Slashdot Mirror

← Back to Domains

Domain: securitytracker.com

Stories and comments across the archive that link to securitytracker.com.

Comments · 130

  1. of Red Hats and Yellow Pants by Anonymous Coward · · Score: 0 · on Month of PHP Bugs Has Begun

    As the Month of Apple Bugs (as well as others) prove, OhitSuX appears to be defective by design.

    MOAB proved security through obscurity is not security. I would look forward to a "Month of Linux Bugs"... but it seems EVERY month is given that honor.

  2. of Red Hats and Yellow Pants by Anonymous Coward · · Score: 0 · on Month of PHP Bugs Has Begun

    As the Month of Apple Bugs (as well as others) prove, OhitSuX appears to be defective by design.

    MOAB proved security through obscurity is not security. I would look forward to a "Month of Linux Bugs"... but it seems EVERY month is given that honor.

  3. Their money is safe by Anonymous Coward · · Score: 0 · on 70% of Sites Hackable? $1,000 Says "No Way"

    Seeing how many Lunix servers are on the net, this is a pretty reasonable claim.

    Lunix: got r00t?

    55 'sploits in 2007, and dis pauty iz jus gettin stauted in hea!

  4. Worship at the altar of Security through Obscurity by Anonymous Coward · · Score: 0 · on Bill Gates on Robots

    Oh, by the way... how is the "Month of Apple being proven the security train wreck it really is" working out? Only 28 more flaws left in the month!

    People who live in glass operating systems shouldn't throw stones.

    Apple!!! Lunix!!! pwnt!!!

  5. Worship at the altar of Security through Obscurity by Anonymous Coward · · Score: 0 · on Bill Gates on Robots

    Oh, by the way... how is the "Month of Apple being proven the security train wreck it really is" working out? Only 28 more flaws left in the month!

    People who live in glass operating systems shouldn't throw stones.

    Apple!!! Lunix!!! pwnt!!!

  6. The Usual Zealots by Anonymous Coward · · Score: 0 · on Vista Security The 'Longest Suicide Note in History'?

    This isn't the usual anti-Microsoft story

    Yes... yes, it is. It is quite the usual anti-Microsoft FUD story, which we can always rely on Slashdot provide. Oh.. and hey! The story is on The Inquirer... which is as rabidly anti-MS and fact challenged as Slashdot is!

    File this under "OS Penis Envy", along with every other zealot post by Lunix people wishing their OS were as good as Windows. People who live in glass operating systems shouldn't throw stones.

    Windows is on almost every PC in China... but only about 15% of computers in China are legitimately licensed. If Windows is such a horrible operating system, why aren't people using Lunix?

  7. Amount of user interaction by Beryllium+Sphere(tm) · · Score: 1 · on McAfee Feigns Fear at Mac Security

    All you need is to get someone to type an administrator password and you can replace or modify vital system files: Software Update does it all the time. Even easier than that, if there's another bug lurking that bypasses sudo authentication or allows privilege escalation.

    (Follow that second link and get a chuckle. The vulnerability is in an antivirus program).

  8. If your company isn't banning Internet Explorer... by Anonymous Coward · · Score: 0 · on Security Fears Prod Firms to Limit Staff Web Use

    If your company isn't using a browser other than IE, please let me know who you work for. I want to be extra careful with any of your products before I consider them for use.

    Mmm, mmm mmm.

  9. Re:Browser appliance by dr_d_19 · · Score: 1 · on Windows XP Flaw 'Extremely Serious'

    If you use Windows, go get the vmware browser appliance and use it - connecting to the internet through a virtual machine is like wearing gloves in the OR - it's just common sense.

    Since the Browser Appliance Virtual Machine was one the products open for exploit of the underlying OS, I would rather describe this action as handling molten lava using mittens :)

  10. Re:from the-dupe-dept. by Anonymous Coward · · Score: 0 · on Microsoft Ends IE on the Mac

    Far be it from Slashdot to let a few facts get in the way:

    1. IE Vulnerabilities
    2. Safari
    3. Firefox
    4. Opera

    Seems none of them are bastions of secure computing. People who live in glass houses, and all that.

  11. Re:from the-dupe-dept. by Anonymous Coward · · Score: 0 · on Microsoft Ends IE on the Mac

    Far be it from Slashdot to let a few facts get in the way:

    1. IE Vulnerabilities
    2. Safari
    3. Firefox
    4. Opera

    Seems none of them are bastions of secure computing. People who live in glass houses, and all that.

  12. Re:from the-dupe-dept. by Anonymous Coward · · Score: 0 · on Microsoft Ends IE on the Mac

    Far be it from Slashdot to let a few facts get in the way:

    1. IE Vulnerabilities
    2. Safari
    3. Firefox
    4. Opera

    Seems none of them are bastions of secure computing. People who live in glass houses, and all that.

  13. Re:from the-dupe-dept. by Anonymous Coward · · Score: 0 · on Microsoft Ends IE on the Mac

    Far be it from Slashdot to let a few facts get in the way:

    1. IE Vulnerabilities
    2. Safari
    3. Firefox
    4. Opera

    Seems none of them are bastions of secure computing. People who live in glass houses, and all that.

  14. Re:It's about time by Anonymous Coward · · Score: 0 · on Firefox Greasemonkey Extension Security Problem

    Start?

  15. Re:As an IT person who is deploying OS X by jrockway · · Score: 1 · on Symantec: Mac OS X Becoming a Malware Target

    > patched with in a week

    http://www.securitytracker.com/alerts/2005/Feb/101 3087.html

  16. Re:Firefox by Anonymous Coward · · Score: 0 · on Appeals Court Sends Eolas Case Back For New Trial

    Yeah, that Firefox is pretty bulletproof in it's security...

  17. Meanwhile, 10.0 is left to drown by Le+Marteau · · Score: 1 · on Slackware 10.1 Beta And Pat's Health

    Pat, I love ya, but you really need to get some more people on board. You can't be trying to do everything.

    What's up with 10.0? There has not been a security update for a long time. Good to see you've upgraded to 2.4.29 for current, but the poor schmucks who are still running slack 10.0 might not know about this bug which allows local users to become root. I tried it myself on my slack 10, and it works (not every slack 10 box can reproduce the exploit, but I, for one, could). There are other bugs in 10 which really do call for a notice, but that one was enough to make my point.

    I guess the fact that there are no longer any security bulletins should clue everybody in. Either stay current, or don't use slackware, for the time being.

  18. Re:Once again, why needless use of Javascript is B by Trinition · · Score: 1 · on New Vulnerability Affects All Browsers

    Seriously - when was the last time you heard of an exploit that used straight HTML? All of the recent exploits in ALL browsers, IE included, have been in either Javascript or Active-X, not in the core HTML rendering.

    Actually, I remember recently seeing exploits in the image format engines for both Mozilla (See item number 6 in link) and IE.

  19. Re:Hardware firewall by ticktockticktock · · Score: 1 · on Survival Time for Unpatched Systems Cut by Half

    You mean the same routers that ship with remote administration enabled by default ? Even just telling people to plug their comps into a router still leaves them vulnerable in other ways if they just so happen to end up with the routers that ship with broken settings by default. With routers shipping with such badly configured default settings, it isn't too hard for the next worm to auto-probe for those specific routers and then do a full port scan of people behind the very router that they thought was protecting them.

  20. true cost of 0wnership by Anonymous Coward · · Score: 0 · on Microsoft Windows: A Lower Total Cost of 0wnership
    Linux > ((WinXP) + (Win2k3))

    So, by this equation, it is clearly easier to 0wn Linux. Take that, Microsoft!

  21. true cost of 0wnership by Anonymous Coward · · Score: 0 · on Microsoft Windows: A Lower Total Cost of 0wnership
    Linux > ((WinXP) + (Win2k3))

    So, by this equation, it is clearly easier to 0wn Linux. Take that, Microsoft!

  22. true cost of 0wnership by Anonymous Coward · · Score: 0 · on Microsoft Windows: A Lower Total Cost of 0wnership
    Linux > ((WinXP) + (Win2k3))

    So, by this equation, it is clearly easier to 0wn Linux. Take that, Microsoft!

  23. Re:Huh? by dolphinling · · Score: 1 · on Mass Migration/Bughunt For Thunderbird Tuesday
    It's worth mentioning that Linux and Mozilla have occasional exploits as well.

    No it isn't. Linux isn't an email client, and one isn't occasional.

    "... as if "being better than Outlook Express" were a redeeming quality."
    In a sense, it is.

    Again, no it's not redeeming.

  24. One would think... by Anonymous Coward · · Score: 0 · on Proof of Concept PocketPC Virus Created

    One would think that those basions of error free programming, Linux and PalmOS, were immune to viruses. Such does not appear to be the case, however.

  25. One would think... by Anonymous Coward · · Score: 0 · on Proof of Concept PocketPC Virus Created

    One would think that those basions of error free programming, Linux and PalmOS, were immune to viruses. Such does not appear to be the case, however.

  26. Lack of focus by Anonymous Coward · · Score: 0 · on 4 New "Extremely Critical" IE Vulnerabilities
    Its amazing how Slashdot focuses like a laser beam on every bug found in IE and Windows, but at the same time they completely ignore errors in linux, Mozilla, Firefox, MacOS, etc.

    Come on guys, get a grip. The alternatives have just as many flaws. But amazingly, Slashdot turns a blind eye to them.

    I guess its true that Slashdot only deals out anti-MS FUD.

  27. Lack of focus by Anonymous Coward · · Score: 0 · on 4 New "Extremely Critical" IE Vulnerabilities
    Its amazing how Slashdot focuses like a laser beam on every bug found in IE and Windows, but at the same time they completely ignore errors in linux, Mozilla, Firefox, MacOS, etc.

    Come on guys, get a grip. The alternatives have just as many flaws. But amazingly, Slashdot turns a blind eye to them.

    I guess its true that Slashdot only deals out anti-MS FUD.

  28. Lack of focus by Anonymous Coward · · Score: 0 · on 4 New "Extremely Critical" IE Vulnerabilities
    Its amazing how Slashdot focuses like a laser beam on every bug found in IE and Windows, but at the same time they completely ignore errors in linux, Mozilla, Firefox, MacOS, etc.

    Come on guys, get a grip. The alternatives have just as many flaws. But amazingly, Slashdot turns a blind eye to them.

    I guess its true that Slashdot only deals out anti-MS FUD.

  29. Lack of focus by Anonymous Coward · · Score: 0 · on 4 New "Extremely Critical" IE Vulnerabilities
    Its amazing how Slashdot focuses like a laser beam on every bug found in IE and Windows, but at the same time they completely ignore errors in linux, Mozilla, Firefox, MacOS, etc.

    Come on guys, get a grip. The alternatives have just as many flaws. But amazingly, Slashdot turns a blind eye to them.

    I guess its true that Slashdot only deals out anti-MS FUD.

  30. Re:Secure ? by Anonymous Coward · · Score: 2, Informative · on Cisco IOS Source Code Theft Story Continues

    you are correct, Microsoft Internet Explorer Integer Overflow in Processing Bitmap Files Lets Remote Users Execute Arbitrary Code

  31. Re:Switch!!! by Chuck+Chunder · · Score: 1 · on Nasty New Virus Variants
    My mail client (mutt) does not run under an account that has full access to the entire system. Instead, it runs as me, and cannot replace parts of the OS even if it wants to. So it can't do things like replace part of the TCP/IP stack
    While that might be true I wonder how many people are still running versions of Linux that still exhibit the reasonably recently discovered priviledge escalation bugs?

    Certainly the sort of people who are unlikely to have updated their Outlook are unlikely to have updated their OS kernel (especially as, at least in every automated package updater I've used, kernel upgrades don't happen as easily as userspace apps).

    We aren't immune just because we use Free Software. Our software can be equally vulnerable to similar exploits.
  32. Re:fscking moderators... by Anonymous Coward · · Score: 0 · on MS and Sendmail work together on Spam Solution

    Oh yes, so secure.

    I'll take Postfix, thanks.

  33. Re:The trouble with diversity by raga · · Score: 1 · on Microsoft, Monocultures, Security FUD & Other Fun
    Exactly how is "Windows Source available on the internet" more dangerous than "Linux source available on the internet" ?

    Here's the first "exactly how".

    cheers- raga
  34. Re:Time to MS proof what it says by rjamestaylor · · Score: 2, Informative · on Exploit Based On Leaked Windows Code Released
    • Somebody,
    • please, monitor this bug (or teach me how to monitor it)
    Use this link

    Then use this one.

  35. Re:What the fuck? by DjReagan · · Score: 5, Informative · on Exploit Based On Leaked Windows Code Released

    That wouldn't work in this case. Overflowing a signed integer so that it wraps around to negative won't be picked up by checking if the value is greater. Using the correct datatype (unsigned int) would have been better.

    (in fact, looking at the code snipped in the vulnerability notification, they do check against Offset > size of buffer)

  36. Re:More good quotes... by t0ny · · Score: -1, Insightful · on FBI Agent Talks Crime, Macs
    And they're secure out of the box

    Ok, now its obvious this guy doesnt know his ass from a hole in the ground, security-wise. Some may not see it as quite so secure. At least, not out of the box...

  37. Re:Lets make up things!! by t0ny · · Score: 1 · on The Software Monoculture
    How many UNIX or Linux installations were infected by all of the recent MS email worms/viruses?

    How many r00t vulnerablilities did linux have in the past three months? How many Linux vendors got hacked because of undisclosed, in the wild exploits? How many of these effected Linux systems? I think Linux has enough to worry about with their own glass house, and should worry less about throwing rocks at other OS's.

    Perhaps you should take some classes in biology - then it will make more sense to you, and you'll have a more rounded education.

    Ah, the old analogy straw man. How about you take some computer classes? Because like all analogies, yours is flawed. A man-made construct is very different from a biological system. If biodiversity is so great, why do they sterilize surgery rooms? Answer- because they WANT a controlled monoculture.

  38. Re:Rebuttal to MS by t0ny · · Score: 1 · on Reflecting on Linux Security in 2003

    Please compare this and this. To be blunt, neither of them appear to be the apex of computer security; people need to stop kidding themselves about how secure Linux is, or it will never get better.

  39. Re:Rebuttal to MS by t0ny · · Score: 1 · on Reflecting on Linux Security in 2003

    Please compare this and this. To be blunt, neither of them appear to be the apex of computer security; people need to stop kidding themselves about how secure Linux is, or it will never get better.

  40. Head, meet Sand by t0ny · · Score: -1, Troll · on Reflecting on Linux Security in 2003
    From the looks of things, they still have a while to go. IMO, Linux people talking about security is like that saying about people who live in glass houses.

    Who was it at MS who basically made that statement that regarding security, they ALL suck? What Linux really needs is somebody to tell their community the same thing, instead of continuing to burry their heads in the sand.

  41. Re:Does anyone know... by Puppet+Master · · Score: 2, Informative · on Looking Back At Windows Security In 2003
    Doing a little more research, what you wanted was this:

    Linux (ANY)

    and

    Windows XP

    But even this is unfair... It should be Windows (ANY), if you're going to compare any flavor of Linux to any flavor of Windows.

  42. Re:Does anyone know... by Puppet+Master · · Score: 2, Informative · on Looking Back At Windows Security In 2003
    Doing a little more research, what you wanted was this:

    Linux (ANY)

    and

    Windows XP

    But even this is unfair... It should be Windows (ANY), if you're going to compare any flavor of Linux to any flavor of Windows.

  43. Re:Does anyone know... by Puppet+Master · · Score: 2, Informative · on Looking Back At Windows Security In 2003
    Doing a little more research, what you wanted was this:

    Linux (ANY)

    and

    Windows XP

    But even this is unfair... It should be Windows (ANY), if you're going to compare any flavor of Linux to any flavor of Windows.

  44. Re:Does anyone know... by Krunch · · Score: 1 · on Looking Back At Windows Security In 2003

    Looks like your second link is for Windows (any). The link for Linux is here.

  45. Re:Does anyone know... by t0ny · · Score: -1, Troll · on Looking Back At Windows Security In 2003
    Ya, SecurityTracker.com.

    Here is Windows XP

    Here is Linux

    As you can see, WinXP has far less problems than Linux. Its just that Linux users want the sizzle, not the steak, so they just keep sizzling about how secure their OS is. Instead of bragging about how secure they are compared to MS, they need to start tightening up their code. But I suppose that isnt as much fun as creating yet another web browser.

  46. Re:Does anyone know... by t0ny · · Score: -1, Troll · on Looking Back At Windows Security In 2003
    Ya, SecurityTracker.com.

    Here is Windows XP

    Here is Linux

    As you can see, WinXP has far less problems than Linux. Its just that Linux users want the sizzle, not the steak, so they just keep sizzling about how secure their OS is. Instead of bragging about how secure they are compared to MS, they need to start tightening up their code. But I suppose that isnt as much fun as creating yet another web browser.

  47. Re:Looking Back At Windows Security In 2003 by t0ny · · Score: -1, Troll · on Looking Back At Windows Security In 2003

    Ya, I mean, look at all these! What a frickin' insecure P.O.S. it is! Oh wait, thats not Windows...

  48. Sorry, you are wrong by t0ny · · Score: 2, Informative · on Linux 2.6.0 Kernel Released
    The kernel exploit was first DISCOVERED by Debian. It was accessing a flaw in the linux kernel itself, not the distribution (take a look here.

    Also, I hate how people say "oh, well, it was only a local exploit..." It shows they dont understand the methodology used by malicious hackers. You use one flaw to give you remote access, then leverage that remote access into exploiting the local access flaw.

    How else do you think Debian was hacked with a mere local access exploit?

  49. In All My Years... by Bloodmoon1 · · Score: 4, Insightful · on Mac OS X Buffer Overflow Found
    On OS X, about 2 of them, actually, I've seen 1 bug that COULD have posed a problem for me. Maybe I'm just not as big of a power user as I think I am, but I really fail to see how virtually any of the bugs/exploits/whatever that are found for OS X are any type of problem. Yes they need patched, but they almost don't seem worth mentioning except for the sheer novelty of it, and maybe as some sort of strange inferiority complex kick for Windows users, as a recent article seems to suggest.

    Take this one for example, which many considered to be a "big security issue". Basically it only was a problem:
    1. On laptops.
    2. When someone had sudo running in Terminal.
    3. When the computer was put to sleep.
    4. For 10-20 SECONDS after the computer was woken up, but before the clock was updated, someone with physical access to the computer could execute code.
    What a massive, gaping, goatse proportioned hole. Who knew it was a bad idea to leave your computer running sudo just laying around in Starbucks while you went to the can? And Apple still had a patch out in a week or two. And in 10.3, passwords can be required to wake the computer, further negiating this and any similar problems.

    Now compare that to the 50 critical security fixes needed immediately for an install of a year old Windows XP disk. And the fact that there are about a hundred different ways to execute code in Windows, either legitimate or malicious, all across the system, even in the damn web browser.

    Basically what I'm getting at here is that this is newsworth simply for the fact that it really isn't. I'd be willing to bet 0 people will have any problem with this before it is patched.

    And on a personal note, "Max" sounds pretty fucking stupid and ignorent. "It appears that parts of MacOSX that didn't come from BSD are not very well written and have significant security issues." Oh boy! I found a buffer overflow that will effect no one and that I probably didn't even bother to inform Apple about before hand! I'm a L337 haX0r bitches! Now if he just would have thrown in something about how Apple is beleaguered and BSD is dying, we could just chaulk up "Max" as a lucky troll.
  50. They forgot one link... by t0ny · · Score: 0, Offtopic · on Chock Full o' NetBSD!

    They both forgot to mention this page...