____/ Doug Mentohl on Friday 22 June 2007 16:41 : \____
> "Vista beat the other operating systems on nearly all fronts, according
> to the report, logging the fewest fixed vulnerabilities and the fewest
> repairs with a severity rating of 'high'"
>
> "Apple's OS X ranked third behind the two Windows versions, followed by
> Ubuntu, SLED10 and RHEL4"
>
> http://www.vnunet.com/vnunet/news/2192615/microsoft-claims-vista-secure
>
> WINDOWS VISTA 6-MONTH VULNERABILITY REPORT
>
> "in my opinion, it does seem like there are more researchers, better
> trained, and with better tools and techniques than ever before –
> creating an ecosystem better able to find and disclose security
> vulnerabilities"
>
> http://www.csoonline.com/pdf/6_Month_Vista_Vuln_Report.pdf
>
> It's not the number of researchers, but the number of hackers that is
> important. And it isn't the most reported vulnerabilities but the number
> of actual breeches.
There's a lot more to this. I'll spew out some links and excerpts:.
Microsoft is Counting Bugs Again
,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----
http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535
Microsoft Better at Patching XP Than Vista
,----[ Quote ]
| A Microsoft Corp. security executive released data Thursday showing that,
| six months after shipping Windows Vista, his company has left more
| publicly disclosed Vista bugs unpatched than it did with Windows XP.
|
| [...]
|
| "This is an apples-to-oranges comparison," said HD Moore, one of the hackers
| behind the popular Metasploit penetration testing toolkit. "If you want a
| more accurate view, try comparing the number of flaws between
| Microsoft-developed software and vendor-X-developed software. Most Linux
| vendors don't actually write the majority of the packages they include," he
| said via e-mail.
|
| "Alternatively, force Microsoft to include all vulnerabilities in common
| third-party software," he added. "For example, the thousands of exploitable
| ActiveX controls that... vendors include with a Windows system."
`----
http://news.yahoo.com/s/pcworld/20070622/tc_pcworld/133308
Skeletons in Microsoft’s Patch Day closet
,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----
http://blogs.zdnet.com/security/?p=316
Beware of undisclosed Microsoft patches
,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----
http://blogs.zdnet.com/microsoft/?p=527
--
~~ Best of wishes
For governments that eavesdrop, here is a quick list of tags: Communism,
Hawaiian shirts, China, Suitcase, Martha Stewart, Encryption, Prison, Stalin.
Thanks for tuning in.
http://Schestowitz.com | RHAT Linux | PGP-Key: 0x74572E8E
00:20:03 up 6 days, 5:48, 6 users, load average: 1.74, 1.96, 1.61
http://iuron.com - Open Source knowledge engine project
|
|