: 432 vulnerabilities Released 2006-01
Java experiences 6-8 times the number of vulnerabilities, even over shorter time frames.
-
Some other things to think about
You may want to see if any of your local colleges have computer security tracks. You may be able to do an Internship, or someone may
be available to just do it for experience. YMMVWhile you are doing these scans, please note, you may clog up your pipes to the Internet. If you are using hosted services
DO NOT RUN SCANS WITHOUT NOTIFIYING THE HOSTING SERVICE.There are many sites with CVE information, Secunia is ok, search for applications you care about.
http://secunia.com/community/advisories/historic/Be careful scanning log files, at least sanitize them before you read them.
You should probably know what ports should be open on which systems.
A spreadsheet of systems/applications/versions of SW OS... would be a good start.
Look for ports that are open, or Listening that shouldn't be...
-
Whoops, minor correction
Missed posting this link in my last post I am replying to now correcting that minor omission on my part -> http://developers.slashdot.org/comments.pl?sid=3509641&cid=43064117
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x:
http://secunia.com/advisories/product/17543/
Unpatched = 0% (0 of 7 Secunia advisories)
---
* There, all done...
APK
P.S.=> One MUST be thorough in one's "dusting" of trolls, as I am completely NOW, & with exacting data, in response to the AC troll that came in here 'ribbing on' my posts & yes, Microsoft too, here -> http://developers.slashdot.org/comments.pl?sid=3509641&cid=43063595
... apk
-
My posts must be pretty good then!
"Hey APK, your posts are as bad as Windows is insecure." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
See my subject-line above, this data below, & "eat your words":
---
Vulnerability Report: Microsoft Windows Server 2012:
http://secunia.com/advisories/product/42761/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2012:
http://secunia.com/advisories/product/40664/
Unpatched = 0% (0 of 1 Secunia advisories)
---
Vulnerability Report: Microsoft Exchange Server 2010:
http://secunia.com/advisories/product/28234/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x:
Unpatched = 0% (0 of 7 Secunia advisories)
---
Vulnerability Report: Microsoft
http://secunia.com/advisories/product/29592/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft DirectX 10.x:
http://secunia.com/advisories/product/16896/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2012:
http://secunia.com/advisories/product/42480/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Explorer 10.x:
http://secunia.com/advisories/product/43073/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Office 2013:
http://secunia.com/advisories/product/43263/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft SharePoint Server 2010:
http://secunia.com/advisories/product/29809/
Unpatched = 0% (0 of 8 Secunia advisories)
---
Vulnerability Report: Microsoft Forefront Unified Access Gateway (UAG) 2010:
http://secunia.com/advisories/product/32977/
Unpatched = 0% (0 of 3 Secunia advisories)
---
* Would you like more, OR, will THAT do to make you "eat your words" from Microsoft's "top of the line" product offerings for business development?
(Oh, I am SURE it will be enough to "silence you" easily, troll, so thus, I suppose you can ignore that question since it made my point easily vs. yours, blowing yours clean away with facts!)
APK
P.S.=>
" Keep doing the good job of associating yourself to M$ products." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
Thank-You - I absolutely will!
Especially since this still "holds true" -> http://stats.kwsn.net/team.php?proj=sah&teamid=26482&sort_order=name&sort_direction=ASC (see "#9"/AlecStaar there since that's my SETI 'handle/nickname' & has been since 1999, & also see the team description above it - might explain a few things for you!).
---
Hey - MS is #1 worldwide overall on PC desktops + Servers combined... + their stuff is "bulletproof & bugfree" as you can see above from a reputable enough source for security vulnerability data also!
(Especially based on the above securit
-
My posts must be pretty good then!
"Hey APK, your posts are as bad as Windows is insecure." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
See my subject-line above, this data below, & "eat your words":
---
Vulnerability Report: Microsoft Windows Server 2012:
http://secunia.com/advisories/product/42761/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2012:
http://secunia.com/advisories/product/40664/
Unpatched = 0% (0 of 1 Secunia advisories)
---
Vulnerability Report: Microsoft Exchange Server 2010:
http://secunia.com/advisories/product/28234/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x:
Unpatched = 0% (0 of 7 Secunia advisories)
---
Vulnerability Report: Microsoft
http://secunia.com/advisories/product/29592/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft DirectX 10.x:
http://secunia.com/advisories/product/16896/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2012:
http://secunia.com/advisories/product/42480/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Explorer 10.x:
http://secunia.com/advisories/product/43073/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Office 2013:
http://secunia.com/advisories/product/43263/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft SharePoint Server 2010:
http://secunia.com/advisories/product/29809/
Unpatched = 0% (0 of 8 Secunia advisories)
---
Vulnerability Report: Microsoft Forefront Unified Access Gateway (UAG) 2010:
http://secunia.com/advisories/product/32977/
Unpatched = 0% (0 of 3 Secunia advisories)
---
* Would you like more, OR, will THAT do to make you "eat your words" from Microsoft's "top of the line" product offerings for business development?
(Oh, I am SURE it will be enough to "silence you" easily, troll, so thus, I suppose you can ignore that question since it made my point easily vs. yours, blowing yours clean away with facts!)
APK
P.S.=>
" Keep doing the good job of associating yourself to M$ products." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
Thank-You - I absolutely will!
Especially since this still "holds true" -> http://stats.kwsn.net/team.php?proj=sah&teamid=26482&sort_order=name&sort_direction=ASC (see "#9"/AlecStaar there since that's my SETI 'handle/nickname' & has been since 1999, & also see the team description above it - might explain a few things for you!).
---
Hey - MS is #1 worldwide overall on PC desktops + Servers combined... + their stuff is "bulletproof & bugfree" as you can see above from a reputable enough source for security vulnerability data also!
(Especially based on the above securit
-
My posts must be pretty good then!
"Hey APK, your posts are as bad as Windows is insecure." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
See my subject-line above, this data below, & "eat your words":
---
Vulnerability Report: Microsoft Windows Server 2012:
http://secunia.com/advisories/product/42761/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2012:
http://secunia.com/advisories/product/40664/
Unpatched = 0% (0 of 1 Secunia advisories)
---
Vulnerability Report: Microsoft Exchange Server 2010:
http://secunia.com/advisories/product/28234/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x:
Unpatched = 0% (0 of 7 Secunia advisories)
---
Vulnerability Report: Microsoft
http://secunia.com/advisories/product/29592/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft DirectX 10.x:
http://secunia.com/advisories/product/16896/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2012:
http://secunia.com/advisories/product/42480/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Explorer 10.x:
http://secunia.com/advisories/product/43073/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Office 2013:
http://secunia.com/advisories/product/43263/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft SharePoint Server 2010:
http://secunia.com/advisories/product/29809/
Unpatched = 0% (0 of 8 Secunia advisories)
---
Vulnerability Report: Microsoft Forefront Unified Access Gateway (UAG) 2010:
http://secunia.com/advisories/product/32977/
Unpatched = 0% (0 of 3 Secunia advisories)
---
* Would you like more, OR, will THAT do to make you "eat your words" from Microsoft's "top of the line" product offerings for business development?
(Oh, I am SURE it will be enough to "silence you" easily, troll, so thus, I suppose you can ignore that question since it made my point easily vs. yours, blowing yours clean away with facts!)
APK
P.S.=>
" Keep doing the good job of associating yourself to M$ products." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
Thank-You - I absolutely will!
Especially since this still "holds true" -> http://stats.kwsn.net/team.php?proj=sah&teamid=26482&sort_order=name&sort_direction=ASC (see "#9"/AlecStaar there since that's my SETI 'handle/nickname' & has been since 1999, & also see the team description above it - might explain a few things for you!).
---
Hey - MS is #1 worldwide overall on PC desktops + Servers combined... + their stuff is "bulletproof & bugfree" as you can see above from a reputable enough source for security vulnerability data also!
(Especially based on the above securit
-
My posts must be pretty good then!
"Hey APK, your posts are as bad as Windows is insecure." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
See my subject-line above, this data below, & "eat your words":
---
Vulnerability Report: Microsoft Windows Server 2012:
http://secunia.com/advisories/product/42761/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2012:
http://secunia.com/advisories/product/40664/
Unpatched = 0% (0 of 1 Secunia advisories)
---
Vulnerability Report: Microsoft Exchange Server 2010:
http://secunia.com/advisories/product/28234/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x:
Unpatched = 0% (0 of 7 Secunia advisories)
---
Vulnerability Report: Microsoft
http://secunia.com/advisories/product/29592/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft DirectX 10.x:
http://secunia.com/advisories/product/16896/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2012:
http://secunia.com/advisories/product/42480/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Explorer 10.x:
http://secunia.com/advisories/product/43073/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Office 2013:
http://secunia.com/advisories/product/43263/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft SharePoint Server 2010:
http://secunia.com/advisories/product/29809/
Unpatched = 0% (0 of 8 Secunia advisories)
---
Vulnerability Report: Microsoft Forefront Unified Access Gateway (UAG) 2010:
http://secunia.com/advisories/product/32977/
Unpatched = 0% (0 of 3 Secunia advisories)
---
* Would you like more, OR, will THAT do to make you "eat your words" from Microsoft's "top of the line" product offerings for business development?
(Oh, I am SURE it will be enough to "silence you" easily, troll, so thus, I suppose you can ignore that question since it made my point easily vs. yours, blowing yours clean away with facts!)
APK
P.S.=>
" Keep doing the good job of associating yourself to M$ products." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
Thank-You - I absolutely will!
Especially since this still "holds true" -> http://stats.kwsn.net/team.php?proj=sah&teamid=26482&sort_order=name&sort_direction=ASC (see "#9"/AlecStaar there since that's my SETI 'handle/nickname' & has been since 1999, & also see the team description above it - might explain a few things for you!).
---
Hey - MS is #1 worldwide overall on PC desktops + Servers combined... + their stuff is "bulletproof & bugfree" as you can see above from a reputable enough source for security vulnerability data also!
(Especially based on the above securit
-
My posts must be pretty good then!
"Hey APK, your posts are as bad as Windows is insecure." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
See my subject-line above, this data below, & "eat your words":
---
Vulnerability Report: Microsoft Windows Server 2012:
http://secunia.com/advisories/product/42761/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2012:
http://secunia.com/advisories/product/40664/
Unpatched = 0% (0 of 1 Secunia advisories)
---
Vulnerability Report: Microsoft Exchange Server 2010:
http://secunia.com/advisories/product/28234/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x:
Unpatched = 0% (0 of 7 Secunia advisories)
---
Vulnerability Report: Microsoft
http://secunia.com/advisories/product/29592/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft DirectX 10.x:
http://secunia.com/advisories/product/16896/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2012:
http://secunia.com/advisories/product/42480/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Explorer 10.x:
http://secunia.com/advisories/product/43073/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Office 2013:
http://secunia.com/advisories/product/43263/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft SharePoint Server 2010:
http://secunia.com/advisories/product/29809/
Unpatched = 0% (0 of 8 Secunia advisories)
---
Vulnerability Report: Microsoft Forefront Unified Access Gateway (UAG) 2010:
http://secunia.com/advisories/product/32977/
Unpatched = 0% (0 of 3 Secunia advisories)
---
* Would you like more, OR, will THAT do to make you "eat your words" from Microsoft's "top of the line" product offerings for business development?
(Oh, I am SURE it will be enough to "silence you" easily, troll, so thus, I suppose you can ignore that question since it made my point easily vs. yours, blowing yours clean away with facts!)
APK
P.S.=>
" Keep doing the good job of associating yourself to M$ products." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
Thank-You - I absolutely will!
Especially since this still "holds true" -> http://stats.kwsn.net/team.php?proj=sah&teamid=26482&sort_order=name&sort_direction=ASC (see "#9"/AlecStaar there since that's my SETI 'handle/nickname' & has been since 1999, & also see the team description above it - might explain a few things for you!).
---
Hey - MS is #1 worldwide overall on PC desktops + Servers combined... + their stuff is "bulletproof & bugfree" as you can see above from a reputable enough source for security vulnerability data also!
(Especially based on the above securit
-
My posts must be pretty good then!
"Hey APK, your posts are as bad as Windows is insecure." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
See my subject-line above, this data below, & "eat your words":
---
Vulnerability Report: Microsoft Windows Server 2012:
http://secunia.com/advisories/product/42761/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2012:
http://secunia.com/advisories/product/40664/
Unpatched = 0% (0 of 1 Secunia advisories)
---
Vulnerability Report: Microsoft Exchange Server 2010:
http://secunia.com/advisories/product/28234/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x:
Unpatched = 0% (0 of 7 Secunia advisories)
---
Vulnerability Report: Microsoft
http://secunia.com/advisories/product/29592/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft DirectX 10.x:
http://secunia.com/advisories/product/16896/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2012:
http://secunia.com/advisories/product/42480/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Explorer 10.x:
http://secunia.com/advisories/product/43073/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Office 2013:
http://secunia.com/advisories/product/43263/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft SharePoint Server 2010:
http://secunia.com/advisories/product/29809/
Unpatched = 0% (0 of 8 Secunia advisories)
---
Vulnerability Report: Microsoft Forefront Unified Access Gateway (UAG) 2010:
http://secunia.com/advisories/product/32977/
Unpatched = 0% (0 of 3 Secunia advisories)
---
* Would you like more, OR, will THAT do to make you "eat your words" from Microsoft's "top of the line" product offerings for business development?
(Oh, I am SURE it will be enough to "silence you" easily, troll, so thus, I suppose you can ignore that question since it made my point easily vs. yours, blowing yours clean away with facts!)
APK
P.S.=>
" Keep doing the good job of associating yourself to M$ products." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
Thank-You - I absolutely will!
Especially since this still "holds true" -> http://stats.kwsn.net/team.php?proj=sah&teamid=26482&sort_order=name&sort_direction=ASC (see "#9"/AlecStaar there since that's my SETI 'handle/nickname' & has been since 1999, & also see the team description above it - might explain a few things for you!).
---
Hey - MS is #1 worldwide overall on PC desktops + Servers combined... + their stuff is "bulletproof & bugfree" as you can see above from a reputable enough source for security vulnerability data also!
(Especially based on the above securit
-
My posts must be pretty good then!
"Hey APK, your posts are as bad as Windows is insecure." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
See my subject-line above, this data below, & "eat your words":
---
Vulnerability Report: Microsoft Windows Server 2012:
http://secunia.com/advisories/product/42761/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2012:
http://secunia.com/advisories/product/40664/
Unpatched = 0% (0 of 1 Secunia advisories)
---
Vulnerability Report: Microsoft Exchange Server 2010:
http://secunia.com/advisories/product/28234/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x:
Unpatched = 0% (0 of 7 Secunia advisories)
---
Vulnerability Report: Microsoft
http://secunia.com/advisories/product/29592/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft DirectX 10.x:
http://secunia.com/advisories/product/16896/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2012:
http://secunia.com/advisories/product/42480/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Explorer 10.x:
http://secunia.com/advisories/product/43073/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Office 2013:
http://secunia.com/advisories/product/43263/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft SharePoint Server 2010:
http://secunia.com/advisories/product/29809/
Unpatched = 0% (0 of 8 Secunia advisories)
---
Vulnerability Report: Microsoft Forefront Unified Access Gateway (UAG) 2010:
http://secunia.com/advisories/product/32977/
Unpatched = 0% (0 of 3 Secunia advisories)
---
* Would you like more, OR, will THAT do to make you "eat your words" from Microsoft's "top of the line" product offerings for business development?
(Oh, I am SURE it will be enough to "silence you" easily, troll, so thus, I suppose you can ignore that question since it made my point easily vs. yours, blowing yours clean away with facts!)
APK
P.S.=>
" Keep doing the good job of associating yourself to M$ products." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
Thank-You - I absolutely will!
Especially since this still "holds true" -> http://stats.kwsn.net/team.php?proj=sah&teamid=26482&sort_order=name&sort_direction=ASC (see "#9"/AlecStaar there since that's my SETI 'handle/nickname' & has been since 1999, & also see the team description above it - might explain a few things for you!).
---
Hey - MS is #1 worldwide overall on PC desktops + Servers combined... + their stuff is "bulletproof & bugfree" as you can see above from a reputable enough source for security vulnerability data also!
(Especially based on the above securit
-
My posts must be pretty good then!
"Hey APK, your posts are as bad as Windows is insecure." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
See my subject-line above, this data below, & "eat your words":
---
Vulnerability Report: Microsoft Windows Server 2012:
http://secunia.com/advisories/product/42761/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2012:
http://secunia.com/advisories/product/40664/
Unpatched = 0% (0 of 1 Secunia advisories)
---
Vulnerability Report: Microsoft Exchange Server 2010:
http://secunia.com/advisories/product/28234/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x:
Unpatched = 0% (0 of 7 Secunia advisories)
---
Vulnerability Report: Microsoft
http://secunia.com/advisories/product/29592/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft DirectX 10.x:
http://secunia.com/advisories/product/16896/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2012:
http://secunia.com/advisories/product/42480/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Explorer 10.x:
http://secunia.com/advisories/product/43073/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Office 2013:
http://secunia.com/advisories/product/43263/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft SharePoint Server 2010:
http://secunia.com/advisories/product/29809/
Unpatched = 0% (0 of 8 Secunia advisories)
---
Vulnerability Report: Microsoft Forefront Unified Access Gateway (UAG) 2010:
http://secunia.com/advisories/product/32977/
Unpatched = 0% (0 of 3 Secunia advisories)
---
* Would you like more, OR, will THAT do to make you "eat your words" from Microsoft's "top of the line" product offerings for business development?
(Oh, I am SURE it will be enough to "silence you" easily, troll, so thus, I suppose you can ignore that question since it made my point easily vs. yours, blowing yours clean away with facts!)
APK
P.S.=>
" Keep doing the good job of associating yourself to M$ products." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
Thank-You - I absolutely will!
Especially since this still "holds true" -> http://stats.kwsn.net/team.php?proj=sah&teamid=26482&sort_order=name&sort_direction=ASC (see "#9"/AlecStaar there since that's my SETI 'handle/nickname' & has been since 1999, & also see the team description above it - might explain a few things for you!).
---
Hey - MS is #1 worldwide overall on PC desktops + Servers combined... + their stuff is "bulletproof & bugfree" as you can see above from a reputable enough source for security vulnerability data also!
(Especially based on the above securit
-
My posts must be pretty good then!
"Hey APK, your posts are as bad as Windows is insecure." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
See my subject-line above, this data below, & "eat your words":
---
Vulnerability Report: Microsoft Windows Server 2012:
http://secunia.com/advisories/product/42761/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2012:
http://secunia.com/advisories/product/40664/
Unpatched = 0% (0 of 1 Secunia advisories)
---
Vulnerability Report: Microsoft Exchange Server 2010:
http://secunia.com/advisories/product/28234/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x:
Unpatched = 0% (0 of 7 Secunia advisories)
---
Vulnerability Report: Microsoft
http://secunia.com/advisories/product/29592/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft DirectX 10.x:
http://secunia.com/advisories/product/16896/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2012:
http://secunia.com/advisories/product/42480/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Explorer 10.x:
http://secunia.com/advisories/product/43073/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Office 2013:
http://secunia.com/advisories/product/43263/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft SharePoint Server 2010:
http://secunia.com/advisories/product/29809/
Unpatched = 0% (0 of 8 Secunia advisories)
---
Vulnerability Report: Microsoft Forefront Unified Access Gateway (UAG) 2010:
http://secunia.com/advisories/product/32977/
Unpatched = 0% (0 of 3 Secunia advisories)
---
* Would you like more, OR, will THAT do to make you "eat your words" from Microsoft's "top of the line" product offerings for business development?
(Oh, I am SURE it will be enough to "silence you" easily, troll, so thus, I suppose you can ignore that question since it made my point easily vs. yours, blowing yours clean away with facts!)
APK
P.S.=>
" Keep doing the good job of associating yourself to M$ products." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
Thank-You - I absolutely will!
Especially since this still "holds true" -> http://stats.kwsn.net/team.php?proj=sah&teamid=26482&sort_order=name&sort_direction=ASC (see "#9"/AlecStaar there since that's my SETI 'handle/nickname' & has been since 1999, & also see the team description above it - might explain a few things for you!).
---
Hey - MS is #1 worldwide overall on PC desktops + Servers combined... + their stuff is "bulletproof & bugfree" as you can see above from a reputable enough source for security vulnerability data also!
(Especially based on the above securit
-
My posts must be pretty good then!
"Hey APK, your posts are as bad as Windows is insecure." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
See my subject-line above, this data below, & "eat your words":
---
Vulnerability Report: Microsoft Windows Server 2012:
http://secunia.com/advisories/product/42761/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft SQL Server 2012:
http://secunia.com/advisories/product/40664/
Unpatched = 0% (0 of 1 Secunia advisories)
---
Vulnerability Report: Microsoft Exchange Server 2010:
http://secunia.com/advisories/product/28234/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Information Services (IIS) 7.x:
Unpatched = 0% (0 of 7 Secunia advisories)
---
Vulnerability Report: Microsoft
http://secunia.com/advisories/product/29592/
Unpatched = 0% (0 of 18 Secunia advisories)
---
Vulnerability Report: Microsoft DirectX 10.x:
http://secunia.com/advisories/product/16896/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Visual Studio 2012:
http://secunia.com/advisories/product/42480/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft Internet Explorer 10.x:
http://secunia.com/advisories/product/43073/
Unpatched = 0% (0 of 3 Secunia advisories)
---
Vulnerability Report: Microsoft Office 2013:
http://secunia.com/advisories/product/43263/
Unpatched = 0% (0 of 0 Secunia advisories)
---
Vulnerability Report: Microsoft SharePoint Server 2010:
http://secunia.com/advisories/product/29809/
Unpatched = 0% (0 of 8 Secunia advisories)
---
Vulnerability Report: Microsoft Forefront Unified Access Gateway (UAG) 2010:
http://secunia.com/advisories/product/32977/
Unpatched = 0% (0 of 3 Secunia advisories)
---
* Would you like more, OR, will THAT do to make you "eat your words" from Microsoft's "top of the line" product offerings for business development?
(Oh, I am SURE it will be enough to "silence you" easily, troll, so thus, I suppose you can ignore that question since it made my point easily vs. yours, blowing yours clean away with facts!)
APK
P.S.=>
" Keep doing the good job of associating yourself to M$ products." - by Anonymous Coward on Sunday March 03, @04:54PM (#43063595)
Thank-You - I absolutely will!
Especially since this still "holds true" -> http://stats.kwsn.net/team.php?proj=sah&teamid=26482&sort_order=name&sort_direction=ASC (see "#9"/AlecStaar there since that's my SETI 'handle/nickname' & has been since 1999, & also see the team description above it - might explain a few things for you!).
---
Hey - MS is #1 worldwide overall on PC desktops + Servers combined... + their stuff is "bulletproof & bugfree" as you can see above from a reputable enough source for security vulnerability data also!
(Especially based on the above securit
-
TOR/anon. proxies SLOW YOU UP too much
Try this solution instead (Opera or Chromium allow it + hosts files, in combination)!
I state that simply since your methods, though pretty SOUND technically, are complex AND A PAIN to manage for most (if not beyond the 'common end-users' know-how' typically) & again: slow you down all to high heck online too! Just a fact...
However, this methodology + toolset doesn't & actually SPEEDS YOU UP a lot + secures you online in the SAME "stroke"!
Custom hosts + Opera, & iirc more recently Chromium family ones too, in combination - That allow the following via the following EASY & simple means (real "set it & forget it" stuff in fact):
---
1.) "By site preferences" for
a.) cookies
b.) scripting
c.) plugins (on demand only, an Opera original)
d.) frames/iframes
e.) & other things that get exploited against you maliciouslyHOW? Easy:
2.) I set a GLOBAL preference for ALL websites first, disabling the above in Opera 12.14 64-bit (excellent by the way & ZERO known security flaws present currently -> http://secunia.com/advisories/product/41248/ )
3.) THEN, I make "exception sites" that MIGHT need cookies &/or javascript for database access, which online banking/shopping/e-commerce sites often DO require, but only as needed (& ONLY what they minimally require for FULL function to facilitate trade there...):
---
How/Why?
Well, easy: Custom hosts aid speed, reliability, security, & even anonymity to an extent (vs. DNS request logs + vs. DNSBL's you MAY not like) + cutting off indiscriminate java or javascript usage does the same!
(Additionally, these measures end up complimenting one another in fact for more speed, & security online!)
Period/fact!
Read below as to WHY I utilize custom hosts files for all of those purposes for more speed, security, reliability, & even more anonymity to an extent vs. other advertiser owned (ghostery), crippled by default (adblock), or riddled by security flaws & negligence (DNS) competing "solutions"...
(Anonymity gains are vs. DNS request logs, lightening their load on THEIR end, a bonus for admins of them, no less AND vs. DNSBL you may not agree with as well!).
All, for more efficacy + safety & speed vs. not only adbanners, but also botnet C&C servers, rogue DNS they use too, trackers/spammers/phishers, known maliciously scripted sites, known servers of malware & FAR more...
More efficiently as well (because custom hosts are a TIGHTLY INTEGRATED SOLUTION & native to the IP stack itself solution, AND, they run in ring 0/rpl 0/kernelmode as a mere text file easily edited filter via a text editor like notepad if need be even FILTER for it, vs. Ring 3/rpl 3/usermode webbrowsers slowed up even MORE by addons layered onto them (a known issue, stack a few in FireFox & see for yourself)):
---
APK Hosts File Engine 5.0++ 32/64-bit:
Which, if you read the list of what it can do for you as an end user of the resulting output it produces listed in the link above, you'll understand how/why...
"It's as strong as steel, & a 3rd of the weight" - Howard Stark from the film "Captain America"
---
Especially vs. competing alternate 'solutions', noted below in AdBlock/Ghostery & yes even DNS servers, next, as 'examples thereof'...
Solutions that used to be good & I even recommended them in security guides I wrote up over the decades now ->
-
Supplement that with this
Custom hosts + Opera, & iirc more recently Chromium family ones too, that allow:
---
1.) "By site preferences" for
a.) cookies
b.) scripting
c.) plugins (on demand only, an Opera original)
d.) frames/iframes
e.) & other things that get exploited against you maliciouslyHOW? Easy:
2.) I set a GLOBAL preference for ALL websites first, disabling the above in Opera 12.14 64-bit (excellent by the way & ZERO known security flaws present currently -> http://secunia.com/advisories/product/41248/ )
3.) THEN, I make "exception sites" that MIGHT need cookies &/or javascript for database access, which online banking/shopping/e-commerce sites often DO require, but only as needed (& ONLY what they minimally require for FULL function to facilitate trade there...):
---
Why?
Read below as to WHY I utilize custom hosts files for all of those purposes for more speed, security, reliability, & even more anonymity to an extent vs. other advertiser owned (ghostery), crippled by default (adblock), or riddled by security flaws & negligence (DNS) competing "solutions"...
(Anonymity gains are vs. DNS request logs, lightening their load on THEIR end, a bonus for admins of them, no less AND vs. DNSBL you may not agree with as well!).
All, for more efficacy + safety & speed vs. not only adbanners, but also botnet C&C servers, rogue DNS they use too, trackers/spammers/phishers, known maliciously scripted sites, known servers of malware & FAR more...
More efficiently as well (because custom hosts are a TIGHTLY INTEGRATED SOLUTION & native to the IP stack itself solution, AND, they run in ring 0/rpl 0/kernelmode as a mere text file easily edited filter via a text editor like notepad if need be even FILTER for it, vs. Ring 3/rpl 3/usermode webbrowsers slowed up even MORE by addons layered onto them (a known issue, stack a few in FireFox & see for yourself)):
---
APK Hosts File Engine 5.0++ 32/64-bit:
Which, if you read the list of what it can do for you as an end user of the resulting output it produces listed in the link above, you'll understand how/why...
"It's as strong as steel, & a 3rd of the weight" - Howard Stark from the film "Captain America"
---
Especially vs. competing alternate 'solutions', noted below in AdBlock/Ghostery & yes even DNS servers, next, as 'examples thereof'...
Solutions that used to be good & I even recommended them in security guides I wrote up over the decades now -> http://www.google.com/search?hl=en&tbo=d&output=search&sclient=psy-ab&q=%22HOW+TO+SECURE+Windows+2000/XP%22&btnG=Submit&gbv=1&sei=ka3yUKzxB-6_0QHLroCQCA
That did extremely well for myself (and users of them), for Windows users, for "layered-security"/"defense-in-depth" purposes - the BEST THING WE HAVE GOING vs. threats of all kinds, currently!
(Not anymore though, & certainly NOT far as AdBlock's concerned especially, not after this):
---
Adblock Plus To Offer 'Acceptable Ads' Option:
http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option
(Meaning by defau
-
You're welcome, & enjoy... apk
I think you'll find it "does the job", minus any bugs (& certainly security-related ones too -> http://secunia.com/advisories/product/41248/ where it displays its usual/typical "zero" known security vulnerabilities present also).
*:)
APK
P.S.=> 12.12 was awful (stuttered & lagged on backspacing via keyboard & reloading sites, but with GOOD REASON - it was to stop a KNOWN security-issue). 12.13 corrected it, but had a 'crasher' on updates - 12.14 corrects BOTH & does a hell of a good job @ it...
... apk
-
Bad comparison, facts wrong
You'll find hundreds and hundreds of security patches with more being released every Tuesday. If you really want to see a leaky sieve of an OS look no farther than Windows.
Patch tuesday is not "every tuesday". It's the second tuesday of every month, i.e. 12 tuesdays per year as opposed to 52 as you claim.
Patches are not just security patches, they also include stability patches, compatibility patches, language updates and more.
Comparing Java to a full operating system is a little disingenuous too.
If you must compare to something then you should compare Java to
Java has consistently many times more security problems than
Java SE 7 (released 2011-07-28): 88+50 (adding these latest vulns) = 168 vulnerabilities (source: http://secunia.com/advisories/product/37734/)
If you take the availability period into account (vulnerabilities does seem to be discovered continously):
Java SE 7 has on average experienced 110 vulnerabilities per year.
That is ten times more vulnerabilities in a Java base class library which does even cover the same functionality as the
-
Bad comparison, facts wrong
You'll find hundreds and hundreds of security patches with more being released every Tuesday. If you really want to see a leaky sieve of an OS look no farther than Windows.
Patch tuesday is not "every tuesday". It's the second tuesday of every month, i.e. 12 tuesdays per year as opposed to 52 as you claim.
Patches are not just security patches, they also include stability patches, compatibility patches, language updates and more.
Comparing Java to a full operating system is a little disingenuous too.
If you must compare to something then you should compare Java to
Java has consistently many times more security problems than
Java SE 7 (released 2011-07-28): 88+50 (adding these latest vulns) = 168 vulnerabilities (source: http://secunia.com/advisories/product/37734/)
If you take the availability period into account (vulnerabilities does seem to be discovered continously):
Java SE 7 has on average experienced 110 vulnerabilities per year.
That is ten times more vulnerabilities in a Java base class library which does even cover the same functionality as the
-
Re:Browser Plugins are Always Vulnerable
But there are also well-documented CSS vulnerabilities, XUL exploits and even one in a JPG parser.
Should we disable those as well? Are you part of some guerrilla marketing campaign to bring back Lynx?
-
Re:Hypocritical
While Java applets are very rare
Let's keep that in mind for the rest of this discussion. Java is in no way, shape, or form a necessity for the vast majority of users. It is, however, a huge risk.
How is anyone supposed to ever use it if web browsers start disabling it for every 0-day vulnerability that pops up.
First, Java has been available for web use since 1994. It's nearly 20 years old. It's not like it hasn't had a chance to take hold. There are plenty of reasons people choose not to use it. It's been an option for several projects I've been involved in, and we've never chosen it. Second, that "every 0-day vulnerability" part.. well, that's part of the problem with it. It has a lot of vulnerabilities, and a lot of them take a while to get fixed. So to answer your question, if browsers keep rightfully disabling a vulnerable POS software then people will not use it. Hopefully it will just go away.
It's not like Firefox and Safari don't also have 0-day vulnerabilities
Actually, it sort of is like that. Mozilla is pretty good about fixing bugs. If you don't believe me, here's their list of vulnerabilities. Go ahead and find the section on that page which lists the unfixed vulnerabilities. Here is the vulnerability page for Firefox 18 on Secunia. Take a look at the stats on the right side to see how many vulnerabilities it is currently affected by, as well as the percentage of unpatched. Here is the same Secunia page for Java JRE 1.7, go ahead and compare that to Firefox 18.
IMO there should be a small grace period of 1-2 weeks
Java has had a grace period of 19 years. Under Oracle, it's been around 6 years. This shit keeps happening. There is a pattern here. There is a reason why Java is the #1 infection vector for Windows machines. The browsers are just trying to protect their users. Blocking the #1 infection vector is a pretty decent way to do that. If they also blocked the Acrobat plugin then that would be another step in the right direction.
US CERT has the right idea:
Due to the number and severity of this and prior Java vulnerabilities , it is recommended that Java be disabled temporarily in web browsers as described in the "Solution" section of the US-CERT Alert and in the Oracle Technical Note "Setting the Security Level of the Java Client."
(emphasis mine)
-
Re:Hypocritical
While Java applets are very rare
Let's keep that in mind for the rest of this discussion. Java is in no way, shape, or form a necessity for the vast majority of users. It is, however, a huge risk.
How is anyone supposed to ever use it if web browsers start disabling it for every 0-day vulnerability that pops up.
First, Java has been available for web use since 1994. It's nearly 20 years old. It's not like it hasn't had a chance to take hold. There are plenty of reasons people choose not to use it. It's been an option for several projects I've been involved in, and we've never chosen it. Second, that "every 0-day vulnerability" part.. well, that's part of the problem with it. It has a lot of vulnerabilities, and a lot of them take a while to get fixed. So to answer your question, if browsers keep rightfully disabling a vulnerable POS software then people will not use it. Hopefully it will just go away.
It's not like Firefox and Safari don't also have 0-day vulnerabilities
Actually, it sort of is like that. Mozilla is pretty good about fixing bugs. If you don't believe me, here's their list of vulnerabilities. Go ahead and find the section on that page which lists the unfixed vulnerabilities. Here is the vulnerability page for Firefox 18 on Secunia. Take a look at the stats on the right side to see how many vulnerabilities it is currently affected by, as well as the percentage of unpatched. Here is the same Secunia page for Java JRE 1.7, go ahead and compare that to Firefox 18.
IMO there should be a small grace period of 1-2 weeks
Java has had a grace period of 19 years. Under Oracle, it's been around 6 years. This shit keeps happening. There is a pattern here. There is a reason why Java is the #1 infection vector for Windows machines. The browsers are just trying to protect their users. Blocking the #1 infection vector is a pretty decent way to do that. If they also blocked the Acrobat plugin then that would be another step in the right direction.
US CERT has the right idea:
Due to the number and severity of this and prior Java vulnerabilities , it is recommended that Java be disabled temporarily in web browsers as described in the "Solution" section of the US-CERT Alert and in the Oracle Technical Note "Setting the Security Level of the Java Client."
(emphasis mine)
-
Re:No platform is 100 percent secure?
Windows Vista: Until now 377 vulnerabilities has been discovered.
Linux kernel 2.6: Until now 633 vulnerabilities has been discovered.Please include all the security holes in Vista that were not made public so we can actually compare these meaningless numbers.
I've worked in places that had _SERIOUS_ problems with windows, and I mean global cascade crashes of thosands of servers at costs running info many millions a day and my company covered everything up for the sake of their share price. Microsoft sneaked out a fix ( months later BTW ) globally on the back of some other fix without the real extent of of the problem being visible to anyone except my company and Microsoft. It's quite impossible to cover anything up with Linux, everything is public.
Therefore - Your numbers are bull, they don't include cover-up fixes.
-
Re:No platform is 100 percent secure?
Windows Vista: Until now 377 vulnerabilities has been discovered.
Linux kernel 2.6: Until now 633 vulnerabilities has been discovered.Please include all the security holes in Vista that were not made public so we can actually compare these meaningless numbers.
I've worked in places that had _SERIOUS_ problems with windows, and I mean global cascade crashes of thosands of servers at costs running info many millions a day and my company covered everything up for the sake of their share price. Microsoft sneaked out a fix ( months later BTW ) globally on the back of some other fix without the real extent of of the problem being visible to anyone except my company and Microsoft. It's quite impossible to cover anything up with Linux, everything is public.
Therefore - Your numbers are bull, they don't include cover-up fixes.
-
Re:No platform is 100 percent secure?
Secunia joins Microsoft System Center Alliance program
http://secunia.com/company/blog_news/news/196/ -
Re:No platform is 100 percent secure?
The biggest distinction is that since Linux is openly developed with the potential for anyone to contribute and for everyone to see, there aren't large, untested milestone releases without public eyes on them like commercial OSes. By the time that the experimental version becomes the release version it's already been vetted.
If that theory is true then you would expect to see fewer vulnerabilities for Linux than for Windows. In reality, over a given time period Linux experiences many more vulnerabilities than Windows.
Windows Vista: Until now 377 vulnerabilities has been discovered.
Linux kernel 2.6: Until now 633 vulnerabilities has been discovered.Note that the number for Vista includes the bundled software as well (i.e. data access components, window manager (GDI, explorer), windows Mail etc) where the number for Linux is strictly kernel vulnerabilities.
Microsoft doesn't have the same quantity of testing because while there is a beta program, it's not designed to be thoroughly examined.
Ahem. Microsoft has this process called Secure Development Lifecycle. They do not rely on users to test and find security bugs. What is the process followed by Linux developers (kernel, KDE, GNOME)? Is there a formal process or do we simply rely on them to be good craftsmen? Surely they do not rely on beta testers to find security vulnerabilities?
-
Re:No platform is 100 percent secure?
The biggest distinction is that since Linux is openly developed with the potential for anyone to contribute and for everyone to see, there aren't large, untested milestone releases without public eyes on them like commercial OSes. By the time that the experimental version becomes the release version it's already been vetted.
If that theory is true then you would expect to see fewer vulnerabilities for Linux than for Windows. In reality, over a given time period Linux experiences many more vulnerabilities than Windows.
Windows Vista: Until now 377 vulnerabilities has been discovered.
Linux kernel 2.6: Until now 633 vulnerabilities has been discovered.Note that the number for Vista includes the bundled software as well (i.e. data access components, window manager (GDI, explorer), windows Mail etc) where the number for Linux is strictly kernel vulnerabilities.
Microsoft doesn't have the same quantity of testing because while there is a beta program, it's not designed to be thoroughly examined.
Ahem. Microsoft has this process called Secure Development Lifecycle. They do not rely on users to test and find security bugs. What is the process followed by Linux developers (kernel, KDE, GNOME)? Is there a formal process or do we simply rely on them to be good craftsmen? Surely they do not rely on beta testers to find security vulnerabilities?
-
Re:Windows Live Messenger Integration
And if I go back to 4.2.0.187 Secunia PSI flags it as vulnerable - e.g.
http://secunia.com/advisories/47856/
It's not clear if this vulnerability only affects 5.x or if the 4.x code is vulnerable too. Plus it still complains about the machine being slow.
-
Re:Windows is no longer relevant
Secunia: "the most severe unpatched Secunia advisory affecting Microsoft Windows 7, with all vendor patches applied, is rated Highly critical". Kudos to MS for making (some of us believe they made) a secure OS.
-
Misleading summary and article
The article is about the most common vulnerabilities on "pc's with kaspersky software installed": it is not about most secure software. This report just says that many people, who use kaspersky, do not keep updated their java and flash. Secunia rates the unpatched vulnerabilities of Windows 7 as highly critical. It's just that big companies (the most likely customers of kaspersky) don't use W7 as much as Java.
-
Still, I'd stick to "usermode" stuff... apk
Well, I've done driver work (via the Windows DDK), & it wasn't some "huge hurdle" really!
Fact is, I found that MOST drivers are usually a LOT tinier than larger systems are in moving parts AND lines of code involved, plus, there are templates (in the Windows world @ least).
On "larger systems"? Think information systems (this is my "steady-eddy"work for livelyhood typically since nobody does their books or data EXACTLY the same, there's always room for growth in this type of coding) that I've written over time too!
E.G. -> I worked on a RamDrive driver, based off the MS-DDK template (most, if not ALL, are), in the distant past (1997). Worked out OK too!
* Still - per my subject-line above: I'd be more interested in developing what PEOPLE ACTUALLY USE though, in usermode/ring 3/rpl 3 programs, since that's what I'm used to building for, oh, 18++ yrs. now, professionally...
If Linux needs anything, it's apps & per the discussion you & I just had, in what happened to my roommate & his experience with Linux vs. Windows
"I agree. happened to me the first time I tried ca. 1999. But now ? it's just better than anything else for my needs." - by Anonymous Coward on Sunday October 07, @09:53AM (#41576315)
The Linux kernel's solid (no bugs in 3.3x really -> http://secunia.com/advisories/product/40716/ )
Well, some show here later -> http://web.nvd.nist.gov/view/vuln/search-results?query=Linux+Kernel&search_type=all&cves=on though, but they get fixed quickly enough, usually.
So, for the MOST PART, it's getting very "solid" @ the kernel level... At least as far as bug-tracking & fixes!
Also, from what I heard tell: Mr. Torvalds is VERY interested in bug fixes @ that level, & doesn't delay on fixes... he wants them FIXED AS FAST AS POSSIBLE!
(This is most unlike MS' once a month "Patch Tuesday"... but, then again, you've got to WAIT usually to get those updated kernels in Linux distros too - that is, unless you want to compile & build your OWN kernel update, which is something nice Linux offers also, that Windows doesn't!)
APK
P.S.=>
"it's mainly C and assembler. don't get Linus started on C++ in kernel. ever." - by Anonymous Coward on Sunday October 07, @09:53AM (#41576315)
Assembly &/or C were the 1st two languages I ever learned (well, after BASIC, way, Way, WAY back circa 1982 while in highschool timesharing from a DEC PDP-11 iirc over bootjack modems, lol) in 1994, when I went back for MORE strict CSC degree work (90 hours into the 120 for the B.S., have the AAS work done, long ago - just "chipping away" @ the Bachelors over time, when I have time + can afford it too, of course... lol!)
So - trust me, lol - I never "forgot" them!
However - I don't care to do asm work unless I am in a "jam" for performance (that's in usermode/ring 3/rpl 3 though), since it is a lot more work, & I am not "the greatest" @ it (too many years of NOT using it regularly)...
Still, you step-trace it, look @ data contents in variables, & off you go - nothing different than doing what you do in higher-level langauges (HLL)...
Funniest part on C vs. C++ for me:
I learned C first, & immediately afterwards, took C++ - I found it CONFUSING AS HELL, since the syntax of C can be used in most C++ compilers (think scanf vs. cin/cout), but it was more how you THINK about & CONSTRUCT programs in them that "threw me" for awhile, lol, & if you've been there? You know EXACTLY what I mean!
In fact, I'd tell anyone, especially nowadays? Take C or C++ but not both, or, @ least not in the order I did, lol...
... apk
-
MSE + Secunia PSI
MSE is great, for the money, and its pretty light weight. I would add Secunia PSI to the list http://secunia.com/vulnerability_scanning/personal/ It's also free and scans the computer for out of date and vulnerable software. Malwares Favorite place to get in is unpatched software. This includes stuff you installed once and forgot about, stuff that came with your computer that you never use, etc. A totally patched system (including all the forgotten about stuff) is the best way to stay clean in addition to the not clicking on random stuff. In addition, if you don't need it uninstall it. A good example of this is Java. Most people don't acutally need it but have it installed on their computers. Just get rid of it and then you don't have to worry if it's not a secure program. Soundcloud should be clean but it's all the other places to be concerned about.
-
Re:incoherent summary
IE9 was more secure in several ways than Firefox. It also had comparable number of security holes.
Oh really? You might want to check what Secunia has to say on the matter.
For IE 9
For Firefox 15
The two aren't even close in terms of vulnerabilities. Too soon for Fx 15? Let's go with the 14 version:
Less than half the problems.
And one more for good measure; Firefox 13. Again, less than half the vulnerabilities of IE 9. Even the unpatched vulnerabilities for Firefox are less critical than the ones for IE 9.
So yes, things have changed substantially in one year. Either IE 9 has gotten worse or Firefox has gotten better. Take your pick.