System patching 0-days and ancient-day vulnerabilities



There’s a good article at Michael Sutton’s Blog which points out something that really makes sense and I think many people are aware of, but with all the buzz that a new previously undisclosed vulnerability has, we forget. The point is this, there are plenty of machines online vulnerable to ancient flaws that have been known (in some cases for years.) In his article, he does a search for one specific vulnerability and finds targets. Some of the comments speculate that some may be honeypots, but I would doubt that a high percentage are and suspect that most are the real deal.


I see zero-day ( 0-day ) exploits as a news tool to grab peoples attention and encourage them to patch EVERYTHING. Kind of like a virus that is on the television news encourages EVERYONE to make sure they’ve got up-to-date antivirus protection. Unfortunately to most people a pc is an appliance, like a toaster that either works or it doesn’t. If it works, then great – that’s what it’s for, if not, they either get it fixed or replace it. (That comes down to a cost decision.) Of course, with a toaster these days it’s replace…. People tend to treat software the same way. Updates aren’t typically thought of by MOST software users. (It’s working fine – why should I update?) This is why I think software vendors need to distinguish more clearly between feature and maintenance/security updates and consider more automated ways to implement maintenance/security updates.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft vulnerability whack-a-mole continues..... Translation - Microsoft patched one vulnerability another surfaces.... Incidents.org brings us the frustrating news.... If you remember the month of browser bugs series of exploits back in July, there was a denial of service there that appears to have code execution after all. Coincidence or not, it got publicly released......
  • Firefox zero-day vulnerability (or is it?) I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day... the intent here though is to use the word in this context.... "vulnerability has been released without giving the vendor an opportunity to patch..." Yes,......
  • Microsoft's priorities... I didn't really think of this in context, but George Ou points out that Microsoft issued an "out of cycle" patch for their DRM software in response to the FairUse4WM software that stripped DRM protections from Windows Media Files. It took a mere 3 days from being made aware of......
Blog Traffic Exchange Related Websites
  • Sad Worlds Collide: The Unretired vs. the Unemployed The dramatic rise in unemployment (over 500,000 jobs lost last month) may be combining with an equally dramatic drop in the value of retiree investment accounts (40% and counting) to create a perfect storm.  More specifically, the recently unemployed may be competing head-on with the newly "unretired" for many of the precious-few open......
  • The Future of Retirement One of the goals that almost everyone working shares is a desire to eventually stop working; there are very few people who want to keep up their jobs for the rest of their life.  (There are some exceptions, of course; Hugh Hefner being one that instantly comes to mind.)  Retirement......
  • Using Facebook To Promote Your Business? It Doesn't Have To Be Hard If you're looking for effective ways to promote your business, you can't afford to overlook Facebook. Social networking is growing with leaps and bounds each day, and if your business is not taking advantage of it, you're definitely leaving money on the table. If you want to get the most......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site