System patching 0-days and ancient-day vulnerabilities



There’s a good article at Michael Sutton’s Blog which points out something that really makes sense and I think many people are aware of, but with all the buzz that a new previously undisclosed vulnerability has, we forget. The point is this, there are plenty of machines online vulnerable to ancient flaws that have been known (in some cases for years.) In his article, he does a search for one specific vulnerability and finds targets. Some of the comments speculate that some may be honeypots, but I would doubt that a high percentage are and suspect that most are the real deal.


I see zero-day ( 0-day ) exploits as a news tool to grab peoples attention and encourage them to patch EVERYTHING. Kind of like a virus that is on the television news encourages EVERYONE to make sure they’ve got up-to-date antivirus protection. Unfortunately to most people a pc is an appliance, like a toaster that either works or it doesn’t. If it works, then great – that’s what it’s for, if not, they either get it fixed or replace it. (That comes down to a cost decision.) Of course, with a toaster these days it’s replace…. People tend to treat software the same way. Updates aren’t typically thought of by MOST software users. (It’s working fine – why should I update?) This is why I think software vendors need to distinguish more clearly between feature and maintenance/security updates and consider more automated ways to implement maintenance/security updates.

Related Posts

Blog Traffic Exchange Related Posts
  • Sony releases XCP remover Sony has had a busy day... they've released software to remove the XCP DRM program that was the start of all the recent SONY DRM rootkit controversy. Of course, the original DRM software had multiple problems in it's concept AND implementation, the uninstallers and patches since have also had problems.......
  • Serious Symantec Antivirus Vulnerability A few things to catch up on this afternoon, but first up is a Serious vulnerability in Symantec Antivirus. (It's always serious when security software has a vulnerability.) The securityfix is reporting that a vulnerability has been discovered in the way Symantec deals with rar archived files. A specially made......
  • Microsoft vulnerability whack-a-mole continues..... Translation - Microsoft patched one vulnerability another surfaces.... Incidents.org brings us the frustrating news.... If you remember the month of browser bugs series of exploits back in July, there was a denial of service there that appears to have code execution after all. Coincidence or not, it got publicly released......
Blog Traffic Exchange Related Websites
  • Using Facebook To Promote Your Business? It Doesn't Have To Be Hard If you're looking for effective ways to promote your business, you can't afford to overlook Facebook. Social networking is growing with leaps and bounds each day, and if your business is not taking advantage of it, you're definitely leaving money on the table. If you want to get the most......
  • Sad Worlds Collide: The Unretired vs. the Unemployed The dramatic rise in unemployment (over 500,000 jobs lost last month) may be combining with an equally dramatic drop in the value of retiree investment accounts (40% and counting) to create a perfect storm.  More specifically, the recently unemployed may be competing head-on with the newly "unretired" for many of the precious-few open......
  • Using Facebook To Promote Your Business? It Doesn't Have To Be Hard If you're looking for effective ways to promote your business, you can't afford to overlook Facebook. Social networking is growing with leaps and bounds each day, and if your business is not taking advantage of it, you're definitely leaving money on the table. If you want to get the most......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site