Slashdot Mirror

← Back to Domains

Domain: secunia.com

Stories and comments across the archive that link to secunia.com.

Comments · 2,642

  1. ASP.Net vs PHP by ad0gg · · Score: 0 · on PHP Vulnerabilities Announced
    Becauseasp.net has very few found exploits(3 in 3 years). PHP on the other hand seems like a two or 3 week thing. I don't get why this is news. Its like reporting the sun will come up today.

    PHP
    ASP.Net

  2. ASP.Net vs PHP by ad0gg · · Score: 0 · on PHP Vulnerabilities Announced
    Becauseasp.net has very few found exploits(3 in 3 years). PHP on the other hand seems like a two or 3 week thing. I don't get why this is news. Its like reporting the sun will come up today.

    PHP
    ASP.Net

  3. Secunia advisory by FuzzyBad-Mofo · · Score: 3, Informative · on PHP Vulnerabilities Announced

    http://secunia.com/advisories/13481/

  4. Third-party modules? by flatface · · Score: 5, Interesting · on PHP Vulnerabilities Announced

    I read about this yesterday and couldn't find out if mod_security and suPHP are vulnerable to these attacks. With mod_security blocking buffer overflows, "bad" characters, etc. and mod_suphp forcing PHP to run as the user, I don't think that it gives people who run these modules (that) much to worry about.

  5. Re:Dupe by the+pickle · · Score: 2, Informative · on New Spoofing Vulnerability in IE

    No, not a dupe.

    The vulnerability discussed in the article you linked is here:

    http://secunia.com/advisories/13251/

    which, as you can plainly see, is #13251. Secunia calls it the "window injection vulnerability."

    The vulnerability discussed in THIS article is

    http://secunia.com/advisories/13482/

    Quite obviously number 13482. Secunia calls this one the "cross-site scripting vulnerability."

    So no, they're not the same thing at all, and you're karma-whoring with falsely "informative" posts.

    p

  6. Re:Dupe by the+pickle · · Score: 2, Informative · on New Spoofing Vulnerability in IE

    No, not a dupe.

    The vulnerability discussed in the article you linked is here:

    http://secunia.com/advisories/13251/

    which, as you can plainly see, is #13251. Secunia calls it the "window injection vulnerability."

    The vulnerability discussed in THIS article is

    http://secunia.com/advisories/13482/

    Quite obviously number 13482. Secunia calls this one the "cross-site scripting vulnerability."

    So no, they're not the same thing at all, and you're karma-whoring with falsely "informative" posts.

    p

  7. Re:How long until... by fireduck · · Score: 2, Informative · on New Spoofing Vulnerability in IE

    it's already happened. see the firefox page.

  8. Speaking of Firefox... by Anonymous Coward · · Score: -1, Offtopic · on New Spoofing Vulnerability in IE

    While we all flame Microsoft and laud the many benefits of Firefox, let me take advantage of this opportunity to point out the short attention span of the Slashdot collective.

    Secunia Advisory SA11856:

    "A weakness has been reported in Mozilla... caused due to an error within the handling of URLs... [Information] displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site.

    Example: http://[trusted_site]%2F%20%20%20.[malicious_site] /

  9. Re:About time by Anonymous Coward · · Score: 0 · on Penn State Tells Students To Ditch IE

    Note that the "Some not" article link (where the author desribes vulnerabilities that have not been patched for IE) describes the popup injection attack as being IE-specific, even though both http://www.securityfocus.com/bid and http://www.secunia.com/ have reported this vulnerability for *all* browsers. This blatant misrepresentation of facts decreases the credibility of the author significantly.

  10. Re:security through obscurity by Rits · · Score: 4, Interesting · on Penn State Tells Students To Ditch IE
    But make sure that your alternate browser it is a recent version of Firefox or Mozilla. They have responded very quickly to security issues, and are being proactive about security, much more so than the the people behind Konqueror or Opera.

    I'm sorry, but that is FUD. Opera will be the first browser to patch the latest, cross-browser, issue.

    A fixed 7.54u1 is being distributed at this moment. See the Opera advisory.

    And as far as solutions go: why expect perfect safety online, when we don't have it offline either? Software should improve, online systems should be more secure (it is stupid if money can change hands online only secured by a single login), and most people will smarten up in time. Perfection will not be reached.

    MSIE has a track record of leaving critical holes open for a while, but most reported holes are not critical. And MSIE is much more informative about it issues than either Opera, which only recently started publishing advisories, and Firefox (what advisories?) Selling Firefox purely on the safety issue will come back to bite it in the long run.
  11. Duh! by Anonymous Coward · · Score: 0 · on Penn State Tells Students To Ditch IE

    Aren't we lucky Mozilla vunerabilities aren't "as real":
    http://secunia.com/advisories/13129/?show_all_rela ted=1#related

  12. Re:I don't get it by nolife · · Score: 1 · on New Vulnerability Affects All Browsers

    I believe SpoofStick is or was an advantage over just showing the address bar because of several spoofs and exploits with address bar address manipulation, basically, there are several methods to get different addresses to appear in the address bar. I believe most of those issues have been fixed in IE and FF though. An example exploit is detailed here and here, Google can reference many more. Another phishing attempt it can prevent is the popup that has its own real looking address bar, basically a mimic page that looks like a real IE or FF screen but the address bar is fake, of course with forcing your address bar to show, you would see two of them which should clue you in to a problem.

  13. Re:Sniff, our little browser's all grown up... by Phisbut · · Score: 1 · on New Vulnerability Affects All Browsers
    Thank goodness we've found our first vulnerability in Firefox.

    I don't want to disappoint y'all, but I did the test as described on the Secunia website, and Firefox 1.0 -- Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.7.5) Gecko/20041108 Firefox/1.0 -- doesn't seem to be vulnerable to this particular exploit...

  14. Re:Looks like Safari might be fixed already by ecesar · · Score: 1 · on New Vulnerability Affects All Browsers

    This is a previous vulnerability.

  15. Slashdot saves the day by Anonymous Coward · · Score: 0 · on New Vulnerability Affects All Browsers

    Here is a demonstration of the vulnerability"

    Doesn't affect me, since I can't get to the demonstration page. The Slashdot effect is protecting my browser.

  16. Not the first Firefox vulnerability by Chuck+Chunder · · Score: 4, Informative · on New Vulnerability Affects All Browsers

    The first since 1.0 maybe, but certainly not the first outright.

    As far as I can tell the problem is fixed in the latest Opera beta so they might be able to get it into a proper release pretty soon too.

  17. Not quite hijacking by fembots · · Score: 3, Interesting · on New Vulnerability Affects All Browsers

    I opened Secunia, Then open another browser window to Citibank via Ctrl+N, and click on Citybank's Consumer Alert button, nothing happened.

    But if I used the link from Secunia to access Citybank, the Popup is then hijacked.

    So it seems like you need to access (click on a link to) your trusted site via an untrusted site to get hijacked?

  18. Not quite hijacking by fembots · · Score: 3, Interesting · on New Vulnerability Affects All Browsers

    I opened Secunia, Then open another browser window to Citibank via Ctrl+N, and click on Citybank's Consumer Alert button, nothing happened.

    But if I used the link from Secunia to access Citybank, the Popup is then hijacked.

    So it seems like you need to access (click on a link to) your trusted site via an untrusted site to get hijacked?

  19. Re:This is pretty important by YU+Nicks+NE+Way · · Score: 2, Interesting · on Service Pack 1 for Windows Server 2003
    I won't touch IIS ever, in fact we have Win2k3 systems running apache because of vendor mandates.
    You do realize that IIS 6 has yet to have a remote access vulnerability reported, even though it's 2+ years old, but that Apache has had many in the last year? (Apache 2.0.x, Apache 1.3.x, IIS 6.)
  20. Re:This is pretty important by YU+Nicks+NE+Way · · Score: 2, Interesting · on Service Pack 1 for Windows Server 2003
    I won't touch IIS ever, in fact we have Win2k3 systems running apache because of vendor mandates.
    You do realize that IIS 6 has yet to have a remote access vulnerability reported, even though it's 2+ years old, but that Apache has had many in the last year? (Apache 2.0.x, Apache 1.3.x, IIS 6.)
  21. Re:This is pretty important by YU+Nicks+NE+Way · · Score: 2, Interesting · on Service Pack 1 for Windows Server 2003
    I won't touch IIS ever, in fact we have Win2k3 systems running apache because of vendor mandates.
    You do realize that IIS 6 has yet to have a remote access vulnerability reported, even though it's 2+ years old, but that Apache has had many in the last year? (Apache 2.0.x, Apache 1.3.x, IIS 6.)
  22. Re:MSFT says URL spoofing security a feature by cuijian · · Score: 3, Interesting · on Apple Releases Mac OS X Patches

    I can't seem to access the vulnerability report, but it doesn't sound like the same thing to me at all. Virtually every browser allows you to set the status bar text with Javascript. If you don't like that, you can switch client-side scripting off, or that particular feature in some browsers. The Safari hole sounds like websites can do this without any client-side scripting at all.

    Not true. Check out the Secunia test case below with IE, FireFox, and Safari. Only IE is vulnerable. FireFox and Safari do not allow the website to spoof the URL in the status field.

    http://secunia.com/internet_explorer_address_bar_s poofing_test/

  23. "Highly Critical" according to whom? by Shag · · Score: 5, Insightful · on Apple Releases Mac OS X Patches
    The on-duty editor didn't get my mail, I guess...

    Apple has not described these as "highly critical" to my knowledge.

    That label has been applied by Secunia, the Danish security company that has, in the past, gotten press for indicating that Windows is secure and OS X isn't, no matter what tests might show.

    The browser fixes are potentially significant, but the bulk of the others involve services that aren't even on by default, or things that most users wouldn't deal with.

    Sky falling, next 10 miles.

  24. Re:Any non-standard app is a security risk by Damhna · · Score: 4, Interesting · on FireFox as a Security Risk Compared to IE?

    Could not agree more.

    Custom application standardisation across the install base means that issue resolution can be standardised and tweaked to meet the response/support requirement. The certification and testing processes that most serious companies use to pass apps as fitting are both rigourous and not condusive to incorporating the latest 'app du jour'. And rightly so.

    It's easy for tech saavy folks to deem these practices as a symptom of the narrow mindedness of lazy MCSE admins (who would appear to be some sort of subspecies of a real admins). It's easy to see this as an organisation being inflexible due to undereducation but I believe that that is not the case. A pestered admin will often give the sort of pseudo answer this user recieved.It's not good to fudge that way , but without taking a user step by step through the security policies and application certification documetnation, it's difficult to explain the why of decisions such as this.

    It can be difficult to meet the job function requirements of diverse departments and maintain the steady balancing act that will ensure your SourceSafe users will be as compliant as the receptionist.

    For this organisation it may be useful to do a business case analysis exploring the usefulness or otherwise of Firefox but as it is still in it's first iteration a lot of companies will be loathe to abandon the practices they have in place on a whim.

    Aa firefox moves ever closer to a dominant position the pressure will become greater and things will change. It will also become more a target and I'm betting that this will begin getting longer and looking far more serious as more and more authors start realising the potential success to be had in taking Firefox on.

  25. Re:not much... by deaddeng · · Score: 4, Informative · on How Much Harm Can One Web Site Do?

    There are at least two other IE exploits out there that MS has not patched, and SP2 won't protect you. see: http://isc.sans.org/diary.php?date=2004-11-20 Quote: Two More IE Vulnerabilities Exploit code has been released for two more Internet Explorer vulnerabilities that were released on Wednesday (Nov. 17). This code would enable an attacker to trick users into executing malware. These vulnerabilities affect Microsoft Internet Explorer 6.0 SP2 and are not prevented by Windows XP SP2. The original advisory is here: http://secunia.com/advisories/13203/ The proof of concept exploit: http://www.k-otik.com/exploits/2041119.IESP2disclo sure.php While on the topic, it is interesting to note some statistics that Secunia has been compiling about Internet Explorer vulnerabilities: IE 5.01 - 42 advisories (7 unpatched) http://secunia.com/product/9/ IE 5.5 - 55 advisories (8 unpatched) http://secunia.com/product/10/ IE 6.0 - 69 advisories (18 unpatched) http://secunia.com/product/11/ If you still think SP2 has mystical properties: http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatch ed/

  26. Re:not much... by deaddeng · · Score: 4, Informative · on How Much Harm Can One Web Site Do?

    There are at least two other IE exploits out there that MS has not patched, and SP2 won't protect you. see: http://isc.sans.org/diary.php?date=2004-11-20 Quote: Two More IE Vulnerabilities Exploit code has been released for two more Internet Explorer vulnerabilities that were released on Wednesday (Nov. 17). This code would enable an attacker to trick users into executing malware. These vulnerabilities affect Microsoft Internet Explorer 6.0 SP2 and are not prevented by Windows XP SP2. The original advisory is here: http://secunia.com/advisories/13203/ The proof of concept exploit: http://www.k-otik.com/exploits/2041119.IESP2disclo sure.php While on the topic, it is interesting to note some statistics that Secunia has been compiling about Internet Explorer vulnerabilities: IE 5.01 - 42 advisories (7 unpatched) http://secunia.com/product/9/ IE 5.5 - 55 advisories (8 unpatched) http://secunia.com/product/10/ IE 6.0 - 69 advisories (18 unpatched) http://secunia.com/product/11/ If you still think SP2 has mystical properties: http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatch ed/

  27. Re:not much... by deaddeng · · Score: 4, Informative · on How Much Harm Can One Web Site Do?

    There are at least two other IE exploits out there that MS has not patched, and SP2 won't protect you. see: http://isc.sans.org/diary.php?date=2004-11-20 Quote: Two More IE Vulnerabilities Exploit code has been released for two more Internet Explorer vulnerabilities that were released on Wednesday (Nov. 17). This code would enable an attacker to trick users into executing malware. These vulnerabilities affect Microsoft Internet Explorer 6.0 SP2 and are not prevented by Windows XP SP2. The original advisory is here: http://secunia.com/advisories/13203/ The proof of concept exploit: http://www.k-otik.com/exploits/2041119.IESP2disclo sure.php While on the topic, it is interesting to note some statistics that Secunia has been compiling about Internet Explorer vulnerabilities: IE 5.01 - 42 advisories (7 unpatched) http://secunia.com/product/9/ IE 5.5 - 55 advisories (8 unpatched) http://secunia.com/product/10/ IE 6.0 - 69 advisories (18 unpatched) http://secunia.com/product/11/ If you still think SP2 has mystical properties: http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatch ed/

  28. Re:not much... by deaddeng · · Score: 4, Informative · on How Much Harm Can One Web Site Do?

    There are at least two other IE exploits out there that MS has not patched, and SP2 won't protect you. see: http://isc.sans.org/diary.php?date=2004-11-20 Quote: Two More IE Vulnerabilities Exploit code has been released for two more Internet Explorer vulnerabilities that were released on Wednesday (Nov. 17). This code would enable an attacker to trick users into executing malware. These vulnerabilities affect Microsoft Internet Explorer 6.0 SP2 and are not prevented by Windows XP SP2. The original advisory is here: http://secunia.com/advisories/13203/ The proof of concept exploit: http://www.k-otik.com/exploits/2041119.IESP2disclo sure.php While on the topic, it is interesting to note some statistics that Secunia has been compiling about Internet Explorer vulnerabilities: IE 5.01 - 42 advisories (7 unpatched) http://secunia.com/product/9/ IE 5.5 - 55 advisories (8 unpatched) http://secunia.com/product/10/ IE 6.0 - 69 advisories (18 unpatched) http://secunia.com/product/11/ If you still think SP2 has mystical properties: http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatch ed/

  29. Good god... Its utterly untrustworthy/ or not? by Anonymous Coward · · Score: 0 · on Security Flaws In Linux SMBFS

    Look at these , this makes Linux as a network system not to be trusted. Im shocked to see this, especially the unpatched items, which are quite servere.

    http://secunia.com/product/2719/

    Anyone know if the ac-patches addres these things.

    How do Suse and Fedora handle this, or don't they?

    It raises some serious questions with i gues.

    Im going on a patch hunt ;)

  30. Re:history of linux exploits by Short+Circuit · · Score: 5, Informative · on Security Flaws In Linux SMBFS

    Secunia...they also have a free service where they'll email you about vulnerabilities and fixes. And I've never received spam from them. (But that may be due to my GMail account.)

  31. Re:You know it's coming.. by piper-noiter · · Score: 2, Informative · on Firefox News Roundup

    Microsoft is claming IE users don't want tabbed browsing. hmf.

    Its true I have computer ignorant friends who say they really DON'T need tabs, but then they've never tried them.

    Microsoft is also claming it is no more buggy than Firefox...
    And here I've been sending these lies to all my friends:
    http://secunia.com/product/4227/Firefox Browser 0.1 - 2 unpached problems, 17 total security flaws.
    http://secunia.com/product/761/Opera Browser 7 - 1 unpached problems 29 total security flaws.
    http://secunia.com/product/11/ Internet Explorer 6 - 17 unpached problems 67 total security flaws.

  32. Re:You know it's coming.. by piper-noiter · · Score: 2, Informative · on Firefox News Roundup

    Microsoft is claming IE users don't want tabbed browsing. hmf.

    Its true I have computer ignorant friends who say they really DON'T need tabs, but then they've never tried them.

    Microsoft is also claming it is no more buggy than Firefox...
    And here I've been sending these lies to all my friends:
    http://secunia.com/product/4227/Firefox Browser 0.1 - 2 unpached problems, 17 total security flaws.
    http://secunia.com/product/761/Opera Browser 7 - 1 unpached problems 29 total security flaws.
    http://secunia.com/product/11/ Internet Explorer 6 - 17 unpached problems 67 total security flaws.

  33. Re:You know it's coming.. by piper-noiter · · Score: 2, Informative · on Firefox News Roundup

    Microsoft is claming IE users don't want tabbed browsing. hmf.

    Its true I have computer ignorant friends who say they really DON'T need tabs, but then they've never tried them.

    Microsoft is also claming it is no more buggy than Firefox...
    And here I've been sending these lies to all my friends:
    http://secunia.com/product/4227/Firefox Browser 0.1 - 2 unpached problems, 17 total security flaws.
    http://secunia.com/product/761/Opera Browser 7 - 1 unpached problems 29 total security flaws.
    http://secunia.com/product/11/ Internet Explorer 6 - 17 unpached problems 67 total security flaws.

  34. Re:Not supprising by jdkane · · Score: 1 · on Security Vulnerabilities Discovered in WinXP SP2
    Yes, one from this year that has since been fixed. The entire computer is not necessarily owned, however the user's security has been breached by visiting a webpage on a non-Windows OS.

    Of course there don't seem to be any more of these on the security charts for Apple right now, however such security flaws come and go amongst the various OS's (moreso on Windows it seems). I cannot guarantee OSX or any other UNIx-like OS will not be on the charts again in the future with a browser problem. As far as owning the machine every time, well Microsoft does take that category.

    I disagree that I have to find more than one vulnerability. It only takes one for a breach to occur. As I said in another post, where security is concerned, majority does not rule because numbers play differently.

  35. Re:Tabbed browsing not important by someonehasmyname · · Score: 1 · on Microsoft Says Firefox Not a Threat to IE

    I'd feel safe too.

  36. Re:Tabbed browsing not important by someonehasmyname · · Score: 1 · on Microsoft Says Firefox Not a Threat to IE

    I'd feel safe too.

  37. News Slashdot won't report by Anonymous Coward · · Score: -1, Offtopic · on EA Games: The Human Story

    http://secunia.com/advisories/13144/

    Slashdot is holding back on this because they don't want to kill the Firefox buzz after the 1.0 release.

  38. Re:Sensationalist /. headlines by Anonymous Coward · · Score: 0 · on Latest Version of MyDoom Exploits New IE Flaw

    Sounds to me like you don't care for slashdot much. If that's the case, why are you here?

    It's not that I don't like Slashdot in general, but I don't believe everything I read here.

    Oh yes, let's just generalize for the purpose of making him sound like a moron. At least he's sticking to the topic, virus and how it exploits IE.

    Everything he said applies to the Linux kernel too. He was trying to say that Windows is broken because it took so long for SP2 to be released. It took at least as long to get from the stable release 2.4 to 2.6 of the Linux kernel, so is that proof that 2.4 is broken? No.
    Furthermore, he named no specific viruses, exploits in IE or anything else.

    And you know this... How? Oh wait, let me guess, you read it on slashdot, so it must be true...

    If it's so easy, then how come there aren't any provably safe/correct OSes in existance? The only provably correct software I am aware of run a few critical functions for orginizations that can afford the development: nuclear reactor computers, some of NASA's software. Nothing even approaching the complexity of Windows or Linux have even been attempted. Information is hard to link to because you have to pay for it. See http://archive.comlab.ox.ac.uk/procos/codesign.htm l, http://citeseer.ist.psu.edu/lin91provably.html, http://csd.informatik.uni-oldenburg.de/persons/ste phan.kleuker/s-kleuker.hti-abstracts.html.

    No, he's not saying the Linux kernel is invulnerable. Far from it. He's saying Windows has far more vulnerabilities. No study necessary. Unless you're a total Microsoft Zealot, you should be able to see that as plain as day.

    He specifically said the "heart" of Linux: I can only assume he is referring to the kernel. You've avoided that point entirely. The Windows kernel has equal or less vulnerabilities than the Linux kernel does. I dare you to name even one recent one that allows privlege escilation in SP2. Here is one in 2.6.0, and another in 2.6.6... Just ask Google

    So you are saying that your position is so obvious and such common knowledge that you cannot find any support for it? That's called doublethink. If it was obvious, you should be able to provide copious, valid, fair and detailed sources to support your position. Stating that it's obvious without any support at all, as I posted earlier, destroys your credibility. No one is going to believe you just because you say it's true. That's the main problem I had with E-Rock-23, and now you.

    Back off him, he does have a good point.

    A point cannot be any good without support. He stated his case with zero references of any kind.

    Besides, you're the one who posted anonymously

    1. I don't see a name at the top of your post
    2. What makes you think that's why I posted AC?
    3. If your threshold is so high, how did you see the grandparent?

  39. Re:SP2 by Oddly_Drac · · Score: 1 · on Latest Version of MyDoom Exploits New IE Flaw

    "Anyone have more details/links?"

    It would seem that SP2 isn't vulnerable to this; Secunia Page

    However, these vulnerabilities are under SP2; Secunia page

  40. Re:SP2 by Oddly_Drac · · Score: 1 · on Latest Version of MyDoom Exploits New IE Flaw

    "Anyone have more details/links?"

    It would seem that SP2 isn't vulnerable to this; Secunia Page

    However, these vulnerabilities are under SP2; Secunia page

  41. Re:LIES by fatphil · · Score: 1 · on Latest Version of MyDoom Exploits New IE Flaw
    It must be a lie, as the alleged "exploit" that it exploits is one which would have been detected by the monkey test (generation of random strings of semi-garbage html), which we know IE passed with flying colours only a few weeks back.

    Must be a lie, I tell you.

    FP.

  42. Re:New York Times Ad by cortana · · Score: 1 · on Firefox 1.0 Released

    Yeah, I got your results for you, right here...

  43. Re:New York Times Ad by cortana · · Score: 1 · on Firefox 1.0 Released

    Yeah, I got your results for you, right here...

  44. Re:Security by obscurity? by prototypical · · Score: 1 · on Study Recommends Mac OS X as Safest OS

    Funny... Secunia claims that OS X "does not stand out as particularly more secure than the competition," and yet it had a quarter fewer advisories than XP Pro, out of which XP allowed system access half again as often (that's 50%, for the math challenged). There's also an odd bit of obfuscation where the Red Hat remote-exploit numbers are put in text (66%) and the OS X ones are put in numerical form (61%).

    Digging into the Secunia site reveals OS X has 14 issues in 2004, for the entire year. I'm reading through them and it looks like most of these are things to do with apache, ssl, and other Open Source components. They're counting the libpng against Apple, for Christ's sake!

    Also, the article is dead wrong on the number of "critical" issues. Secunia's own site only marks them as 8% for 2003-2004 rather than the story-claimed 19%. More shoddy reporting is revealed in the pie charts, which show OS X as having 26% system access attacks in the database instead of 32%.

    I highly recommend that people go read the Secunia site for themselves. The Red Hat numbers are off, too, and worse than OS X's.

  45. Don't be lulled into a false sense of security... by MenTaLguY · · Score: 2, Informative · on No-Click Phishing On The Way

    Just be sure your ISP keeps their installation of pine up-to-date. I've seen all too many installations of pine that haven't been updated since sometime in the 90s.

    Granted, I doubt pine is a big target for phishing scams, but nonetheless...

  46. Re:Best part of the article by FrYGuY101 · · Score: 1 · on Latest Ballmergram Bashes Linux TCO
    If you check netcraft, you'll see that currently Apache is more popular a webserver than IIS. So, shouldn't Apache have more vulnerabilites issues that IIS?
    Apache 2's entries in Secunia are 181 strong.

    IIS's (All versions) entries in Secunia only number 30.

    So, gee, yes. I suppose that since Apache is a more popular Webserver, it would have more vulnerabilities. And, indeed, that's the case.
  47. Re:Not yet.. by masklinn · · Score: 1 · on Mozilla Releases Firefox 1.0 RC1
    There are those folks who would like to try even an ub3r unstable version of everything risking system failures(either software or hardware)...
    As brother pointed out, you can already do that through extensions, hence the reason why I used the term "officially" and said that you'd see it as extensions
    Security problems? Absolutly no problem on my HOME computer.
    1- the fact that YOU never had problems doesn't mean that the issue doesn't exist (i've never starved, but i'm not dumb enough to think no one starves on earth) 2- ActiveX based security vulnerabilities over the ages: http://secunia.com/search/?search=ActiveX
  48. Re:read the words by Phisbut · · Score: 1 · on Latest Ballmergram Bashes Linux TCO
    I was puzzled by his numbers on vulnerabilities. He said that "Windows had fixed 120 vulnerabilities in a 12 month period" which implies an arrival rate of 10 a month but later on he gives a much lower arrival rate.

    I just thought it was funny that he provided a link to Secunia for Red Hat but not for Windows Server 2003. He probably didn't want to show that, even though Red Hat seems to have more vulnerabilities, 0% of them are unpatched and 23% had a criticality rating of "Highly critical" and above, while Windows Server 2003 had less vulnerabilities, but 13% are still unpatched and 52% of them have a criticality rating of "Highly critical" and above.

    Nah... he probably didn't want us to know that...

  49. Re:read the words by Phisbut · · Score: 1 · on Latest Ballmergram Bashes Linux TCO
    I was puzzled by his numbers on vulnerabilities. He said that "Windows had fixed 120 vulnerabilities in a 12 month period" which implies an arrival rate of 10 a month but later on he gives a much lower arrival rate.

    I just thought it was funny that he provided a link to Secunia for Red Hat but not for Windows Server 2003. He probably didn't want to show that, even though Red Hat seems to have more vulnerabilities, 0% of them are unpatched and 23% had a criticality rating of "Highly critical" and above, while Windows Server 2003 had less vulnerabilities, but 13% are still unpatched and 52% of them have a criticality rating of "Highly critical" and above.

    Nah... he probably didn't want us to know that...

  50. Look at Secunia's Data by Anonymous Coward · · Score: 0 · on Latest Ballmergram Bashes Linux TCO

    I found this on Secunia, it compares the differences between the number of severe "Unpatched" secunia advisories. Microsoft even referenced Secunia's site. Here is a copy of these advisory statistics as of 3:58pm CST - 10/28/2004

    Microsoft Windows XP Professional with all vendor patches installed and all vendor workarounds applied, is currently affected by one or more Secunia advisories rated Highly critical

    This is based on the most severe Secunia advisory, which is marked as "Unpatched" in the Secunia database. Go to Unpatched/Patched list below for details.

    Currently, 19 out of 74 Secunia advisories, is marked as "Unpatched" in the Secunia database. [For Windows XP]

    The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects RedHat Enterprise Linux WS 3.

    The Secunia database currently contains 0 Secunia advisories marked as "Unpatched", which affects Apple Macintosh OS X.