Firefox, Adobe top buggiest software list

For discussions about security.
Post Reply
Message
Author
User avatar
clarf
Posts: 613
Joined: Wed 13 Jun 2007, 19:22
Location: The old Lone Wolf

Firefox, Adobe top buggiest software list

#1 Post by clarf »

Something to think about GPL software

http://news.cnet.com/8301-27080_3-10417785-245.html

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#2 Post by disciple »

Not exactly high-quality journalism:
"vulnerabilities" ≠ "bugs"
"vulnerabilities" ≠ actual exploits
I guess at least they recognise that:
"reported vulnerabilities" ≠ "vulnerabilities"
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#3 Post by disciple »

Maybe I've been living in a Linux cave for too long:
The numbers illustrate the trend of attackers turning their focus away from operating systems and toward applications, Kandek said.
They don't mention any evidence for this... is it true?

Code: Select all

"Operating systems have become more stable and harder to attack and that's why attackers are migrating to applications, he said. "Adobe is a huge focus for attacks now, around 10 times more than Microsoft Office. 
Microsoft Office isn't an operating system... and since when was it a huge focus for attacks? The focus used to be Windows via Internet Explorer.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#4 Post by disciple »

Something to think about GPL software.
Yes: "don't use GPL software, they'll actually confess to all the bugs when they fix them".
I want to hear from someone who's actually suffered from one of these vulnerabilities in Firefox being exploited...
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

User avatar
clarf
Posts: 613
Joined: Wed 13 Jun 2007, 19:22
Location: The old Lone Wolf

#5 Post by clarf »

disciple wrote:Not exactly high-quality journalism:
"vulnerabilities" ≠ "bugs"
"vulnerabilities" ≠ actual exploits
I guess at least they recognise that:
"reported vulnerabilities" ≠ "vulnerabilities"
You are totally right disciple,

vulnerabilities = security risk.

A vulnerability with some instances of working and fully-implemented attacks is classified as an exploit.

User avatar
clarf
Posts: 613
Joined: Wed 13 Jun 2007, 19:22
Location: The old Lone Wolf

#6 Post by clarf »

disciple wrote:Maybe I've been living in a Linux cave for too long:
The numbers illustrate the trend of attackers turning their focus away from operating systems and toward applications, Kandek said.
They don't mention any evidence for this... is it true?

Code: Select all

"Operating systems have become more stable and harder to attack and that's why attackers are migrating to applications, he said. "Adobe is a huge focus for attacks now, around 10 times more than Microsoft Office. 
Microsoft Office isn't an operating system... and since when was it a huge focus for attacks? The focus used to be Windows via Internet Explorer.
Although they don´t mention any evidence, in Windows side is totally clear that focusing in Internet Explorer is a fast way to attack the Operating System (as you already pointed), IE is integrated in Windows kernel making it the big gate for any attack.

With that in mind Microsoft had doing many changes to IE security, many features are default disabled and many program Permissions blocked. I must add that with default settings I can´t use IE for many enterprise Web applications. The worst thing is I Usually have to force the lowest security setting to make things work, even setting a trusted site is not enough for single signon authentication or Scripts executions. I don´t have such problems with Firefox.

Post Reply