secunia.com · Domains · Slashdot Mirror

Re:Not to worry. No... DO WORRY! by Anonymous Coward · 2008-09-23 05:36 · Score: 0 · on PDF Exploits On the Rise

"Anyway, I doubt the alternative PDF readers suffer from the security issues present in Acrobat Reader. -GayGirlie" - by Anonymous Coward on Tuesday September 23, @11:53AM (#25121643)

Don't be too sure...

( ... &, this is just 1 single example thereof, since I saw it mentioned here on this site about this topic, as to Adobe Acrobat Reader replacements/alternate programs)

FOXIT PDF READER 2.x SERIES:

http://secunia.com/advisories/product/12995/

Affected By 2 Secunia advisories, 3 Vulnerabilities

You might want to check your EVINCE program @ SECUNIA.COM as well, just to be sure.

APK

P.S.=> You may find SECUNIA.COM useful in researching any applications you might be using, for this kind of information... &, for choosing the alternates you intend to try out on your machines as well, for this very application's (Adobe Acrobat Reader) replacement (FoxIT is just one I saw suggested here, & I was aware of it having security vulnerabilities, & that's why I used it to illustrate my point here)... apk

Re:They just don't get it do they by Anonymous Coward · 2008-08-25 23:40 · Score: 1, Insightful · on IE8 Will Contain an Accidental Ad Blocker

Because all of the holes in Internet Explorer make it easier for people to take over your computer via a webpage, which might be served in the advertising that still slips through the ad blocker?

Or, you know, because Firefox is a better browser?

Outlook/Word 2003 UNPATCHED from 2004-07-12 by NZheretic · 2008-08-24 05:12 · Score: 1 · on Best Western Loses Details On 8 Million Customers

Corrected link for Outlook: System access, From remote, Unpatched, Known since 2004-07-12.

Fact, Fact and more Facts by NZheretic · 2008-08-24 04:47 · Score: 2, Informative · on Best Western Loses Details On 8 Million Customers

From the article:

... the Sunday Herald understands that a hacker from India - new to the world of cyber-crime - succeeded in bypassing the system's security software and placing a Trojan virus on one of the Best Western Hotel machines used for reservations. The next time a member of staff logged in, her username and password were collected and stored.
"Large corporate companies rely on anti-virus products to protect their infrastructure, but the problem with this approach is that these products only detect around 60% of threats out there. In the right hands, viruses can easily bypass these programs, as was the case here," explained Erasmus.

Those Large corporate companies rely on anti-virus products to protect Microsoft OS desktops. There is no equivalent Linux plague of viruses in the wild to be concerned about. Even the threat to MacOSX based desktops systems is minute in comparison to the Millions of Microsoft-targeting virus out in the wild.

Microsoft's most widely deployed platform and applications have not been secured. The XP platform has still has 30 unpatched vulnerabilities, the latest version of Internet Explorer still has 10 unpatched vulnerabilities, and Outlook 2003 ( the most widely deployed business version of Outlook ) still has one vulnerability outstanding from . Microsoft Office 2003, still the most widely deployed version of Office, has four outstanding vulnerabilities which put the desktop at high risk of being infected. These are all unpatched widely known vulnerabilities, and are only the ones in Microsoft's own product, not to mention all the third party vulnerabilities, in downloadable codecs for example, that the design of Microsoft's platforms makes it so easy for crackers to exploit.

In comparison, all of the major Linux based distros have an excellent record of closing known vulnerabilities within days if not hours, before the holes get a chance to be exploited. Also SELinux is becoming more widely deployed to secure applications against such threats.

Fact: Using a Microsoft based desktop put you a far high risk of being hack than either a Linux or Mac based desktop.

Fact, Fact and more Facts by NZheretic · 2008-08-24 04:47 · Score: 2, Informative · on Best Western Loses Details On 8 Million Customers

From the article:

... the Sunday Herald understands that a hacker from India - new to the world of cyber-crime - succeeded in bypassing the system's security software and placing a Trojan virus on one of the Best Western Hotel machines used for reservations. The next time a member of staff logged in, her username and password were collected and stored.
"Large corporate companies rely on anti-virus products to protect their infrastructure, but the problem with this approach is that these products only detect around 60% of threats out there. In the right hands, viruses can easily bypass these programs, as was the case here," explained Erasmus.

Those Large corporate companies rely on anti-virus products to protect Microsoft OS desktops. There is no equivalent Linux plague of viruses in the wild to be concerned about. Even the threat to MacOSX based desktops systems is minute in comparison to the Millions of Microsoft-targeting virus out in the wild.

Microsoft's most widely deployed platform and applications have not been secured. The XP platform has still has 30 unpatched vulnerabilities, the latest version of Internet Explorer still has 10 unpatched vulnerabilities, and Outlook 2003 ( the most widely deployed business version of Outlook ) still has one vulnerability outstanding from . Microsoft Office 2003, still the most widely deployed version of Office, has four outstanding vulnerabilities which put the desktop at high risk of being infected. These are all unpatched widely known vulnerabilities, and are only the ones in Microsoft's own product, not to mention all the third party vulnerabilities, in downloadable codecs for example, that the design of Microsoft's platforms makes it so easy for crackers to exploit.

In comparison, all of the major Linux based distros have an excellent record of closing known vulnerabilities within days if not hours, before the holes get a chance to be exploited. Also SELinux is becoming more widely deployed to secure applications against such threats.

Fact: Using a Microsoft based desktop put you a far high risk of being hack than either a Linux or Mac based desktop.

Fact, Fact and more Facts by NZheretic · 2008-08-24 04:47 · Score: 2, Informative · on Best Western Loses Details On 8 Million Customers

From the article:

... the Sunday Herald understands that a hacker from India - new to the world of cyber-crime - succeeded in bypassing the system's security software and placing a Trojan virus on one of the Best Western Hotel machines used for reservations. The next time a member of staff logged in, her username and password were collected and stored.
"Large corporate companies rely on anti-virus products to protect their infrastructure, but the problem with this approach is that these products only detect around 60% of threats out there. In the right hands, viruses can easily bypass these programs, as was the case here," explained Erasmus.

Those Large corporate companies rely on anti-virus products to protect Microsoft OS desktops. There is no equivalent Linux plague of viruses in the wild to be concerned about. Even the threat to MacOSX based desktops systems is minute in comparison to the Millions of Microsoft-targeting virus out in the wild.

Microsoft's most widely deployed platform and applications have not been secured. The XP platform has still has 30 unpatched vulnerabilities, the latest version of Internet Explorer still has 10 unpatched vulnerabilities, and Outlook 2003 ( the most widely deployed business version of Outlook ) still has one vulnerability outstanding from . Microsoft Office 2003, still the most widely deployed version of Office, has four outstanding vulnerabilities which put the desktop at high risk of being infected. These are all unpatched widely known vulnerabilities, and are only the ones in Microsoft's own product, not to mention all the third party vulnerabilities, in downloadable codecs for example, that the design of Microsoft's platforms makes it so easy for crackers to exploit.

In comparison, all of the major Linux based distros have an excellent record of closing known vulnerabilities within days if not hours, before the holes get a chance to be exploited. Also SELinux is becoming more widely deployed to secure applications against such threats.

Fact: Using a Microsoft based desktop put you a far high risk of being hack than either a Linux or Mac based desktop.

Fact, Fact and more Facts by NZheretic · 2008-08-24 04:47 · Score: 2, Informative · on Best Western Loses Details On 8 Million Customers

From the article:

... the Sunday Herald understands that a hacker from India - new to the world of cyber-crime - succeeded in bypassing the system's security software and placing a Trojan virus on one of the Best Western Hotel machines used for reservations. The next time a member of staff logged in, her username and password were collected and stored.
"Large corporate companies rely on anti-virus products to protect their infrastructure, but the problem with this approach is that these products only detect around 60% of threats out there. In the right hands, viruses can easily bypass these programs, as was the case here," explained Erasmus.

Those Large corporate companies rely on anti-virus products to protect Microsoft OS desktops. There is no equivalent Linux plague of viruses in the wild to be concerned about. Even the threat to MacOSX based desktops systems is minute in comparison to the Millions of Microsoft-targeting virus out in the wild.

Microsoft's most widely deployed platform and applications have not been secured. The XP platform has still has 30 unpatched vulnerabilities, the latest version of Internet Explorer still has 10 unpatched vulnerabilities, and Outlook 2003 ( the most widely deployed business version of Outlook ) still has one vulnerability outstanding from . Microsoft Office 2003, still the most widely deployed version of Office, has four outstanding vulnerabilities which put the desktop at high risk of being infected. These are all unpatched widely known vulnerabilities, and are only the ones in Microsoft's own product, not to mention all the third party vulnerabilities, in downloadable codecs for example, that the design of Microsoft's platforms makes it so easy for crackers to exploit.

In comparison, all of the major Linux based distros have an excellent record of closing known vulnerabilities within days if not hours, before the holes get a chance to be exploited. Also SELinux is becoming more widely deployed to secure applications against such threats.

Fact: Using a Microsoft based desktop put you a far high risk of being hack than either a Linux or Mac based desktop.

Late then broke then YAY!? by Coolhand2120 · 2008-08-01 10:23 · Score: 0, Flamebait · on Apple Clients Still Vulnerable After DNS Patch

First Apple is late with the patch. Then the patch does not address the problem. And they do it again and again and again. Which is always met with great fanfare by Mac fans. Exhibit A is the first 50 posts here on slashdot. As long as Mac fans accept these BS patch fixes with a cheer, Apple will keep releasing patches that don't patch the probelm.

[sigh] even the article title is "DNS Clients Have Small Vector of Risk after Patch" ,,, where is the word 'small' in the /. title... ?

Unless lookupd is doing something really weird, this is a non-issue.

I don't understand how I can be vulnerable to this if I'm not running a DNS server. No open ports means no one can get in, unless I connect to them. If the DNS server I connect to is secured, how can anyone compromise my machine this way?

What it comes down to was Apple reported this patched fixed a problem that it did not fix. This means either they did not test the patch, incompetence, or they knew it didn't address the problem but told everyone it did, lies. All this defence of the indefensible makes people look like blithering idiots. If any company releases a patch that claims to patch something, then does not, that company deserves scorn, not this weak defence (oh it's not that bad!).

Secunia by halfEvilTech · 2008-08-01 05:36 · Score: 2, Informative · on Creating a Security Test Environment?

well if you are using all commercial applications and not homebrew stuff, I highly recommend checking these guys out.

Secunia[secunia.com]

The will run a scan on all software on the system. Tell you what is there, what has vulnerabilites, patches availible, secure and what has reached their end of life. For those with patches missing or vulnerabilites it will then rate them on criticality. Plus you can also scan remote machines as well.

I find this very usefull for tracking down those bugger programs that are not always listed in add remove programs to see what is all hiding on the system.

Re:A better sponsorship by cbiltcliffe · 2008-07-25 10:21 · Score: 2, Informative · on Microsoft Sponsors Apache Software Foundation

While I agree IIS security has improve dramatically, you might want to do your own research when you claim that there are no critical security vulnerabilities.

http://secunia.com/product/1438/?task=advisories

There are two remote system compromise vulnerabilities listed there.

Re:How many of those users CAN upgrade? by Anonymous Coward · 2008-07-21 07:10 · Score: 0 · on Internet Users Not Updating Browser

Opera's also CONTINUOUSLY maintained 0% known unpatched security vulnerabilities ratings @ SECUNIA.COM:

http://secunia.com/product/10615/?task=advisories

AND, for ages, before 9.27 model (way before in fact - whereas FF & IE are CONTINUOUSLY popping up NEW holes/exploits/vulnerabilities, & they patch them FAR slower than Opera's dev team does from what I have seen (I have actually worked WITH the FF team on one such bug in fact, they WERE fast about that one, fairly easy for them is why... others, though? We ALL know this is not the case... but, in defense of Mozilla/FF? They are FAR faster than MS is about fixing IE).

----

So, that "all said & aside" - Do I need to patch something that shows no known holes, vs. others like IE & FF??

Not really. Especially when Opera's dev. team literally PATCHES BEFORE THE EXPLOITS GET OUT IN THE WILD PUBLICLY, typically...

----

HOWEVER? NOW - FINALLY, FF in version 3.x is FINALLY @ 0%:

http://secunia.com/product/19089/

First time in years afaik, in version 3.01 (for now, until the NEXT bug crops up, & as quick as the FF team is in patching? They're usually a LOT slower than Opera's dev. team is, historically, year in & year out).

IMO & that of MANY others (a sensible one no less)?

FireFox's popularity is its own downfall here, though - less "security by obscurity", because just like IE is, it's used more by avg. users. Think malware writers don't KNOW & TAKE ADVANTAGE OF THIS? Well, if you were they, wouldn't YOU also target the biggest target there is, vs. the lesser used smaller targets (especially to make illegal monies & such via botnet infestations etc. of others' pc's? Of COURSE you would!)

(IE though, is only popular imo, due to it being incorporated into the OS, this is one move MS makes that I do not like - they rip off ideas already present in the freeware/shareware OR commercial market, & even attorneys are afraid to go after them, because they don't want to work a case that can be dragged out for 20++ yrs. in courts of law... in short, big money? Gets away with MURDER, nearly everytime, & we ALL know it).

APK

P.S.-> Want to stay TRULY safe(r) online? Try this:

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, plus make it 'fun to do', via CIS Tool Guidance:

http://forums.guru3d.com/showthread.php?s=c87c888017218100a13fc78c9e73b06c&t=246538

It works... in fact, here is a quote from one of its users (network tech/engineer/entrepreneur in this field):

----

http://www.xtremepccentral.com/forums/showpost.php?s=e58383209896ad17ea72808e2b5215ec&p=204956&postcount=50

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!"

----

&

----

http://www.xtremepccentral.com/forums/showpost.php?s=e58383209896ad17ea72808e2b5215ec&p=204956&postcount=50

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual."

----

That's just a SMALL sampling, others (many others) are available, upon request... because upgrading/updating your browser is NOT enough to fully secure yourself online today, as much as is possible... apk

Re:How many of those users CAN upgrade? by Anonymous Coward · 2008-07-21 07:10 · Score: 0 · on Internet Users Not Updating Browser

Opera's also CONTINUOUSLY maintained 0% known unpatched security vulnerabilities ratings @ SECUNIA.COM:

http://secunia.com/product/10615/?task=advisories

AND, for ages, before 9.27 model (way before in fact - whereas FF & IE are CONTINUOUSLY popping up NEW holes/exploits/vulnerabilities, & they patch them FAR slower than Opera's dev team does from what I have seen (I have actually worked WITH the FF team on one such bug in fact, they WERE fast about that one, fairly easy for them is why... others, though? We ALL know this is not the case... but, in defense of Mozilla/FF? They are FAR faster than MS is about fixing IE).

----

So, that "all said & aside" - Do I need to patch something that shows no known holes, vs. others like IE & FF??

Not really. Especially when Opera's dev. team literally PATCHES BEFORE THE EXPLOITS GET OUT IN THE WILD PUBLICLY, typically...

----

HOWEVER? NOW - FINALLY, FF in version 3.x is FINALLY @ 0%:

http://secunia.com/product/19089/

First time in years afaik, in version 3.01 (for now, until the NEXT bug crops up, & as quick as the FF team is in patching? They're usually a LOT slower than Opera's dev. team is, historically, year in & year out).

IMO & that of MANY others (a sensible one no less)?

FireFox's popularity is its own downfall here, though - less "security by obscurity", because just like IE is, it's used more by avg. users. Think malware writers don't KNOW & TAKE ADVANTAGE OF THIS? Well, if you were they, wouldn't YOU also target the biggest target there is, vs. the lesser used smaller targets (especially to make illegal monies & such via botnet infestations etc. of others' pc's? Of COURSE you would!)

(IE though, is only popular imo, due to it being incorporated into the OS, this is one move MS makes that I do not like - they rip off ideas already present in the freeware/shareware OR commercial market, & even attorneys are afraid to go after them, because they don't want to work a case that can be dragged out for 20++ yrs. in courts of law... in short, big money? Gets away with MURDER, nearly everytime, & we ALL know it).

APK

P.S.-> Want to stay TRULY safe(r) online? Try this:

HOW TO SECURE Windows 2000/XP/Server 2003 & even VISTA, plus make it 'fun to do', via CIS Tool Guidance:

http://forums.guru3d.com/showthread.php?s=c87c888017218100a13fc78c9e73b06c&t=246538

It works... in fact, here is a quote from one of its users (network tech/engineer/entrepreneur in this field):

----

http://www.xtremepccentral.com/forums/showpost.php?s=e58383209896ad17ea72808e2b5215ec&p=204956&postcount=50

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!"

----

&

----

http://www.xtremepccentral.com/forums/showpost.php?s=e58383209896ad17ea72808e2b5215ec&p=204956&postcount=50

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual."

----

That's just a SMALL sampling, others (many others) are available, upon request... because upgrading/updating your browser is NOT enough to fully secure yourself online today, as much as is possible... apk

Re:Honeynet by Anonymous Coward · 2008-07-15 04:58 · Score: 0 · on Estimating the Time-To-Own of an Unpatched Windows PC

"Luckily, Linux is pretty good at not getting owned so it's a bit of a non-issue at the moment, but I dare say it's only a matter of time before someone starts targeting them as well." - by neokushan (932374) on Tuesday July 15, @06:12AM (#24193515)

Take a read(s), it's happened PLENTY of times, & Linux (even SeLinux bearing distros in their DEFAULT config) aren't somekind of "magical panacea", either:

----

Critical Security Hole in Linux Wi-Fi:

http://it.slashdot.org/article.pl?sid=07/04/15/1515259

Linux Kernel 2.6 Local Root Exploit:

http://it.slashdot.org/it/08/02/10/2011257.shtml

Major Security Hole In Samsung Linux Drivers:

http://it.slashdot.org/it/07/07/18/0319203.shtml :

http://it.slashdot.org/it/08/01/24/1930207.shtml

Mystery Malware Affecting Linux/Apache Web Servers:

http://it.slashdot.org/it/06/10/03/2122220.shtml

SUSE Security Announcement: lprold (SUSE-SA:2003:0014):

http://www.novell.com/linux/security/advisories/2003_014_lprold.html

----

* That's just some (some might be patched now though, I did not check, but point is? They happen - bugs/vulns on *NIX period)... you weren't nearly as 'bad' as some Linux Penguin fanboys, but, I felt obligated to put out some data that keeps even your mild & actually decent reply, in check, to some degree (pointing out that Linux is NOT the "magic bullet"... heck, even BSD distros aren't).

APK

P.S.=> There's plenty more over @ SECUNIA.com for intance, in case you're interested, that's MORE CURRENT... open security vulnerablities are present in Linux still... e.g.->

http://secunia.com/search/?search=LINUX&w=1

You *NIX guys always try to "cut up" Windows on this note, but you often fail to acknowledge your systems/OS of choice is far from 100% "bugfree & bulletproof" too... apk

Funny thing is that Zone Alarm has had vulns by George_Ou · 2008-07-14 22:23 · Score: 5, Informative · on Estimating the Time-To-Own of an Unpatched Windows PC

Funny thing is that Zone Alarm has had some serious remote exploit vulnerabilities where if you hadn't installed a 3rd party FW in to your Windows XP computer, you'd be safe. Here's an example of one http://secunia.com/advisories/10921/. Windows XP, Vista, Server 2003 and 2008 Firewall has been rock solid and secure. You're simply talking out of your ass and you're giving the typical knee jerk reaction against Microsoft products. You do not have a single example of where Windows XP SP2 firewall is vulnerable to a remote exploit and there isn't a single example of hackers getting through it if all ports are closed.

Re:Web Server by SEMW · 2008-07-11 04:01 · Score: 1 · on The Very Worst Uses of Windows

However I have two points right back at you. ... Even is IIS7 ran as well as Apache or better (which I doubt) Apache is vastly more secure.

You can say that again. Why, in the year and a half since IIS 7 shipped, it's been deluged under a mammoth 1 Secunia advisories, whereas Apache 2.2 has had a mere 5 (2 still unpatched) in the same period. Clearly, Apache is vastly more secure. You sure showed them!

Re:Web Server by SEMW · 2008-07-11 04:01 · Score: 1 · on The Very Worst Uses of Windows

However I have two points right back at you. ... Even is IIS7 ran as well as Apache or better (which I doubt) Apache is vastly more secure.

You can say that again. Why, in the year and a half since IIS 7 shipped, it's been deluged under a mammoth 1 Secunia advisories, whereas Apache 2.2 has had a mere 5 (2 still unpatched) in the same period. Clearly, Apache is vastly more secure. You sure showed them!

Re:Hmmm by Anonymous Coward · 2008-07-05 07:41 · Score: 1, Informative · on Mozilla Launches Security Metrics Project

"So, we don't like the current stats because they make us look bad; so lets try to create a new "standard" which will make us look better? A standard that can only really be applied to open source, because you can't see the bug count in closed source?

Wow. That really smells." - by Anonymous Coward on Saturday July 05, @05:09AM (#24064781)

Agreed, 110%... instead of WASTING TIME doing that (well, there is no guarantee that Rich Mogull can actually DO anything more than that, let alone code to help the Mozilla dev team, OR even actively test the program trying to screw it up, finding another form of 'bug', not just security ones), fix the known unpatched security issues & you do NOT have to go about this b.s., period...

AS IT STANDS, NOW TODAY/CURRENTLY?

-----
SECUNIA DATA ON BROWSER SECURITY (dated 07/04/2008 - "4th July U.S.A."):
-----

Opera 9.51 (new release) security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

-----

FireFox 3.x security advisories @ SECUNIA (100% unpatched):

http://secunia.com/product/19089/

-----

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (34% unpatched):

http://secunia.com/product/12366/

-----

Those %'s are the latest for FireFox 3.x, IE7 after last "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have (see the security downloads URL I post in the 12 steps above to secure yourself), & Opera 9.51... ALL, "latest/greatest" models.

So, as you can see? Well, NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES?

It's faster too, on just about ANYTHING a browser does, & is probably the MOST standards compliant browser under the sun (not counting HTML dev tools). This is borne out in these tests:

http://www.howtocreate.co.uk/browserSpeed.html

AND, yes others (most recently in Javascript parsing speeds, oddly enough, lol... given the topic of my post here that is), right here:

http://nontroppo.org/timer/kestrel_tests/

NEW NEWS/NEWSFLASH: FF3 is "king of the heap" here now, in javascript parsing speeds, but of what gain is this? Security risks abound in running javascript on "every site under the sun"... limiting it to sites you absolutely NEED it for is the way, IF you wish to stay safer online that is.

----

Opera's just more std.'s compliant - for example, having passed all the ACID (2/3 before anyone on the latter & one of the first for the former no less), plus it's faster + MULTIPLATFORM, & more secure than the others out there - thus, it's an "all-around" overall best solution!

-----

QUESTION - So, "where do you want to go today?"...

ANSWER = Opera (if you're into speed, security, & std.'s compliance + using a webbrowser that runs on most any platform out there for computing is where).

APK

P.S.=> Thank goodness the poster before myself can "see", & cut thru the fog of lies/crap this really is... fix the bugs? No reason to have to do such stupidity... apk

Re:Hmmm by Anonymous Coward · 2008-07-05 07:41 · Score: 1, Informative · on Mozilla Launches Security Metrics Project

"So, we don't like the current stats because they make us look bad; so lets try to create a new "standard" which will make us look better? A standard that can only really be applied to open source, because you can't see the bug count in closed source?

Wow. That really smells." - by Anonymous Coward on Saturday July 05, @05:09AM (#24064781)

Agreed, 110%... instead of WASTING TIME doing that (well, there is no guarantee that Rich Mogull can actually DO anything more than that, let alone code to help the Mozilla dev team, OR even actively test the program trying to screw it up, finding another form of 'bug', not just security ones), fix the known unpatched security issues & you do NOT have to go about this b.s., period...

AS IT STANDS, NOW TODAY/CURRENTLY?

-----
SECUNIA DATA ON BROWSER SECURITY (dated 07/04/2008 - "4th July U.S.A."):
-----

Opera 9.51 (new release) security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

-----

FireFox 3.x security advisories @ SECUNIA (100% unpatched):

http://secunia.com/product/19089/

-----

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (34% unpatched):

http://secunia.com/product/12366/

-----

Those %'s are the latest for FireFox 3.x, IE7 after last "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have (see the security downloads URL I post in the 12 steps above to secure yourself), & Opera 9.51... ALL, "latest/greatest" models.

So, as you can see? Well, NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES?

It's faster too, on just about ANYTHING a browser does, & is probably the MOST standards compliant browser under the sun (not counting HTML dev tools). This is borne out in these tests:

http://www.howtocreate.co.uk/browserSpeed.html

AND, yes others (most recently in Javascript parsing speeds, oddly enough, lol... given the topic of my post here that is), right here:

http://nontroppo.org/timer/kestrel_tests/

NEW NEWS/NEWSFLASH: FF3 is "king of the heap" here now, in javascript parsing speeds, but of what gain is this? Security risks abound in running javascript on "every site under the sun"... limiting it to sites you absolutely NEED it for is the way, IF you wish to stay safer online that is.

----

Opera's just more std.'s compliant - for example, having passed all the ACID (2/3 before anyone on the latter & one of the first for the former no less), plus it's faster + MULTIPLATFORM, & more secure than the others out there - thus, it's an "all-around" overall best solution!

-----

QUESTION - So, "where do you want to go today?"...

ANSWER = Opera (if you're into speed, security, & std.'s compliance + using a webbrowser that runs on most any platform out there for computing is where).

APK

P.S.=> Thank goodness the poster before myself can "see", & cut thru the fog of lies/crap this really is... fix the bugs? No reason to have to do such stupidity... apk

Re:Hmmm by Anonymous Coward · 2008-07-05 07:41 · Score: 1, Informative · on Mozilla Launches Security Metrics Project

"So, we don't like the current stats because they make us look bad; so lets try to create a new "standard" which will make us look better? A standard that can only really be applied to open source, because you can't see the bug count in closed source?

Wow. That really smells." - by Anonymous Coward on Saturday July 05, @05:09AM (#24064781)

Agreed, 110%... instead of WASTING TIME doing that (well, there is no guarantee that Rich Mogull can actually DO anything more than that, let alone code to help the Mozilla dev team, OR even actively test the program trying to screw it up, finding another form of 'bug', not just security ones), fix the known unpatched security issues & you do NOT have to go about this b.s., period...

AS IT STANDS, NOW TODAY/CURRENTLY?

-----
SECUNIA DATA ON BROWSER SECURITY (dated 07/04/2008 - "4th July U.S.A."):
-----

Opera 9.51 (new release) security advisories @ SECUNIA (0% unpatched):

http://secunia.com/product/10615/?task=advisories

-----

FireFox 3.x security advisories @ SECUNIA (100% unpatched):

http://secunia.com/product/19089/

-----

IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (34% unpatched):

http://secunia.com/product/12366/

-----

Those %'s are the latest for FireFox 3.x, IE7 after last "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have (see the security downloads URL I post in the 12 steps above to secure yourself), & Opera 9.51... ALL, "latest/greatest" models.

So, as you can see? Well, NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES?

It's faster too, on just about ANYTHING a browser does, & is probably the MOST standards compliant browser under the sun (not counting HTML dev tools). This is borne out in these tests:

http://www.howtocreate.co.uk/browserSpeed.html

AND, yes others (most recently in Javascript parsing speeds, oddly enough, lol... given the topic of my post here that is), right here:

http://nontroppo.org/timer/kestrel_tests/

NEW NEWS/NEWSFLASH: FF3 is "king of the heap" here now, in javascript parsing speeds, but of what gain is this? Security risks abound in running javascript on "every site under the sun"... limiting it to sites you absolutely NEED it for is the way, IF you wish to stay safer online that is.

----

Opera's just more std.'s compliant - for example, having passed all the ACID (2/3 before anyone on the latter & one of the first for the former no less), plus it's faster + MULTIPLATFORM, & more secure than the others out there - thus, it's an "all-around" overall best solution!

-----

QUESTION - So, "where do you want to go today?"...

ANSWER = Opera (if you're into speed, security, & std.'s compliance + using a webbrowser that runs on most any platform out there for computing is where).

APK

P.S.=> Thank goodness the poster before myself can "see", & cut thru the fog of lies/crap this really is... fix the bugs? No reason to have to do such stupidity... apk

Re:Confirmation by Allador · 2008-06-23 18:46 · Score: 1 · on Multiple Security Holes In Ruby 1.8, 1.9

I think you need to look at the disclosure histories yourself.

Assuming all things are equal, .NET has by far the best record. Python in the middle (by raw count), and Java at the end.

Mind you, Python has two 'own your system' unpatched vulnerabilities right now, that are between 6 and 9 months old and still unpatched. They could be less serious than secunia makes them out to be, however, I'm not familiar enough with them to say off the top of my head.

Python 2.3.x
Python 2.4.x
Python 2.5.x
Python 2.6.x

I'm not going to do it again here, but I also looked at and linked to the secunia listings of .NET and Java in a post just above here. .NET has an excellent record. Java less so, but still not terrible.

Re:Confirmation by Allador · 2008-06-23 18:46 · Score: 1 · on Multiple Security Holes In Ruby 1.8, 1.9

I think you need to look at the disclosure histories yourself.

Assuming all things are equal, .NET has by far the best record. Python in the middle (by raw count), and Java at the end.

Mind you, Python has two 'own your system' unpatched vulnerabilities right now, that are between 6 and 9 months old and still unpatched. They could be less serious than secunia makes them out to be, however, I'm not familiar enough with them to say off the top of my head.

Python 2.3.x
Python 2.4.x
Python 2.5.x
Python 2.6.x

I'm not going to do it again here, but I also looked at and linked to the secunia listings of .NET and Java in a post just above here. .NET has an excellent record. Java less so, but still not terrible.

Re:Confirmation by Allador · 2008-06-23 18:46 · Score: 1 · on Multiple Security Holes In Ruby 1.8, 1.9

I think you need to look at the disclosure histories yourself.

Assuming all things are equal, .NET has by far the best record. Python in the middle (by raw count), and Java at the end.

Mind you, Python has two 'own your system' unpatched vulnerabilities right now, that are between 6 and 9 months old and still unpatched. They could be less serious than secunia makes them out to be, however, I'm not familiar enough with them to say off the top of my head.

Python 2.3.x
Python 2.4.x
Python 2.5.x
Python 2.6.x

I'm not going to do it again here, but I also looked at and linked to the secunia listings of .NET and Java in a post just above here. .NET has an excellent record. Java less so, but still not terrible.

Re:Confirmation by Allador · 2008-06-23 18:46 · Score: 1 · on Multiple Security Holes In Ruby 1.8, 1.9

I think you need to look at the disclosure histories yourself.

Assuming all things are equal, .NET has by far the best record. Python in the middle (by raw count), and Java at the end.

Mind you, Python has two 'own your system' unpatched vulnerabilities right now, that are between 6 and 9 months old and still unpatched. They could be less serious than secunia makes them out to be, however, I'm not familiar enough with them to say off the top of my head.

Python 2.3.x
Python 2.4.x
Python 2.5.x
Python 2.6.x

I'm not going to do it again here, but I also looked at and linked to the secunia listings of .NET and Java in a post just above here. .NET has an excellent record. Java less so, but still not terrible.

Re:Confirmation by Allador · 2008-06-23 18:40 · Score: 1 · on Multiple Security Holes In Ruby 1.8, 1.9

You're exaggerating the risk of the Java JVM and particularly .NET quite a bit.

If you look at the security hole history of .NET 1.1, .NET 2.0, and .NET 3.0, you'll notice an almost perfect history.

The only true easy own your box was the JPEG parsing vuln that affected a ton of MS products, and that hit .NET as well, due to shared code/modules.

The JVM has been less close to perfect, but its not too bad. You can read about them for JRE 1.4, JRE 1.5/5, and JRE 1.6/6.

I would also say that its not an apples to apples comparison. Most of the vulns in .NET and Java have been not in the core language itself, but in the web-applet piece, or in image handling or similar parts of the libraries built in. These are much larger than the built-in libraries that Python ships with.

I'm not trying to start an argument of who has the most possible libraries, including 3rd party, but just pointing out that the default shipment of Java and .NET comes with alot more 'stuff', which widens the attack surface area.