System patching 0-days and ancient-day vulnerabilities



There’s a good article at Michael Sutton’s Blog which points out something that really makes sense and I think many people are aware of, but with all the buzz that a new previously undisclosed vulnerability has, we forget. The point is this, there are plenty of machines online vulnerable to ancient flaws that have been known (in some cases for years.) In his article, he does a search for one specific vulnerability and finds targets. Some of the comments speculate that some may be honeypots, but I would doubt that a high percentage are and suspect that most are the real deal.


I see zero-day ( 0-day ) exploits as a news tool to grab peoples attention and encourage them to patch EVERYTHING. Kind of like a virus that is on the television news encourages EVERYONE to make sure they’ve got up-to-date antivirus protection. Unfortunately to most people a pc is an appliance, like a toaster that either works or it doesn’t. If it works, then great – that’s what it’s for, if not, they either get it fixed or replace it. (That comes down to a cost decision.) Of course, with a toaster these days it’s replace…. People tend to treat software the same way. Updates aren’t typically thought of by MOST software users. (It’s working fine – why should I update?) This is why I think software vendors need to distinguish more clearly between feature and maintenance/security updates and consider more automated ways to implement maintenance/security updates.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft's priorities... I didn't really think of this in context, but George Ou points out that Microsoft issued an "out of cycle" patch for their DRM software in response to the FairUse4WM software that stripped DRM protections from Windows Media Files. It took a mere 3 days from being made aware of......
  • Firefox zero-day vulnerability (or is it?) I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day... the intent here though is to use the word in this context.... "vulnerability has been released without giving the vendor an opportunity to patch..." Yes,......
  • Apple Quicktime and OS X updates to patch multiple security vulnerabilities Apple has released Quicktime v. 7.1 for both Windows and OS X to address about 12 vulnerabilities. It looks as though all of the vulnerabilities were related to either a specially crafted images or movies (a variety of formats...) Upgrade or use another viewer... Affected file formats are.... Jpegs, Flashpix,......
Blog Traffic Exchange Related Websites
  • The Future of Retirement One of the goals that almost everyone working shares is a desire to eventually stop working; there are very few people who want to keep up their jobs for the rest of their life.  (There are some exceptions, of course; Hugh Hefner being one that instantly comes to mind.)  Retirement......
  • Using Facebook To Promote Your Business? It Doesn't Have To Be Hard If you're looking for effective ways to promote your business, you can't afford to overlook Facebook. Social networking is growing with leaps and bounds each day, and if your business is not taking advantage of it, you're definitely leaving money on the table. If you want to get the most......
  • Using Facebook To Promote Your Business? It Doesn't Have To Be Hard If you're looking for effective ways to promote your business, you can't afford to overlook Facebook. Social networking is growing with leaps and bounds each day, and if your business is not taking advantage of it, you're definitely leaving money on the table. If you want to get the most......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site