Bigbruin.com
Home :: Reviews & Articles ::
Forum :: Info :: :: Facebook :: Youtube :: RSS Feed
Search  :: Register :: Log in
A little perspective on security.
Post new topic   Reply to topic    Bigbruin.com Forum Index -> Software
View previous topic :: View next topic  
Author Message
BeerCheeze
*hick*


Joined: 14 Jun 2003
Posts: 9285
Location: At the Bar

PostPosted: Sun, 11 Sep 2005 12:07:34    Post Subject: A little perspective on security. Reply with quote View Single Post

I know MANY people really like to hound on MS for windows, saying how insecure it is, and that it is the worst software out there for security. However as someone who is an IT security professional I get to see the whole picture. I thought I would share a little glimpse of this picture with you folks. Not only so you might start to realize that Windows isn't as bad as you think, but even more importantly to open your eyes to see how wide the security gap really is. This is a blurb from a newletter I get from the SANS institute (http://www.sans.org)

Summary of the vulnerabilities reported this week:

==========================================================================
Platform # of Updates & Vulnerabilities
=====================================================

Windows 1
Third Party Windows Apps 7
Unix 1
Cross Platform 8
Web Application 21
Network Device 3 (#1, #2)

Widely Deployed Software
(1) MODERATE: Cisco IOS Firewall FTP and Telnet Authentication Proxy Overflow

Other Software
(2) HIGH: Barracuda Networks Spam Firewall Remote Command Execution

-- Windows
05.36.1 - Microsoft Internet Explorer Unspecified Remote Code Execution
-- Third Party Windows Apps
05.36.2 - ALZip ACE Archive File Name Buffer Overflow
05.36.3 - CSystems WebArchiveX ActiveX Component Arbitrary File Vulnerabilities
05.36.4 - Rediff Bol Instant Messenger ActiveX Control Information Disclosure Vulnerability
05.36.5 - AttachmateWRQ Reflection for Secure IT Windows Server Renamed Account Remote Login
05.36.6 - AttachmateWRQ Reflection for Secure IT Windows Server Access Restriction Bypass
05.36.7 - 3Com Network Supervisor Directory Traversal Vulnerability
05.36.8 - WhitSoft Development SlimFTPd Remote Denial of Service
-- Unix
05.36.9 - OpenTTD Multiple Unspecified Format String Vulnerabilities
-- Cross Platform
05.36.10 - Symantec Brightmail AntiSpam Deeply Nested Zip File Denial Of Service
05.36.11 - Symantec Brightmail AntiSpam Winmail.DAT Decomposer Denial of Service
05.36.12 - HP OpenView Event Correlation Services Unspecified Remote Privilege Escalation
05.36.13 - Squid Proxy SSLConnectTimeout Remote Denial Of Service
05.36.14 - Multiple Vendor Web Vulnerability Scanners HTML Injection
05.36.15 - NetMail Remote IMAP Heap Buffer Overflow
05.36.16 - OpenSSH DynamicForward Inadvertent GatewayPorts Activation
05.36.17 - OpenSSH GSSAPI Credential Disclosure Vulnerability
-- Web Application
05.36.18 - man2web Multiple Scripts Command Execution
05.36.19 - Land Down Under Events.PHP HTML Injection
05.36.20 - Feedback Form Perl Script CHFeedBack.PL Unauthorized Mail Relay
05.36.21 - Unclassified NewsBoard Description Field HTML Injection
05.36.22 - MAXdev MD-Pro Arbitrary Remote File Upload
05.36.23 - MAXdev MD-Pro Multiple Cross-Site Scripting Vulnerabilities
05.36.24 - GuppY PrintFAQ.PHP Cross-Site Scripting
05.36.25 - GuppY Error.PHP HTML Injection
05.36.26 - MyBulletinBoard Forumdisplay.PHP Cross-Site Scripting
05.36.27 - myBloggie login.php SQL Injection
05.36.28 - MAXdev MD-Pro Cross-Site Scripting
05.36.29 - SqWebMail HTML Email Script Tag Script Injection
05.36.30 - PBLang Bulletin Board System Multiple Remote Vulnerabilities
05.36.31 - Plain Black Software WebGUI Remote Perl Command Execution Vulnerabilities
05.36.32 - DownFile Multiple Cross-Site Scripting Vulnerabilities
05.36.33 - DownFile Administrator Unauthorized Access
05.36.34 - Greymatter Gm.CGI HTML Injection
05.36.35 - CMS Made Simple Cross-Site Scripting
05.36.36 - PHPGroupWare Main Screen Message Script Injection
05.36.37 - gBook Multiple Unspecified Cross-Site Scripting Vulnerabilities
05.36.38 - Phorum Register.PHP Cross-Site Scripting
-- Network Device
05.36.39 - Cisco IOS Firewall Authentication Proxy Buffer Overflow
05.36.40 - Barracuda Spam Firewall IMG.PL Remote Command Execution
05.36.41 - Barracuda Spam Firewall IMG.PL Remote Directory Traversal
Back to top
View user's profile Send private message
Little Bruin
Boo Boo

Joined: 07 Apr 2003
Posts: 667
Location: Pic-A-Nic Basket
knight0334
Rated XXX


Joined: 22 Aug 2003
Posts: 2234
Location: Neither Here, Nor There

PostPosted: Sun, 11 Sep 2005 13:35:14    Post Subject: Reply with quote View Single Post

I've said before at IANAG a year or 3 ago, that the Windows security issue is being blown out of proportion. ...that MS is the scapegoat for all OS's faults.

Along with my post was attached proof that in the given number of years study that Unix/Linux had more security issues and patches then Microsoft's Windows ME, 2K, XP and 2K3. ...and that MS was just as fast, if not faster, at rolling out a fix for a given issue.

Everyone wants to take a punch at MS because they think MS is the spawn of Satin. ...everyone from users, truly informed people, to malicious code writers.

What it really comes down to is, you wouldn't need locks on the doors if there were no thieves. ....the thieves and malicious people are the problem.


Last edited by knight0334 on Sun, 11 Sep 2005 14:24:24; edited 1 time in total
Back to top
View user's profile Send private message
dadx2mj
Happy Camper


Joined: 10 Aug 2003
Posts: 2994
Location: SoCal

PostPosted: Sun, 11 Sep 2005 13:50:33    Post Subject: Reply with quote View Single Post

I personally believe that the end user is the biggest security risk because of ignorance more so than any OS out there. Lets face it I dont care who you are, MS , Linux, etc if you build an OS someone will find a way to break in.
Back to top
View user's profile Send private message
JimBowy
Moderator


Joined: 02 Aug 2003
Posts: 1627

PostPosted: Sun, 11 Sep 2005 15:43:32    Post Subject: Reply with quote View Single Post

dadx2mj wrote:
I personally believe that the end user is the biggest security risk because of ignorance more so than any OS out there. Lets face it I dont care who you are, MS , Linux, etc if you build an OS someone will find a way to break in.


True, but I consider MOST security problems relating to the stupid users opening the door wide-open for you. Wink

_________________
- Jim
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Bigbruin.com Forum Index -> Software All times are GMT - 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
Contact Us :: On Facebook :: On Youtube :: Newsletter :: RSS Feed :: FAQ :: Links :: Sponsors :: Privacy Policy
Copyright © 2000 - 2023 Bigbruin.com - All rights reserved