1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

I take it all back: Linux has no security vulnerabilities

Discussion in 'Security' started by minstrel, Apr 3, 2005.

  1. J.D.

    J.D. Peon

    Messages:
    1,198
    Likes Received:
    64
    Best Answers:
    0
    Trophy Points:
    0
    #21
    In order to compare what's a drop in the bucket and what's a flood, we'd need something like a vulnerability per installation info. Has anyone seen something like this?
    SEMrush
    J.D.
     
    J.D., Apr 3, 2005 IP
    SEMrush
  2. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #22
    Please re-read what I said: I never said they were making such claims in this thread, I said I started this thread because I was sick of numerous such claims made elsewhere.

    I'm sure you're not going to deny that such claims have been made, and frequently, are you?
     
    minstrel, Apr 3, 2005 IP
  3. anthonycea

    anthonycea Banned

    Messages:
    13,378
    Likes Received:
    342
    Best Answers:
    0
    Trophy Points:
    0
    #23
    See the link in post #3 Minstrel, what is says is that there is a major flaw in IE & Outlook that remains unpatched, you just do not want to address it Minstrel.

    Why not :confused:
     
    anthonycea, Apr 3, 2005 IP
  4. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #24
    For servers see http://forums.digitalpoint.com/showthread.php?t=12193
     
    minstrel, Apr 3, 2005 IP
  5. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #25
    Because (1) it has nothing to do with this thread, and (2) I am not claiming and never have claimed that there are no vulnerabilities in Windows -- only that ALL, REPEAT ALL operating systems and applications are vulnerable.
     
    minstrel, Apr 3, 2005 IP
  6. anthonycea

    anthonycea Banned

    Messages:
    13,378
    Likes Received:
    342
    Best Answers:
    0
    Trophy Points:
    0
    #26
    Not that Microsoft sponsored study again Minstrel :eek: :p :eek:
     
    anthonycea, Apr 3, 2005 IP
  7. J.D.

    J.D. Peon

    Messages:
    1,198
    Likes Received:
    64
    Best Answers:
    0
    Trophy Points:
    0
    #27
    Mozilla just released a patch for a similar vulnerability that could allow the attacker to take over your entire machine (the one with the buffer overflow):

    http://www.mozilla.org/projects/security/known-vulnerabilities.html

    If you look at the sidebar vulnerability, it was reported in February:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0402

    and the fix came out in March - about one month later. The nature of software development is that you simply cannot release something as big as a browser without going through a two-week test cycle. Add about a week for implementing a fix and here's your month. MS releases security updates about once a month as well.

    J.D.
     
    J.D., Apr 3, 2005 IP
  8. minstrel

    minstrel Illustrious Member

    Messages:
    15,082
    Likes Received:
    1,243
    Best Answers:
    0
    Trophy Points:
    480
    #28
    Microsoft sponsored the research. It was an idnependent research company that did the research. i gave you the links to the methodology and the data -- were you able to find any flaws in the study at all?

    And there's that Linux hypocrisy again: It's okay for mu$hroom to post links ad nauseum to anti-MS blogs but when someone posts real data supportive of Microsoft this is somehow unacceptable?
     
    minstrel, Apr 3, 2005 IP
  9. J.D.

    J.D. Peon

    Messages:
    1,198
    Likes Received:
    64
    Best Answers:
    0
    Trophy Points:
    0
    #29
    For servers this isn't as indicative, though - many servers run in DMZ's protected by other devices. Besides, in most cases it is easier and more profitable to steal credentials from individual computers and milk thousands of people (i.e. phishing) than to try to break into a handful of commercial databases that might have credit card/bank account information. Hence, hackers go after those software packages that have greater audience - obviously, Windows and IE are first in the list.

    J.D.
     
    J.D., Apr 3, 2005 IP