Security Threats....and what's really vulnerable

**harrybarracuda** · 28-06-2010, 06:23 PM

You'll hear a fair amount of scare stories about how insecure Windows is, how safe Macs are, etc., but the truth is, almost anything that contains code can be exploited.

In fact even Daffy's beloved IOS4, the new operating system for the iPhone 4, fixed 60 security vulnerabilities that existed on iPhones and iPods, but which were not generally publicised.

So I offer you a couple of sites that list security vulnerabilities as they are reported - often before the vendor has fixed, or agreed to fix them, but which in a most cases point you to the actual fix if it is available.

First is Security Tracker:

SecurityTracker > View Topics > Summary > All Primary Archived Entries

The second is Help Net Security:

Help Net Security - Vulnerabilities

Those links point just to recent announcements, but you can search the sites, click to subscribe to Twitter, RSS or email notifications, and so on.

Be warned, there are many obscure ones there, and you may wish to limit it to the weekly round-up, for example.

If you know of any other good vulnerability reporting sites, please feel free to post them here.

(I'm supporting the poor England fans that shelled out thousands to go and watch that utter sh*te).

**baldrick** · 28-06-2010, 06:56 PM

Originally Posted by harrybarracuda

If you know of any other good vulnerability reporting sites, please feel free to post them here.

/.

**harrybarracuda** · 28-06-2010, 06:59 PM

Originally Posted by baldrick

Originally Posted by harrybarracuda

If you know of any other good vulnerability reporting sites, please feel free to post them here.

/.

I like it, and the Register, but they aren't really the sort of thing I described. Good for coffee break and a smoke reading though.

**Butterfly** · 28-06-2010, 07:08 PM

slashdot is full of virgins living in their basement

**harrybarracuda** · 28-06-2010, 09:09 PM

I forgot CERT

US-CERT Cyber Security Bulletin SB10-179 -- Vulnerability Summary for the Week of June 21, 2010

**nikster** · 30-06-2010, 04:57 PM

Maybe it's interesting for security researchers, but why should I care about vulnerabilities? I care about exploits.

And as for exploits out in the wild, it's 1,000,000:1 Windows vs Mac, or 100,000:0 for drive by install exploits (that come in via browser, and are not stopped by AV software).

I don't care about Windows as I don't use it, but I do keep an eye on actual, factual iPhone or Mac exploits, and as it stands I think we're still at 0. There is, I believe, one trojan for Macs which comes with software downloaded from warez sites. Like a fake iWork package. If you avoid that, you're just fine.

I do understand that there is probably tons of vulnerabilities in Safari - clearly, there must be. QuickTime alone probably has thousands of undiscovered holes. At some point though, the browser will be properly sandboxed and this issue will go away. Similar to the iPhone... on the iPhone it's very hard to do anything to the OS via browser (on un-jailbroken devices) because the sandbox prevents you from accessing anything outside the actual app. The concept is going to work too - the sandbox might have holes, but fixing those is doable, while fixing _all_ software that might potentially be exposed to the internet is impossible.

**harrybarracuda** · 30-06-2010, 07:34 PM

Maybe it's interesting for security researchers, but why should I care about vulnerabilities? I care about exploits.

Yes Nikster, I forgot, every one who comes up with an exploit will drop you an email beforehand advising you of it, right?

Thread: Security Threats....and what's really vulnerable

Thread Tools

Display

Security Threats....and what's really vulnerable

Thread Information

Users Browsing this Thread

Posting Permissions