Slashdot Mirror

← Back to Domains

Domain: secunia.com

Stories and comments across the archive that link to secunia.com.

Comments · 2,642

  1. Re:Firefox bookmark sync??? by Anonymous Coward · · Score: 0 · on A Preview of Opera 9.5

    "Firefox is "Free" rather than free (look it up if you don't know the difference) as well as feature complete out of the box. Others are free to add extensions if they wish, however, they are unnecessary for a complete browser experience in my opinion." - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) As to that statement above? Well, I'm only going to point you here:

    http://slashdot.org/comments.pl?sid=286721&thresho ld=-1&commentsort=0&mode=thread&pid=20461435#20463 605

    That's from myself, speaking as a professional developer.

    E.G.-> I've been writing code professionally all the way from shareware/freeware (featured in many magazines, books, newspapers, Microsoft TechEd 2000/2002, commercial applications (portions thereof & being sold today by Microsoft Certified Partners) & more for wares I wrote over the last 15 years in this field, for that portion - if you would like a list of that, I can provide it for you, quickly), & up to "enterprise class" level information systems that run "110% bulletproof & bugfree" for companies without alterations (major ones, not adding reports etc.) after they passed muster & went into production (years ago no less on most, almost a decade now).

    Additionally? I have helped FireFox's team find & fix bugs before, & you can write them on that, OR philipp @ NTCompatible.com, as regards problems FF had with NTCompatible.com's "homegrown" forums board engine - I will give them 1 thing: They showed up & spoke to us all there DIRECTLY, & fixed what I spotted in less than 2 days time... pretty cool!)

    ----

    This data on unpatched vulnerabilities I used? Hey - It's no mere opinion, again - see these url's from a respected site online as regards security:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    ----

    That is all (what is in the URL above, as to YOUR definition of "free", & it's downsides, as far as security is concerned) in regards to your "play on words" (because, that's ALL that is, & free to myself means NO COST in actual monies to use it, pretty simple)...

    APK

    P.S.=> & yes, some of the data I put up above was also to 'back up my status' as an experienced professional developer in this field as well (since you demand that type of thing & accused me of not reading something, when you blatantly tried to put words into my mouth I never said (regarding passing ACID2 for Opera)... apk
  2. Re:Firefox bookmark sync??? by Anonymous Coward · · Score: 0 · on A Preview of Opera 9.5

    "Firefox is "Free" rather than free (look it up if you don't know the difference) as well as feature complete out of the box. Others are free to add extensions if they wish, however, they are unnecessary for a complete browser experience in my opinion." - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) As to that statement above? Well, I'm only going to point you here:

    http://slashdot.org/comments.pl?sid=286721&thresho ld=-1&commentsort=0&mode=thread&pid=20461435#20463 605

    That's from myself, speaking as a professional developer.

    E.G.-> I've been writing code professionally all the way from shareware/freeware (featured in many magazines, books, newspapers, Microsoft TechEd 2000/2002, commercial applications (portions thereof & being sold today by Microsoft Certified Partners) & more for wares I wrote over the last 15 years in this field, for that portion - if you would like a list of that, I can provide it for you, quickly), & up to "enterprise class" level information systems that run "110% bulletproof & bugfree" for companies without alterations (major ones, not adding reports etc.) after they passed muster & went into production (years ago no less on most, almost a decade now).

    Additionally? I have helped FireFox's team find & fix bugs before, & you can write them on that, OR philipp @ NTCompatible.com, as regards problems FF had with NTCompatible.com's "homegrown" forums board engine - I will give them 1 thing: They showed up & spoke to us all there DIRECTLY, & fixed what I spotted in less than 2 days time... pretty cool!)

    ----

    This data on unpatched vulnerabilities I used? Hey - It's no mere opinion, again - see these url's from a respected site online as regards security:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    ----

    That is all (what is in the URL above, as to YOUR definition of "free", & it's downsides, as far as security is concerned) in regards to your "play on words" (because, that's ALL that is, & free to myself means NO COST in actual monies to use it, pretty simple)...

    APK

    P.S.=> & yes, some of the data I put up above was also to 'back up my status' as an experienced professional developer in this field as well (since you demand that type of thing & accused me of not reading something, when you blatantly tried to put words into my mouth I never said (regarding passing ACID2 for Opera)... apk
  3. Re:Firefox bookmark sync??? by Anonymous Coward · · Score: 0 · on A Preview of Opera 9.5

    "Firefox is "Free" rather than free (look it up if you don't know the difference) as well as feature complete out of the box. Others are free to add extensions if they wish, however, they are unnecessary for a complete browser experience in my opinion." - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) As to that statement above? Well, I'm only going to point you here:

    http://slashdot.org/comments.pl?sid=286721&thresho ld=-1&commentsort=0&mode=thread&pid=20461435#20463 605

    That's from myself, speaking as a professional developer.

    E.G.-> I've been writing code professionally all the way from shareware/freeware (featured in many magazines, books, newspapers, Microsoft TechEd 2000/2002, commercial applications (portions thereof & being sold today by Microsoft Certified Partners) & more for wares I wrote over the last 15 years in this field, for that portion - if you would like a list of that, I can provide it for you, quickly), & up to "enterprise class" level information systems that run "110% bulletproof & bugfree" for companies without alterations (major ones, not adding reports etc.) after they passed muster & went into production (years ago no less on most, almost a decade now).

    Additionally? I have helped FireFox's team find & fix bugs before, & you can write them on that, OR philipp @ NTCompatible.com, as regards problems FF had with NTCompatible.com's "homegrown" forums board engine - I will give them 1 thing: They showed up & spoke to us all there DIRECTLY, & fixed what I spotted in less than 2 days time... pretty cool!)

    ----

    This data on unpatched vulnerabilities I used? Hey - It's no mere opinion, again - see these url's from a respected site online as regards security:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    ----

    That is all (what is in the URL above, as to YOUR definition of "free", & it's downsides, as far as security is concerned) in regards to your "play on words" (because, that's ALL that is, & free to myself means NO COST in actual monies to use it, pretty simple)...

    APK

    P.S.=> & yes, some of the data I put up above was also to 'back up my status' as an experienced professional developer in this field as well (since you demand that type of thing & accused me of not reading something, when you blatantly tried to put words into my mouth I never said (regarding passing ACID2 for Opera)... apk
  4. Re:Firefox bookmark sync??? by Anonymous Coward · · Score: 0 · on A Preview of Opera 9.5

    "OK. I'll see your opinion and I'll raise you one opinion. Firefox truly is "the superior warrior" as far as web browsers go, by all means." - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) It's no mere opinion, again - see these url's:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    "I find it hard to believe that Opera has existed for so long with such few vulnerabilities unless it is because nobody is realy paying it attention." - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) Funny - isn't SECUNIA often cited here as a site that deals in security related matters & cited here @ /., must mean SOME respect as to their findings... again, see those above.

    "All I know is that my usage Firefox truly is "the superior warrior" as far as web browsers go, by all means." - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) Well, SECUNIA data shows otherwise... "Read 'em, & weep!".

    APK

    P.S.=>

    "Why bother stating it was the first if you can't even take the few second required to check your facts?" - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) Can you not read? I said it MIGHT have been the first, but that I was not sure... but, I also stated the important part here was THAT IT DID PASS ACID2 TESTING, & this is all.

    apk
  5. Re:Firefox bookmark sync??? by Anonymous Coward · · Score: 0 · on A Preview of Opera 9.5

    "OK. I'll see your opinion and I'll raise you one opinion. Firefox truly is "the superior warrior" as far as web browsers go, by all means." - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) It's no mere opinion, again - see these url's:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    "I find it hard to believe that Opera has existed for so long with such few vulnerabilities unless it is because nobody is realy paying it attention." - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) Funny - isn't SECUNIA often cited here as a site that deals in security related matters & cited here @ /., must mean SOME respect as to their findings... again, see those above.

    "All I know is that my usage Firefox truly is "the superior warrior" as far as web browsers go, by all means." - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) Well, SECUNIA data shows otherwise... "Read 'em, & weep!".

    APK

    P.S.=>

    "Why bother stating it was the first if you can't even take the few second required to check your facts?" - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) Can you not read? I said it MIGHT have been the first, but that I was not sure... but, I also stated the important part here was THAT IT DID PASS ACID2 TESTING, & this is all.

    apk
  6. Re:Firefox bookmark sync??? by Anonymous Coward · · Score: 0 · on A Preview of Opera 9.5

    "OK. I'll see your opinion and I'll raise you one opinion. Firefox truly is "the superior warrior" as far as web browsers go, by all means." - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) It's no mere opinion, again - see these url's:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    "I find it hard to believe that Opera has existed for so long with such few vulnerabilities unless it is because nobody is realy paying it attention." - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) Funny - isn't SECUNIA often cited here as a site that deals in security related matters & cited here @ /., must mean SOME respect as to their findings... again, see those above.

    "All I know is that my usage Firefox truly is "the superior warrior" as far as web browsers go, by all means." - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) Well, SECUNIA data shows otherwise... "Read 'em, & weep!".

    APK

    P.S.=>

    "Why bother stating it was the first if you can't even take the few second required to check your facts?" - by Anonymous Coward on Monday September 03, @08:10PM (#20457817) Can you not read? I said it MIGHT have been the first, but that I was not sure... but, I also stated the important part here was THAT IT DID PASS ACID2 TESTING, & this is all.

    apk
  7. On security, javascript, & more... apk by Anonymous Coward · · Score: 0 · on Bulletproof Tool For Golden Age Browsing?

    "- Firefox( I think there is a kiosk mode addon, and you'll have to install security updates every couple of weeks)" - by Jessta (666101) on Tuesday September 04, @12:12AM (#20459799) Some "FYI" for those of you comparing FireFox/IE/Opera, as far as security. Especially as regards security related vulnerabilities remaining unpatched:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    (Given that information, as far as regards security problems in the code internally, Opera is ahead of the game by far in this capacity)

    APK

    P.S.=>

    "You can't disable javascript because so many websites stupidly depend on it." - by Jessta (666101) on Tuesday September 04, @12:12AM (#20459799) Easily solved: As far as scripting or even cookie tracking - Opera natively/built in already into its codebase without addons, can allow certain sites to run java/javascript, OR NOT, & the same for tracking cookies...

    (Done on a site-by-site exceptions list basis that's easily added to OR removed from, via a GUI interface for it, accessible by right-clicks on the webpage concerned)...

    Not absolutely sure if FireFox does this type of thing or not, @ least, by itself without addons (which Opera does natively)...

    However I do know FF has a "per source" addon in NoScript, an .xpi addon that can do the same & perhaps a BIT better than Opera's native one because Opera's operates on the site in its entirety (where as NoScript iirc, can go to individual frames/sections on a webpage & such & do that iirc)!

    Java/javascript: Good stuff for INTRANETS, not so good online (even adbanners have seen it misused the past 2-4 years now online, quite a few times)... it's a double-edged sword, by all means!

    However, still: FF has a lot more unpatched security vulnerabilities in the first place vs. Opera with none... apk
  8. On security, javascript, & more... apk by Anonymous Coward · · Score: 0 · on Bulletproof Tool For Golden Age Browsing?

    "- Firefox( I think there is a kiosk mode addon, and you'll have to install security updates every couple of weeks)" - by Jessta (666101) on Tuesday September 04, @12:12AM (#20459799) Some "FYI" for those of you comparing FireFox/IE/Opera, as far as security. Especially as regards security related vulnerabilities remaining unpatched:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    (Given that information, as far as regards security problems in the code internally, Opera is ahead of the game by far in this capacity)

    APK

    P.S.=>

    "You can't disable javascript because so many websites stupidly depend on it." - by Jessta (666101) on Tuesday September 04, @12:12AM (#20459799) Easily solved: As far as scripting or even cookie tracking - Opera natively/built in already into its codebase without addons, can allow certain sites to run java/javascript, OR NOT, & the same for tracking cookies...

    (Done on a site-by-site exceptions list basis that's easily added to OR removed from, via a GUI interface for it, accessible by right-clicks on the webpage concerned)...

    Not absolutely sure if FireFox does this type of thing or not, @ least, by itself without addons (which Opera does natively)...

    However I do know FF has a "per source" addon in NoScript, an .xpi addon that can do the same & perhaps a BIT better than Opera's native one because Opera's operates on the site in its entirety (where as NoScript iirc, can go to individual frames/sections on a webpage & such & do that iirc)!

    Java/javascript: Good stuff for INTRANETS, not so good online (even adbanners have seen it misused the past 2-4 years now online, quite a few times)... it's a double-edged sword, by all means!

    However, still: FF has a lot more unpatched security vulnerabilities in the first place vs. Opera with none... apk
  9. On security, javascript, & more... apk by Anonymous Coward · · Score: 0 · on Bulletproof Tool For Golden Age Browsing?

    "- Firefox( I think there is a kiosk mode addon, and you'll have to install security updates every couple of weeks)" - by Jessta (666101) on Tuesday September 04, @12:12AM (#20459799) Some "FYI" for those of you comparing FireFox/IE/Opera, as far as security. Especially as regards security related vulnerabilities remaining unpatched:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    (Given that information, as far as regards security problems in the code internally, Opera is ahead of the game by far in this capacity)

    APK

    P.S.=>

    "You can't disable javascript because so many websites stupidly depend on it." - by Jessta (666101) on Tuesday September 04, @12:12AM (#20459799) Easily solved: As far as scripting or even cookie tracking - Opera natively/built in already into its codebase without addons, can allow certain sites to run java/javascript, OR NOT, & the same for tracking cookies...

    (Done on a site-by-site exceptions list basis that's easily added to OR removed from, via a GUI interface for it, accessible by right-clicks on the webpage concerned)...

    Not absolutely sure if FireFox does this type of thing or not, @ least, by itself without addons (which Opera does natively)...

    However I do know FF has a "per source" addon in NoScript, an .xpi addon that can do the same & perhaps a BIT better than Opera's native one because Opera's operates on the site in its entirety (where as NoScript iirc, can go to individual frames/sections on a webpage & such & do that iirc)!

    Java/javascript: Good stuff for INTRANETS, not so good online (even adbanners have seen it misused the past 2-4 years now online, quite a few times)... it's a double-edged sword, by all means!

    However, still: FF has a lot more unpatched security vulnerabilities in the first place vs. Opera with none... apk
  10. Re:Firefox bookmark sync??? by Anonymous Coward · · Score: 1, Insightful · on A Preview of Opera 9.5

    "From this point of view, I think Opera has one up on Firefox by including it in the default installation (unless you don't believe in adding features to a browser that not everyone will use, of course)." - by MMC Monster (602931) on Monday September 03, @09:52AM (#20451347) Totally, 110% agreed... Opera truly is, "the superior warrior", as far as webbrowsers go, by ALL means!

    (& the best part is, Opera has ALL of the features a body can need, WITHOUT using addons (though it has that via Opera widgets), & is LIGHTER ON MEMORY than FireFox &/or IE typically!)

    You can check memory residency yourselves by loading FF, & Opera (& IE for Windows users) & test memory size occupancy via taskmgr.exe (or similar tools like Process Explorer) yourselves & see what I mean...

    Opera's also faster than other browsers (best overall test I know of for that is here):

    BROWSER SPEED COMPARISONS ON MANY TASKS & MULTIPLE OPERATING SYSTEM PLATFORMS:

    http://www.howtocreate.co.uk/browserSpeed.html

    Opera also passed the "ACID2" test, for standards compliance... & iirc, before ANY other did... but, don't quote me on THAT account (before any other browser, because it may NOT have done it first, but the point is, that it did... be nice to know if it WAS first to do so, though, so thanks for ANY "FYI" on that account):

    http://it.slashdot.org/it/06/03/12/1416222.shtml

    And, Opera had features other browsers (major 3) copied from it:

    FIREFOX MYTHS:

    http://mywebpages.comcast.net/SupportCD/FirefoxMyt hs.html [comcast.net]

    (AND, yes folks: Opera had tabbed browsing before IE, or FireFox/Mozilla AND YES, it can be extended with addons, if you look up "Opera Widgets")...

    PLUS, Opera 9.23.8808 final build IS FREE + FULLY FEATURE LADEN, more than any other browser imo, without addons thrown in (as is, outta the box/stock oem model)

    APK

    P.S.=> Opera also shows LESS security vulnerabilities than the other 2 of the "big 3" & their most current builds/models/versions:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    apk
  11. Re:Firefox bookmark sync??? by Anonymous Coward · · Score: 1, Insightful · on A Preview of Opera 9.5

    "From this point of view, I think Opera has one up on Firefox by including it in the default installation (unless you don't believe in adding features to a browser that not everyone will use, of course)." - by MMC Monster (602931) on Monday September 03, @09:52AM (#20451347) Totally, 110% agreed... Opera truly is, "the superior warrior", as far as webbrowsers go, by ALL means!

    (& the best part is, Opera has ALL of the features a body can need, WITHOUT using addons (though it has that via Opera widgets), & is LIGHTER ON MEMORY than FireFox &/or IE typically!)

    You can check memory residency yourselves by loading FF, & Opera (& IE for Windows users) & test memory size occupancy via taskmgr.exe (or similar tools like Process Explorer) yourselves & see what I mean...

    Opera's also faster than other browsers (best overall test I know of for that is here):

    BROWSER SPEED COMPARISONS ON MANY TASKS & MULTIPLE OPERATING SYSTEM PLATFORMS:

    http://www.howtocreate.co.uk/browserSpeed.html

    Opera also passed the "ACID2" test, for standards compliance... & iirc, before ANY other did... but, don't quote me on THAT account (before any other browser, because it may NOT have done it first, but the point is, that it did... be nice to know if it WAS first to do so, though, so thanks for ANY "FYI" on that account):

    http://it.slashdot.org/it/06/03/12/1416222.shtml

    And, Opera had features other browsers (major 3) copied from it:

    FIREFOX MYTHS:

    http://mywebpages.comcast.net/SupportCD/FirefoxMyt hs.html [comcast.net]

    (AND, yes folks: Opera had tabbed browsing before IE, or FireFox/Mozilla AND YES, it can be extended with addons, if you look up "Opera Widgets")...

    PLUS, Opera 9.23.8808 final build IS FREE + FULLY FEATURE LADEN, more than any other browser imo, without addons thrown in (as is, outta the box/stock oem model)

    APK

    P.S.=> Opera also shows LESS security vulnerabilities than the other 2 of the "big 3" & their most current builds/models/versions:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    apk
  12. Re:Firefox bookmark sync??? by Anonymous Coward · · Score: 1, Insightful · on A Preview of Opera 9.5

    "From this point of view, I think Opera has one up on Firefox by including it in the default installation (unless you don't believe in adding features to a browser that not everyone will use, of course)." - by MMC Monster (602931) on Monday September 03, @09:52AM (#20451347) Totally, 110% agreed... Opera truly is, "the superior warrior", as far as webbrowsers go, by ALL means!

    (& the best part is, Opera has ALL of the features a body can need, WITHOUT using addons (though it has that via Opera widgets), & is LIGHTER ON MEMORY than FireFox &/or IE typically!)

    You can check memory residency yourselves by loading FF, & Opera (& IE for Windows users) & test memory size occupancy via taskmgr.exe (or similar tools like Process Explorer) yourselves & see what I mean...

    Opera's also faster than other browsers (best overall test I know of for that is here):

    BROWSER SPEED COMPARISONS ON MANY TASKS & MULTIPLE OPERATING SYSTEM PLATFORMS:

    http://www.howtocreate.co.uk/browserSpeed.html

    Opera also passed the "ACID2" test, for standards compliance... & iirc, before ANY other did... but, don't quote me on THAT account (before any other browser, because it may NOT have done it first, but the point is, that it did... be nice to know if it WAS first to do so, though, so thanks for ANY "FYI" on that account):

    http://it.slashdot.org/it/06/03/12/1416222.shtml

    And, Opera had features other browsers (major 3) copied from it:

    FIREFOX MYTHS:

    http://mywebpages.comcast.net/SupportCD/FirefoxMyt hs.html [comcast.net]

    (AND, yes folks: Opera had tabbed browsing before IE, or FireFox/Mozilla AND YES, it can be extended with addons, if you look up "Opera Widgets")...

    PLUS, Opera 9.23.8808 final build IS FREE + FULLY FEATURE LADEN, more than any other browser imo, without addons thrown in (as is, outta the box/stock oem model)

    APK

    P.S.=> Opera also shows LESS security vulnerabilities than the other 2 of the "big 3" & their most current builds/models/versions:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    apk
  13. Re:MOD AC DOWN: IIS and SQL Server are secure. by Anonymous Coward · · Score: 0 · on Monster.com Malware Tags Another Site

    This is a bit of a weird security report site. Notice the following:

    http://secunia.com/product/15552/

    Apparently my favorite OS has NO security flaws. This would be pretty cool if it were true. It would make those security patches I get every day completely un necessary!

    I think such a sweeping claim: " IIS 6 and SQL Server 2005 have never ever EVER been compromised " should not be made on the basis of a single source of evidence!

  14. MOD AC DOWN: IIS and SQL Server are secure. by sid0 · · Score: 0, Troll · on Monster.com Malware Tags Another Site

    IIS: http://secunia.com/product/1438/
    SQL Server: http://secunia.com/product/6782/

    IIS 6 and SQL Server 2005 have never ever EVER been compromised -- both vulnerabilities in IIS were not publicly disclosed. So, AC, like, STFU.

  15. MOD AC DOWN: IIS and SQL Server are secure. by sid0 · · Score: 0, Troll · on Monster.com Malware Tags Another Site

    IIS: http://secunia.com/product/1438/
    SQL Server: http://secunia.com/product/6782/

    IIS 6 and SQL Server 2005 have never ever EVER been compromised -- both vulnerabilities in IIS were not publicly disclosed. So, AC, like, STFU.

  16. Privilege Escalation by Anonymous Coward · · Score: 0 · on What Vista SP1 Means To You

    Privilege Escalation: There have been lots of privilege escalation vulnerabilities in Windows XP. Here is one, now fixed: Highly critical, System access, From remote.

  17. Security Patches by ACMENEWSLLC · · Score: 1 · on RealPlayer 11 Is a Real Rip Contender

    Why I don't use Real Player is the same reason most people here don't.

    But I also manage around 500 computers. I block real player and install MPlayerC with the add ons if someone must play real content.

    Why? This is why;

    http://secunia.com/search/?search=real+player&w=0& sort_by=date

    Security patches out the wazzo - in which they are very slow to patch. Unlike Quicktime, Media Player M$, and others - Real almost always forces you to go to each machine any manually run through the update process. But you must register an e-mail address with each machine before you can do this. They only accept real@aol.com so many times.

    With the other media players I can use GPOs, Zen, SMS, and automate the patching.

    If you are lucky, they will provide a full installer with the update eventually. But you must navigate using an unsupported browser to find it.

    Real players gets removed any time I see it, and the new file name blocked as soon as I find it. Real's in our untrusted zone in IE too.

  18. Did his reply & its data upset /. FF & IE by Anonymous Coward · · Score: 0 · on A Talk With Opera CEO

    The article's writer has to deal with "bandwidth'ing-out" issues most likely... I've been there, on "unlimited bandwidth accounts" (b.s. false advertising is more like it on the part of many ISP's, especially in the past).

    This doesn't mean the article's data is invalid though... & "upsets the sensibilities" of the fanboys of IE & FireFox/Mozilla apparently, lol!

    APK

    P.S.=> http://slashdot.org/comments.pl?sid=273931&cid=202 91847

    That has a LOT more data that ought to do the same... such as:

      Opera also shows LESS security vulnerabilities than the other 2 of the "big 3" & their most current builds/models/versions:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    & more, in terms of memory residency as well... apk

  19. Did his reply & its data upset /. FF & IE by Anonymous Coward · · Score: 0 · on A Talk With Opera CEO

    The article's writer has to deal with "bandwidth'ing-out" issues most likely... I've been there, on "unlimited bandwidth accounts" (b.s. false advertising is more like it on the part of many ISP's, especially in the past).

    This doesn't mean the article's data is invalid though... & "upsets the sensibilities" of the fanboys of IE & FireFox/Mozilla apparently, lol!

    APK

    P.S.=> http://slashdot.org/comments.pl?sid=273931&cid=202 91847

    That has a LOT more data that ought to do the same... such as:

      Opera also shows LESS security vulnerabilities than the other 2 of the "big 3" & their most current builds/models/versions:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    & more, in terms of memory residency as well... apk

  20. Did his reply & its data upset /. FF & IE by Anonymous Coward · · Score: 0 · on A Talk With Opera CEO

    The article's writer has to deal with "bandwidth'ing-out" issues most likely... I've been there, on "unlimited bandwidth accounts" (b.s. false advertising is more like it on the part of many ISP's, especially in the past).

    This doesn't mean the article's data is invalid though... & "upsets the sensibilities" of the fanboys of IE & FireFox/Mozilla apparently, lol!

    APK

    P.S.=> http://slashdot.org/comments.pl?sid=273931&cid=202 91847

    That has a LOT more data that ought to do the same... such as:

      Opera also shows LESS security vulnerabilities than the other 2 of the "big 3" & their most current builds/models/versions:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    & more, in terms of memory residency as well... apk

  21. On Opera speed, memory residency, + security by Anonymous Coward · · Score: 3, Informative · on A Talk With Opera CEO
    SOME "FYI" ON SPEED, MEMORY OCCUPANCY, & SECURITY (for Opera, vs. the other 2 major players in IE, & FIREFOX):

    "He seems to think that Opera is fast." - by ChrisMaple (607946) on Sunday August 19, @11:16PM (#20289859) So do others, as evidenced here (the most comprehensive & even-handed/fair comparison of browser speed online that I have found, to date):

    BROWSER SPEED COMPARISONS ON MANY TASKS & MULTIPLE OPERATING SYSTEM PLATFORMS:

    http://www.howtocreate.co.uk/browserSpeed.html

    (Especially on the MOST USED OS PLATFORM ON THE PC, Windows, but also, overall!)

    ----

    "My experience has been that although Opera renders more accurately than Firefox (1.5.0.2)" - by ChrisMaple (607946) on Sunday August 19, @11:16PM (#20289859) It passed the "ACID2" test, & iirc, before ANY other did... but, don't quote me on THAT account (before any other browser):

    http://it.slashdot.org/it/06/03/12/1416222.shtml

    AND, just 2 days ago, I loaded Opera 9.23.8808, FireFox 2.0.0.6, & IE7 fully hotfix patched as of last "Microsoft Patch Tuesday", & the memory usage was in this order:

    - Per Taskmanager processes tab, prior to minimizing the window (which causes unused application features to page back to the backing .exe file on disk, summoned only when needed, & Opera won that one, too)

    IE7 (least, with GOOGLE toolbar) memory usage = 19,048k

    Opera (next least - & no widgets installed) = 18,272k

    FireFox (most - & no addons installed) = 31,172k

    Read 'em & weep, or test yourself - your numbers SHOULD be the same, unless you opened a lot of tabs in them, OR extended your say, FireFox with .xpi addons, &/or IE with addons & toolbars from 3rd parties that is... which probably will make YOUR readings worse/higher imo on a guess.

    ----

    "Opera is a lot slower." - by ChrisMaple (607946) on Sunday August 19, @11:16PM (#20289859) Says you... others say differently, per the url & test above, as well as the security data below (as far as that is concerned, & today online? IT IS A DEFINITE CONCERN!) plus, if you are a FireFox fan? Perhaps you ought to look @ this page:

    FIREFOX MYTHS:

    http://mywebpages.comcast.net/SupportCD/FirefoxMyt hs.html

    AND, yes folks:

    Opera had tabbed browsing before IE, or FireFox/Mozilla AND YES, it can be extended with addons, if you look up "Opera Widgets"...

    PLUS, Opera 9.23.8080 final biuld IS FREE + FULLY FEATURE LADEN, more than any other browser imo, without addons thrown in (as is, outta the box/stock oem model)

    APK

    P.S.=> Opera also shows LESS security vulnerabilities than the other 2 of the "big 3" & their most current builds/models/versions:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    apk
  22. On Opera speed, memory residency, + security by Anonymous Coward · · Score: 3, Informative · on A Talk With Opera CEO
    SOME "FYI" ON SPEED, MEMORY OCCUPANCY, & SECURITY (for Opera, vs. the other 2 major players in IE, & FIREFOX):

    "He seems to think that Opera is fast." - by ChrisMaple (607946) on Sunday August 19, @11:16PM (#20289859) So do others, as evidenced here (the most comprehensive & even-handed/fair comparison of browser speed online that I have found, to date):

    BROWSER SPEED COMPARISONS ON MANY TASKS & MULTIPLE OPERATING SYSTEM PLATFORMS:

    http://www.howtocreate.co.uk/browserSpeed.html

    (Especially on the MOST USED OS PLATFORM ON THE PC, Windows, but also, overall!)

    ----

    "My experience has been that although Opera renders more accurately than Firefox (1.5.0.2)" - by ChrisMaple (607946) on Sunday August 19, @11:16PM (#20289859) It passed the "ACID2" test, & iirc, before ANY other did... but, don't quote me on THAT account (before any other browser):

    http://it.slashdot.org/it/06/03/12/1416222.shtml

    AND, just 2 days ago, I loaded Opera 9.23.8808, FireFox 2.0.0.6, & IE7 fully hotfix patched as of last "Microsoft Patch Tuesday", & the memory usage was in this order:

    - Per Taskmanager processes tab, prior to minimizing the window (which causes unused application features to page back to the backing .exe file on disk, summoned only when needed, & Opera won that one, too)

    IE7 (least, with GOOGLE toolbar) memory usage = 19,048k

    Opera (next least - & no widgets installed) = 18,272k

    FireFox (most - & no addons installed) = 31,172k

    Read 'em & weep, or test yourself - your numbers SHOULD be the same, unless you opened a lot of tabs in them, OR extended your say, FireFox with .xpi addons, &/or IE with addons & toolbars from 3rd parties that is... which probably will make YOUR readings worse/higher imo on a guess.

    ----

    "Opera is a lot slower." - by ChrisMaple (607946) on Sunday August 19, @11:16PM (#20289859) Says you... others say differently, per the url & test above, as well as the security data below (as far as that is concerned, & today online? IT IS A DEFINITE CONCERN!) plus, if you are a FireFox fan? Perhaps you ought to look @ this page:

    FIREFOX MYTHS:

    http://mywebpages.comcast.net/SupportCD/FirefoxMyt hs.html

    AND, yes folks:

    Opera had tabbed browsing before IE, or FireFox/Mozilla AND YES, it can be extended with addons, if you look up "Opera Widgets"...

    PLUS, Opera 9.23.8080 final biuld IS FREE + FULLY FEATURE LADEN, more than any other browser imo, without addons thrown in (as is, outta the box/stock oem model)

    APK

    P.S.=> Opera also shows LESS security vulnerabilities than the other 2 of the "big 3" & their most current builds/models/versions:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    apk
  23. On Opera speed, memory residency, + security by Anonymous Coward · · Score: 3, Informative · on A Talk With Opera CEO
    SOME "FYI" ON SPEED, MEMORY OCCUPANCY, & SECURITY (for Opera, vs. the other 2 major players in IE, & FIREFOX):

    "He seems to think that Opera is fast." - by ChrisMaple (607946) on Sunday August 19, @11:16PM (#20289859) So do others, as evidenced here (the most comprehensive & even-handed/fair comparison of browser speed online that I have found, to date):

    BROWSER SPEED COMPARISONS ON MANY TASKS & MULTIPLE OPERATING SYSTEM PLATFORMS:

    http://www.howtocreate.co.uk/browserSpeed.html

    (Especially on the MOST USED OS PLATFORM ON THE PC, Windows, but also, overall!)

    ----

    "My experience has been that although Opera renders more accurately than Firefox (1.5.0.2)" - by ChrisMaple (607946) on Sunday August 19, @11:16PM (#20289859) It passed the "ACID2" test, & iirc, before ANY other did... but, don't quote me on THAT account (before any other browser):

    http://it.slashdot.org/it/06/03/12/1416222.shtml

    AND, just 2 days ago, I loaded Opera 9.23.8808, FireFox 2.0.0.6, & IE7 fully hotfix patched as of last "Microsoft Patch Tuesday", & the memory usage was in this order:

    - Per Taskmanager processes tab, prior to minimizing the window (which causes unused application features to page back to the backing .exe file on disk, summoned only when needed, & Opera won that one, too)

    IE7 (least, with GOOGLE toolbar) memory usage = 19,048k

    Opera (next least - & no widgets installed) = 18,272k

    FireFox (most - & no addons installed) = 31,172k

    Read 'em & weep, or test yourself - your numbers SHOULD be the same, unless you opened a lot of tabs in them, OR extended your say, FireFox with .xpi addons, &/or IE with addons & toolbars from 3rd parties that is... which probably will make YOUR readings worse/higher imo on a guess.

    ----

    "Opera is a lot slower." - by ChrisMaple (607946) on Sunday August 19, @11:16PM (#20289859) Says you... others say differently, per the url & test above, as well as the security data below (as far as that is concerned, & today online? IT IS A DEFINITE CONCERN!) plus, if you are a FireFox fan? Perhaps you ought to look @ this page:

    FIREFOX MYTHS:

    http://mywebpages.comcast.net/SupportCD/FirefoxMyt hs.html

    AND, yes folks:

    Opera had tabbed browsing before IE, or FireFox/Mozilla AND YES, it can be extended with addons, if you look up "Opera Widgets"...

    PLUS, Opera 9.23.8080 final biuld IS FREE + FULLY FEATURE LADEN, more than any other browser imo, without addons thrown in (as is, outta the box/stock oem model)

    APK

    P.S.=> Opera also shows LESS security vulnerabilities than the other 2 of the "big 3" & their most current builds/models/versions:

    Opera security advisories @ SECUNIA (0% unpatched):

    http://secunia.com/product/10615/?task=advisories

    FireFox security advisories @ SECUNIA (43% unpatched):

    http://secunia.com/product/12434/

    IE 7 security advisories @ SECUNIA (56% unpatched):

    http://secunia.com/product/12366/

    apk
  24. On SQLServer 2005, & Windows vs. Linux? See in by Anonymous Coward · · Score: 0 · on Linux Foundation Calls for 'Respect for Microsoft'

    "So, come back in five or ten years, and we can compare SQL Server 2005 -- maybe it'll be hit with a massive worm next year. Otherwise, either compare broader sets of versions, or older ones." - by SanityInAnarchy (655584) on Friday August 17, @06:43PM (#20268857)

    Well? So far?? SO GOOD (absolutely current data as of this date, today, on both per my subject line above):

    Vulnerability Report: Microsoft SQL Server 2005:

    http://secunia.com/product/6782/?task=statistics

    Zero/0 vulnerabilities in its ENTIRE HISTORY, to date (of this post/currently)...

    ----

    July 2007 - Operating System Vulnerability Scorecard:

    http://blogs.technet.com/security/archive/2007/08/ 16/july-2007-operating-system-vulnerability-scorec ard.aspx

    AND THESE, whole year long, by category...?

    WORKSTATION CLASS OS VULNERABILITIES:

    http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_5.png

    SERVER CLASS OS VULNERABILITIES:

    http://blogs.technet.com/blogfiles/security/Window sLiveWriter/July2007OperatingSystemVulnerabilitySc or_DB33/image_7.png

    It seems that LINUX has had more problems this year, with vulnerabilities BY FAR, than Windows XP SP 2 or Windows Server 2003, period... & last year too, see next section below:

    ----

    Gee, that's NOT TOO DIFFERENT from what I saw @ year start for 2006 here, now is it:

    National Cyber Alert System: Cyber Security Bulletin 2005 year end/2006 start Summary:

    http://www.us-cert.gov/cas/bulletins/SB2005.html

    ----

    And, as far as your thinking CIS TOOL is malware?

    COMPUTERWORLD - CIS tool aims to help federal agencies check Windows security settings:

    http://www.computerworld.com/action/article.do?com mand=viewArticleBasic&articleId=9018362&intsrc=hm_ list

    SANS - CIS to Release Windows Configuration Assessment Tool: (May 1, 2007)

    http://www.sans.org/newsletters/newsbites/newsbite s.php?vol=9&issue=36#sID302

    2 respected places seem to state otherwise (though you TRIED to lump this program into the SAME CATEGORY AS SQLSlammer? I would STRONGLY WAGER, that the Slammer worm was NEVER noted to be for purposes of helping you, HELP YOURSELF, & aid in securing your system... as CIS TOOL is/was, per the url's above).

    ----

    You stated these objections:

    1.) This tool might be malware - I can only say, PROVE THEN THAT IT IS! (you *NIX guys, you're NOT "too big" on providing visible proofs are you? Judging by how many people have run from this multiplatform valid test of security here that are *NIX users (around 30 now)? That tends to PROVE that & "2nd my motion" on that account!)

    2.) This program may send data out I am not aware of - but, you are (they record data for security purposes, most likely noting what areas are typically found WEAKEST ON THE MOST SYSTEMS, per the data they get from this test) first of all, & secondly? Just either:

    a. Disconnect your router or PC from the net, yanking the cable IF

  25. Re:Please be a bit more specific. by Anonymous Coward · · Score: 0 · on Linux Foundation Calls for 'Respect for Microsoft'

    http://slashdot.org/comments.pl?sid=264303&thresho ld=1&commentsort=0&mode=thread&cid=20219969

    Here's a list of many companies & their results/case studies, using SQLServer 2005 for line-of-business/enterprise class/mission critical objectives & tasks...

    http://www.microsoft.com/sql/bigdata/default.mspx

    (companies like NASDAQ using Windows Server 2003 + SQLServer 2005 to keep the official record of trades & dissemination of that info. & @ a stable rate of the "fabled 5-9's" of uptime (99.999%) & no history of them being cracked/hacked either...)

    SQLServer 2005 vulnerability history @ SECUNIA:

    http://secunia.com/product/6782/?task=statistics

    (Zero/0 advisories of vulnerabilities...)

    APK

    P.S.=> That's most of your objections overcome & how/why, & this now too:

    http://slashdot.org/comments.pl?sid=264303&cid=202 59631

    apk

  26. Re:Microsoft do it again by Anonymous Coward · · Score: 3, Informative · on New URI Browser Flaws Worse Than First Thought

    Don't forget Mac and Linux. The ability to register a custom protocol handler to launch programs in the OS is standard. The ability to reference said protocol handler in a hyperlink is also standard. These problems effect every (major) OS.

    MacOSX has had a number of vulnerabilities due to URI handling:

    Daring Fireball - Using the 'telnet' URI Protocol to Delete Files
    Mac OS X Volume URI Handler Registration Code Execution Vulnerability
    Apple Mac OS X SSH URI Handler Remote Code Execution Vulnerability

    As long as you can get a browser to pass arbitrary data to an application you will be vulnerable. What needs to happen is that the custom protocol handlers should be white-listed by default requiring the user to explicitly allow a new protocol handler. Any protocol handler not handled directly by the browser should display a dialog to inform the user of the action and permit them to cancel it. The user needs to be aware that they're not clicking on a "normal" hyperlink.

    Ultimately I think the only way to really mitigate these kinds of security problems is to sandbox or virtualize the browser, which is actually what MS has done with IE7 in Vista. Vulnerabilities are inevitable so the OS and browser should do what it can to limit the extent of the damage that can be caused.

  27. Re:Honestly... by nneonneo · · Score: 1 · on Buffer Overflow Found in RFID Passport Readers

    Plus, how exactly would a code-injection exploit work unless it's something like the GDI+ vulnerability that occurred with WMF files? (If a rogue guard is injecting evil code into the machine, the government had waaay more scary problems ahead than with some 'sploiting a passport reader).

    As TFA mentions, this is a buffer overflow problem. Most buffer overflows can be exploited easily unless additional OS safeguards are in place -- StackGuard, Address Space Randomization, etc., and even then, a determined hacker may still find his way in.

    There are a few existing examples of buffer overflows against JPEG2000, and they can be exploited much in the same way the WMF exploit is -- malformed file is read into reader, causes buffer overflow in JPEG2000 library, causing the execution of arbitrary code. Next up: the reader (and system in general) gets compromised to do the hacker's bidding.

  28. Re:No. You're kidding. Can't be. by InsaneGeek · · Score: 3, Informative · on Bring Down Internet Explorer In Six Words

    > When was the last time you saw Firefox or Safari or Konquror able to be crashed with a malformed web page?

    Umm... 9 days ago?

    http://secunia.com/advisories/26201/

    The vulnerability is caused due to an input validation error within the handling of system default URIs with registered URI handlers (e.g. "mailto", "news", "nntp", "snews", "telnet"). This can be exploited to execute arbitrary commands when a user e.g. using Firefox visits a malicious website with a specially crafted "mailto" URI containing a "%" character and ends in a certain extension (e.g. ".bat", ".cmd")

    This command would make firefox go "away"
    mailto:test%25../../../../windows/system32/tskill. exe firefox.cmd

  29. Re:It means we've given up on security by I'm+Don+Giovanni · · Score: 1 · on Netcraft Says IIS Gaining on Apache

    Giving up on security? You might want to check out IIS6's security record.

    Apache security record since 2003
    34 vulnerabilities, 3% serious, 9% unpatched, 3% partially patched

    IIS6 security record since it was released in 2003
    3 vunlerabilities, none serious, all patched

    IIS5 had many security problems, but you need to deal with the present day. IIS6 has had a nearly flawless record since it was released in 2003. And IIS7 builds on that record and adds more modularity and much greater performance (the beta of IIS7 blows away IIS6 and Apache). Nowadays, the only thing Apache really has going for it is price and Microsoft-hatred (on the part an ever-shrinking segment of the IT community).

  30. Re:It means we've given up on security by I'm+Don+Giovanni · · Score: 1 · on Netcraft Says IIS Gaining on Apache

    Giving up on security? You might want to check out IIS6's security record.

    Apache security record since 2003
    34 vulnerabilities, 3% serious, 9% unpatched, 3% partially patched

    IIS6 security record since it was released in 2003
    3 vunlerabilities, none serious, all patched

    IIS5 had many security problems, but you need to deal with the present day. IIS6 has had a nearly flawless record since it was released in 2003. And IIS7 builds on that record and adds more modularity and much greater performance (the beta of IIS7 blows away IIS6 and Apache). Nowadays, the only thing Apache really has going for it is price and Microsoft-hatred (on the part an ever-shrinking segment of the IT community).

  31. Security, ease of use by I'm+Don+Giovanni · · Score: 1 · on Netcraft Says IIS Gaining on Apache

    "Is there any compelling reason _not_ to use apache?! o.O"

    Security, for one.
    Since MS released IIS6 in 2003, it's had a nearly perfect security record, much better than Apache's record since 2003.
    IIS6 security record since 2003
    3 flaws, none serious, all patched

    Apache 2's security record since 2003
    34 flaws, 3% are serious, 9% are unpatched, and 3% only partially fixed

    That said, I'd guess that most that choose IIS over Apache do it for reasons of ease of use.

  32. Security, ease of use by I'm+Don+Giovanni · · Score: 1 · on Netcraft Says IIS Gaining on Apache

    "Is there any compelling reason _not_ to use apache?! o.O"

    Security, for one.
    Since MS released IIS6 in 2003, it's had a nearly perfect security record, much better than Apache's record since 2003.
    IIS6 security record since 2003
    3 flaws, none serious, all patched

    Apache 2's security record since 2003
    34 flaws, 3% are serious, 9% are unpatched, and 3% only partially fixed

    That said, I'd guess that most that choose IIS over Apache do it for reasons of ease of use.

  33. Re:In Your Face "Enterprise" iPhone Bashers by RzUpAnmsCwrds · · Score: 0, Troll · on Apple iPhone v1.0.1 Update Now Available

    Yet here we have the first vulnerability in the iPhone and it is promptly patched through a system that will distribute the patches very quickly and easily.


    Quickly and easily? That's crap, and you know it. Quickly and easily would be for the iPhone to update over the air, like the T-Mobile Sidekick does. Having to connect the device to a PC running iTunes isn't "quick" or "easy".

    Tell me, how is IT is going to push patches to the device?

    How are users going to know to apply the patch? Maybe we should send a memo - but who will read it? What if users don't fire up iTunes frequently? What if they have disabled patching?

    How do we ensure compliance? What's to stop iPhone 1.0 users/devices from connecting and downloading sensitive data?

    Apple can't answer these questions because they've never handled deploying iPhones in a managed environment. As Apple deploys more devices in their own organization, I suspect their management tools will mature.

    There are multiple holes in Symbian and of course Windows Mobile that remain completely unpatched.


    Oh, really? Because so far I'm counting zero. That's not to say that there aren't any, but I have never seen any attack on Windows Mobile other than a proof-of-concept.

    There is this meme that the iPhone is not ready for the enterprise because it doesn't have MAPI and special I-T management tools.


    The iPhone isn't ready for the enterprise because you can't manage it. You can't force users to use a PIN (BlackBerry/Windows Mobile can), you can't encrypt the contents of the device (BlackBerry/Windows Mobile can), and you can't remotely wipe the device (BlackBerry/Windows Mobile can).

    Here's a pop quiz - the CFO's iPhone is lost/stolen. What do you do?

    There are many reasons that the Mac is more secure than Windows, but a big reason is that OS X is such a moving target.


    Bullshit. Mac OS X is fundamentally unchanged from when Tiger came out two years ago. By your logic, we should count every Microsoft update rollup as a "new version". Even major new versions of Mac OS leave most of the OS unchanged.

    The vast majority of Mac users are using the very latest OS and have all the patches applied even though the vast majority of Mac users have no I-T staff and no I-T skills


    You have no idea how patching works in IT. We don't necessarily WANT users to have "all the patches applied", at least not right away. IT needs to control patch delivery to limit compatibility issues. Or do you believe that patches never break anything?

    When the iPhone first shipped and people started hacking it, there was a lot of talk then that every hack may be temporary, a software update could come down through iTunes at any time and reset the game. There is nothing like that protecting any other mobile.


    Windows Mobile 6 devices can be patched over the air, and patch delivery can be managed with a variety of third-party tools. Thus far it has not been particularly necessary. We live in a world of differnet devices running different software. Attacking mobile devices doesn't make sense.

    Our CTO has an iPhone. He also carries a BlackBerry. Pretending the iPhone is ready for the business environment doesn't make it so.
  34. Re:OpenCVS? by Noryungi · · Score: 5, Insightful · on OpenBSD Foundation Announced

    the main source of theo thinking SVN isn't secure, is because that control freak didn't write it himself. which is ironic because openssl and openssh are 2 packages responsible for huge security holes over the years, both of which are his babies.

    Except, of course, you have no fscking idea what you are talking about, since OpenSSL is not developed, or related to, OpenBSD and Theo de Raadt in any way.

    As far as OpenSSH security holes are concerned, please excuse me while I laugh. Most of these vulnerabilities are either denial of service, or someone who messed up with their OpenSSH implementation. A lot of people think they can improve on a perfectly good product by adding security holes in it.

    As far as OpenCVS is concerned, they explain their rationale quite clearly:

    The OpenCVS project was started after discussions regarding the latest GNU CVS vulnerabilities that came out. Although CVS is widely used, its development has been mostly stagnant in the last years and many security issues have popped up, both in the implementation and in the mechanisms.

    Now, let me ask you: what part of "development has been mostly stagnant in the last years and many security issues have popped up" don't you understand?

    Allow me to finish by adding this: read up a little bit before you start trolling. But that would be a waste of a perfectly good troll, right? Sheesh. Go back under your bridge, little troll.
  35. Re:Electronic Voting hard to tamper with than pape by phantomfive · · Score: 1 · on Re-Vote Likely After E-Vote Data Mishandling

    Why not have both? Paper is just double-checking the electronic, making it harder to hack in remotely, or change a motherboard or data-cartridge while no one is looking.

    In general, polling sites have at least one over-seer from each party. If one of the other guys is trying to shuffle papers ballots around, it's going to be a bit trickier because ballots are big, and hard not to be noticed. They're big compared to a CF card. Big compared to remote known windows exploits.
    --
    Looking for a C/C++ job in Silicon Valley?

  36. Key logging only on older versions by allan_q · · Score: 1 · on Adobe Flash Exploit Could Log Keystrokes
    From Secunia:

    2) An error within the interaction of Flash Player and certain browsers can be exploited to leak key presses to a Flash Player applet. The vulnerability affects versions 7.0.69.0 and prior on Linux and Solaris. It does not affect Flash Player 9.
    So while everyone is susceptible to code execution, key logging only affects the older versions running under Linux and Solaris. Not everyone's YouTube passwords are getting sniffed.
  37. Re:Did anyone read the article? by stefanlasiewski · · Score: 1 · on Adobe Flash Exploit Could Log Keystrokes

    This isn't a bug in the latest flash plugin... only older ones.

    There are two exploits.

    Version 9.0.45 (which was released in April 2007?) is still subject to buffer overflows. However, it's not vulnerable to the keystroke logging problem.

  38. Full Article by Anonymous Coward · · Score: 3, Informative · on Adobe Flash Exploit Could Log Keystrokes

    Adobe Flash exploit could log keystrokes
    By Dawn Kawamoto, CNET News.com
    16/07/2007
    URL: http://www.zdnetasia.com/news/security/0,39044215, 62028443,00.htm

    Adobe has issued three critical security updates, one of which is designed to stop a problem in the way the Flash player interacts with browsers, which could result in users' keystrokes being transmitted to attackers.

    Adobe Flash Player 9.0.45.0, 8.0.34.0 and 7.0.69.0, as well as their earlier versions running on all platforms, are affected.

    Users loading a malicious vector graphics file format (SWF) in their Flash Player may find attackers exploiting security flaws due to an input validation error in 9.0.45.0 and earlier versions, according to a security advisory from Secunia. Attackers, as a result, can gain remote access to a user's system.

    In versions 7.0.69.0 and earlier running on Linux and Solaris, malicious attackers could exploit an error in the interaction between the Flash Player and certain browsers. That could potentially lead to a leaking of keystrokes to a Flash Player applet, Secunia noted. Flash Player 9 is not affected.

    Versions 8.0.34.0 and earlier contain a bug due to insufficient validation of the HTTP referrer. As a result, an attacker could execute a cross-site forgery attack. Flash Player 9, however, is not affected.

    Adobe recommends that 9.0.45.0 users upgrade to 9.0.47.0 for Windows, Mac and Solaris, or 9.0.48.0 for Linux.

    Adobe Flash Player 9 is the recommended solution for the other two versions that contain security flaws.
    --
    For Your Flash-Based Safety

  39. Re:Great by dvice_null · · Score: 2, Insightful · on Firefox Now Serious Threat to IE in Europe

    Lynx might not have known threats at the moment, but Lynx has had it's share of them also. At least two (highly critical) of them listed here:
    http://secunia.com/product/5883/?task=advisories

  40. Free Diease. Now pay for the Cure. by BillGatesLoveChild · · Score: 4, Insightful · on Firefox Quickies

    Firefox hasn't released a fix for this, and there is no mention of it on their web site.

    Now this blows:

    http://secunia.com/advisories/25984/
    > Solution:
    > Do not browse untrusted sites.
    > Disable the "Firefox URL" URI handler.

    The first is impractical. The second begs the question, "Sure, How?" Read on:

    > Extended Solution:
    > The "Extended Solution" section is available for Secunia customers only.
    > Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.

    So these guys are publishing zero day security flaws, then making you reach for your credit card. Very grubby.

    The CNET article doesn't tell you what the fix is either. Google has nothing. Anyone?

  41. Then Windows Vista is more secure than OS X by sid0 · · Score: 1 · on Antivirus Vendors Headed for Court

    http://secunia.com/product/13223/ Enjoy.

  42. Ha ha ha by sid0 · · Score: 1 · on Antivirus Vendors Headed for Court

    I get a good laugh every time anyone says OS X has "very few" or "hardly any" vulnerabilities. Try telling that to Secunia.

  43. False positives trick users. MS is adversarial. by Futurepower(R) · · Score: 5, Interesting · on Antivirus Vendors Headed for Court

    Apparently ALL anti-virus software gives false positives. Most of the users have little technical knowledge, and the software makers want to give the impression their software is more useful than it really is. I've seen numerous false positives on systems I use. One "virus" was a text file, with a .TXT extension, and nothing in it but documentation!

    But why is anti-virus software so important? Apparently only because Microsoft profits more when its software is full of bugs and malware, and Microsoft is very adversarial toward its customers.

    The true cost of a Microsoft operating system is perhaps 10 times its retail cost, because of the heavy maintenance expenses.

    Microsoft's anti-customer behavior: Here are some paragraphs I wrote to someone having problems with temp files taking gigabytes of drive space.

    On one computer I checked, temp files were stored in 49 different places, and that includes only temp file folders made by the Windows operating system and not temp file folders made by application software.

    Why doesn't Microsoft provide a utility to find all the temporary file folders and delete the files when starting or shutting down the computer? Apparently because the company is heavily engaged in adversarial behavior. Most people don't know that temporary files are a problem, and they certainly don't know where to find them; that was a challenge even for me. The temp files sometimes take so much space that there is not enough free space, and the file system begins running much slower.

    The file defragmentation program won't run when there is limited free space. A fragmented file system is much slower. And most people don't even know that the defragmentation program exists, or why they should run it. So, their computers become imperceptibly slower and slower until they buy a new computer.

    That's apparently why Microsoft software has so much malware, also. At present, there are 30 known vulnerabilities in Windows XP alone that haven't been fixed. There are 7 known vulnerabilities in the latest version of Microsoft Internet Explorer browser the the company has not fixed.

    Some people say Microsoft software is targeted more often because there are so many copies in use. However, it is well known how to write secure software. Apparently Microsoft managers don't let their programmers finish their work.

    Many people who don't know how to keep Microsoft products running buy new computers. Every time someone buys a new PC, they buy a new copy of the Microsoft operating system, even if they already owned a copy. So Microsoft makes more money if the company has defective products.

    Microsoft gives each new version of Windows a new name, and many people think the new version is a new product. Somehow it has been arranged that people pay the full amount for new versions, instead of an upgrade price.

    The New York Times article Corrupted PC's Find New Home also makes that point.

    Note that the Apple operating system, OS X, and the Open BSD operating system have very few vulnerabilities. (The Open BSD web site says 2 in 10 years.) So it is possible to make a secure operating system. The volunteers that make the Open BSD system do security reviews of software to make sure vulnerabilities are not released to customers.

    We use Microsoft operating systems because of historical reasons, and because it is expensive to change. In actuality, the business very seldom uses software that runs only under Microsoft Windows, and that is only in specific departments, where it would be easy to provide a second computer.

  44. False positives trick users. MS is adversarial. by Futurepower(R) · · Score: 5, Interesting · on Antivirus Vendors Headed for Court

    Apparently ALL anti-virus software gives false positives. Most of the users have little technical knowledge, and the software makers want to give the impression their software is more useful than it really is. I've seen numerous false positives on systems I use. One "virus" was a text file, with a .TXT extension, and nothing in it but documentation!

    But why is anti-virus software so important? Apparently only because Microsoft profits more when its software is full of bugs and malware, and Microsoft is very adversarial toward its customers.

    The true cost of a Microsoft operating system is perhaps 10 times its retail cost, because of the heavy maintenance expenses.

    Microsoft's anti-customer behavior: Here are some paragraphs I wrote to someone having problems with temp files taking gigabytes of drive space.

    On one computer I checked, temp files were stored in 49 different places, and that includes only temp file folders made by the Windows operating system and not temp file folders made by application software.

    Why doesn't Microsoft provide a utility to find all the temporary file folders and delete the files when starting or shutting down the computer? Apparently because the company is heavily engaged in adversarial behavior. Most people don't know that temporary files are a problem, and they certainly don't know where to find them; that was a challenge even for me. The temp files sometimes take so much space that there is not enough free space, and the file system begins running much slower.

    The file defragmentation program won't run when there is limited free space. A fragmented file system is much slower. And most people don't even know that the defragmentation program exists, or why they should run it. So, their computers become imperceptibly slower and slower until they buy a new computer.

    That's apparently why Microsoft software has so much malware, also. At present, there are 30 known vulnerabilities in Windows XP alone that haven't been fixed. There are 7 known vulnerabilities in the latest version of Microsoft Internet Explorer browser the the company has not fixed.

    Some people say Microsoft software is targeted more often because there are so many copies in use. However, it is well known how to write secure software. Apparently Microsoft managers don't let their programmers finish their work.

    Many people who don't know how to keep Microsoft products running buy new computers. Every time someone buys a new PC, they buy a new copy of the Microsoft operating system, even if they already owned a copy. So Microsoft makes more money if the company has defective products.

    Microsoft gives each new version of Windows a new name, and many people think the new version is a new product. Somehow it has been arranged that people pay the full amount for new versions, instead of an upgrade price.

    The New York Times article Corrupted PC's Find New Home also makes that point.

    Note that the Apple operating system, OS X, and the Open BSD operating system have very few vulnerabilities. (The Open BSD web site says 2 in 10 years.) So it is possible to make a secure operating system. The volunteers that make the Open BSD system do security reviews of software to make sure vulnerabilities are not released to customers.

    We use Microsoft operating systems because of historical reasons, and because it is expensive to change. In actuality, the business very seldom uses software that runs only under Microsoft Windows, and that is only in specific departments, where it would be easy to provide a second computer.

  45. Re:Where is the debunking? by GreatBunzinni · · Score: 5, Informative · on Vista Security Claims Debunked

    I read the article pretty carefully. I don't see any actual numbers to back up this "debunking".

    That's because you are gullible enough to believe the hype, aggravated by your lack of will to perform a basic search for the facts. Here is a bit of debunking from a quick google search.

    From Secunia's advisory atatistics:

    Those are real world facts supported on real world evidence which is freely available to the public. It isn't a random blog entry which is based on god knows what data which is only known by the author and possibly doesn't even exist. So where in fact is there a need to "debunk" a moronic, unsubstantiated claim made by some microsoft employee, specially when there is all that evidence right in front of everyone's face?

  46. Re:Where is the debunking? by GreatBunzinni · · Score: 5, Informative · on Vista Security Claims Debunked

    I read the article pretty carefully. I don't see any actual numbers to back up this "debunking".

    That's because you are gullible enough to believe the hype, aggravated by your lack of will to perform a basic search for the facts. Here is a bit of debunking from a quick google search.

    From Secunia's advisory atatistics:

    Those are real world facts supported on real world evidence which is freely available to the public. It isn't a random blog entry which is based on god knows what data which is only known by the author and possibly doesn't even exist. So where in fact is there a need to "debunk" a moronic, unsubstantiated claim made by some microsoft employee, specially when there is all that evidence right in front of everyone's face?

  47. Re:Where is the debunking? by GreatBunzinni · · Score: 5, Informative · on Vista Security Claims Debunked

    I read the article pretty carefully. I don't see any actual numbers to back up this "debunking".

    That's because you are gullible enough to believe the hype, aggravated by your lack of will to perform a basic search for the facts. Here is a bit of debunking from a quick google search.

    From Secunia's advisory atatistics:

    Those are real world facts supported on real world evidence which is freely available to the public. It isn't a random blog entry which is based on god knows what data which is only known by the author and possibly doesn't even exist. So where in fact is there a need to "debunk" a moronic, unsubstantiated claim made by some microsoft employee, specially when there is all that evidence right in front of everyone's face?

  48. Re:Where is the debunking? by GreatBunzinni · · Score: 5, Informative · on Vista Security Claims Debunked

    I read the article pretty carefully. I don't see any actual numbers to back up this "debunking".

    That's because you are gullible enough to believe the hype, aggravated by your lack of will to perform a basic search for the facts. Here is a bit of debunking from a quick google search.

    From Secunia's advisory atatistics:

    Those are real world facts supported on real world evidence which is freely available to the public. It isn't a random blog entry which is based on god knows what data which is only known by the author and possibly doesn't even exist. So where in fact is there a need to "debunk" a moronic, unsubstantiated claim made by some microsoft employee, specially when there is all that evidence right in front of everyone's face?

  49. Re:Where is the debunking? by GreatBunzinni · · Score: 5, Informative · on Vista Security Claims Debunked

    I read the article pretty carefully. I don't see any actual numbers to back up this "debunking".

    That's because you are gullible enough to believe the hype, aggravated by your lack of will to perform a basic search for the facts. Here is a bit of debunking from a quick google search.

    From Secunia's advisory atatistics:

    Those are real world facts supported on real world evidence which is freely available to the public. It isn't a random blog entry which is based on god knows what data which is only known by the author and possibly doesn't even exist. So where in fact is there a need to "debunk" a moronic, unsubstantiated claim made by some microsoft employee, specially when there is all that evidence right in front of everyone's face?

  50. Re:Where is the debunking? by GreatBunzinni · · Score: 5, Informative · on Vista Security Claims Debunked

    I read the article pretty carefully. I don't see any actual numbers to back up this "debunking".

    That's because you are gullible enough to believe the hype, aggravated by your lack of will to perform a basic search for the facts. Here is a bit of debunking from a quick google search.

    From Secunia's advisory atatistics:

    Those are real world facts supported on real world evidence which is freely available to the public. It isn't a random blog entry which is based on god knows what data which is only known by the author and possibly doesn't even exist. So where in fact is there a need to "debunk" a moronic, unsubstantiated claim made by some microsoft employee, specially when there is all that evidence right in front of everyone's face?