Author |
Message |
clarf

Joined: 13 Jun 2007 Posts: 614 Location: The old Lone Wolf
|
Posted: Fri 18 Dec 2009, 12:24 Post subject:
Firefox, Adobe top buggiest software list Subject description: When enemy is inside the GPL |
|
Something to think about GPL software
http://news.cnet.com/8301-27080_3-10417785-245.html
|
Back to top
|
|
 |
disciple
Joined: 20 May 2006 Posts: 6995 Location: Auckland, New Zealand
|
Posted: Fri 18 Dec 2009, 16:27 Post subject:
|
|
Not exactly high-quality journalism:
"vulnerabilities" ≠ "bugs"
"vulnerabilities" ≠ actual exploits
I guess at least they recognise that:
"reported vulnerabilities" ≠ "vulnerabilities"
_________________ Do you know a good gtkdialog program? Please post a link here
Classic Puppy quotes
ROOT FOREVER
GTK2 FOREVER
|
Back to top
|
|
 |
disciple
Joined: 20 May 2006 Posts: 6995 Location: Auckland, New Zealand
|
Posted: Fri 18 Dec 2009, 16:31 Post subject:
|
|
Maybe I've been living in a Linux cave for too long:
Quote: | The numbers illustrate the trend of attackers turning their focus away from operating systems and toward applications, Kandek said. |
They don't mention any evidence for this... is it true?
Code: | "Operating systems have become more stable and harder to attack and that's why attackers are migrating to applications, he said. "Adobe is a huge focus for attacks now, around 10 times more than Microsoft Office. |
Microsoft Office isn't an operating system... and since when was it a huge focus for attacks? The focus used to be Windows via Internet Explorer.
_________________ Do you know a good gtkdialog program? Please post a link here
Classic Puppy quotes
ROOT FOREVER
GTK2 FOREVER
|
Back to top
|
|
 |
disciple
Joined: 20 May 2006 Posts: 6995 Location: Auckland, New Zealand
|
Posted: Fri 18 Dec 2009, 16:33 Post subject:
|
|
Quote: | Something to think about GPL software. |
Yes: "don't use GPL software, they'll actually confess to all the bugs when they fix them".
I want to hear from someone who's actually suffered from one of these vulnerabilities in Firefox being exploited...
_________________ Do you know a good gtkdialog program? Please post a link here
Classic Puppy quotes
ROOT FOREVER
GTK2 FOREVER
|
Back to top
|
|
 |
clarf

Joined: 13 Jun 2007 Posts: 614 Location: The old Lone Wolf
|
Posted: Fri 18 Dec 2009, 18:35 Post subject:
|
|
disciple wrote: | Not exactly high-quality journalism:
"vulnerabilities" ≠ "bugs"
"vulnerabilities" ≠ actual exploits
I guess at least they recognise that:
"reported vulnerabilities" ≠ "vulnerabilities" |
You are totally right disciple,
vulnerabilities = security risk.
A vulnerability with some instances of working and fully-implemented attacks is classified as an exploit.
|
Back to top
|
|
 |
clarf

Joined: 13 Jun 2007 Posts: 614 Location: The old Lone Wolf
|
Posted: Fri 18 Dec 2009, 18:44 Post subject:
|
|
disciple wrote: | Maybe I've been living in a Linux cave for too long:
Quote: | The numbers illustrate the trend of attackers turning their focus away from operating systems and toward applications, Kandek said. |
They don't mention any evidence for this... is it true?
Code: | "Operating systems have become more stable and harder to attack and that's why attackers are migrating to applications, he said. "Adobe is a huge focus for attacks now, around 10 times more than Microsoft Office. |
Microsoft Office isn't an operating system... and since when was it a huge focus for attacks? The focus used to be Windows via Internet Explorer. |
Although they don´t mention any evidence, in Windows side is totally clear that focusing in Internet Explorer is a fast way to attack the Operating System (as you already pointed), IE is integrated in Windows kernel making it the big gate for any attack.
With that in mind Microsoft had doing many changes to IE security, many features are default disabled and many program Permissions blocked. I must add that with default settings I can´t use IE for many enterprise Web applications. The worst thing is I Usually have to force the lowest security setting to make things work, even setting a trusted site is not enough for single signon authentication or Scripts executions. I don´t have such problems with Firefox.
|
Back to top
|
|
 |
|