[LINK] Users tackling 10 new vulnerabilities a day
rick at praxis.com.au
Tue Sep 20 10:33:37 EST 2005
Pilcher, Fred wrote:
> Comments on this? It sounds odd to me.
Of course. It is silly. Semantec is fishing for new customers and
using scare tactics along the way.
> Users tackling 10 new vulnerabilities a day
> Michael Crawford
> 19/09/2005 14:00:02
> Australians cope with 10 new application vulnerabilities every day, with no immediate relief in sight.
This is rubbish. A cursory glance over at http://www.securityfocus.com/ (for example)
shows that yes, there are a number of new vulnerabilities each day - usually
under ten. And most of these are on systems or software that your average
Aussie computer user would *never* use.
e.g. the vulnerabilities posted for Sep 19, 2005:
o Cisco IOS Multiple Unspecified EIGRP Vulnerabilities
o MX Shop Index.PHP Multiple SQL Injection Vulnerabilities
o Sybari Antigen for Exchange/SMTP Attachment Rule Bypass Vulnerability
o NooToplist Index.PHP Multiple SQL Injection Vulnerabilities
o VBulletin Multiple Cross-Site Scripting Vulnerabilities
o Mozilla/Netscape/Firefox Browsers Domain Name Remote Buffer Overflow Vulnerability
The 19th was a heavy day, but only one vulnerability would remotely affect
your average Australian computer user. The rest deal with problems in Apache,
Cisco, anti-virus server, Exchange mail server, PHP, etc.etc.
Similar pattern on Sep 17th and 16th.
Rick Welykochy || Praxis Services
"Every program attempts to expand until it can read mail. Those programs
which cannot so expand are replaced by ones which can."
-- Jamie Zawinski, the Law of Software Envelopment
More information about the Link