System patching 0-days and ancient-day vulnerabilities



There’s a good article at Michael Sutton’s Blog which points out something that really makes sense and I think many people are aware of, but with all the buzz that a new previously undisclosed vulnerability has, we forget. The point is this, there are plenty of machines online vulnerable to ancient flaws that have been known (in some cases for years.) In his article, he does a search for one specific vulnerability and finds targets. Some of the comments speculate that some may be honeypots, but I would doubt that a high percentage are and suspect that most are the real deal.


I see zero-day ( 0-day ) exploits as a news tool to grab peoples attention and encourage them to patch EVERYTHING. Kind of like a virus that is on the television news encourages EVERYONE to make sure they’ve got up-to-date antivirus protection. Unfortunately to most people a pc is an appliance, like a toaster that either works or it doesn’t. If it works, then great – that’s what it’s for, if not, they either get it fixed or replace it. (That comes down to a cost decision.) Of course, with a toaster these days it’s replace…. People tend to treat software the same way. Updates aren’t typically thought of by MOST software users. (It’s working fine – why should I update?) This is why I think software vendors need to distinguish more clearly between feature and maintenance/security updates and consider more automated ways to implement maintenance/security updates.

Related Posts

Blog Traffic Exchange Related Posts
  • Apple Quicktime and OS X updates to patch multiple security vulnerabilities Apple has released Quicktime v. 7.1 for both Windows and OS X to address about 12 vulnerabilities. It looks as though all of the vulnerabilities were related to either a specially crafted images or movies (a variety of formats...) Upgrade or use another viewer... Affected file formats are.... Jpegs, Flashpix,......
  • Firefox vulnerabilities and 1.5 Release Candidate I know there's been at least one and probably a couple of Mozilla Firefox vulnerabilities announced in the last month or so. There are currently (according to Secunia) 3 unpatched Firefox vulnerabilities. The secunia page for firefox has the details. There are two vulnerabilites for which there is a workaround......
  • Macromedia flash player vulnerability A severe security vulnerability has been found in versions of the Flash Player prior to 7.0.19.0 Many sites require flash player in order to view various features on the site (depending on the site this ranges from commercials to the site navigation.) A specially crafted swf file on a remote......
Blog Traffic Exchange Related Websites
  • Sad Worlds Collide: The Unretired vs. the Unemployed The dramatic rise in unemployment (over 500,000 jobs lost last month) may be combining with an equally dramatic drop in the value of retiree investment accounts (40% and counting) to create a perfect storm.  More specifically, the recently unemployed may be competing head-on with the newly "unretired" for many of the precious-few open......
  • Using Facebook To Promote Your Business? It Doesn't Have To Be Hard If you're looking for effective ways to promote your business, you can't afford to overlook Facebook. Social networking is growing with leaps and bounds each day, and if your business is not taking advantage of it, you're definitely leaving money on the table. If you want to get the most......
  • Using Facebook To Promote Your Business? It Doesn't Have To Be Hard If you're looking for effective ways to promote your business, you can't afford to overlook Facebook. Social networking is growing with leaps and bounds each day, and if your business is not taking advantage of it, you're definitely leaving money on the table. If you want to get the most......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site