Tag: Rebuttal

  • Adobe, Qualys, CVE, and Math

    [This was originally published on the OSVDB blog.] Elinor Mills wrote an article titled Firefox, Adobe top buggiest-software list. In it, she quotes Qualys as providing vulnerability statistics for Mozilla, Adobe and others. Qualys states: The number of vulnerabilities in Adobe programs rose from 14 last year to 45 this year, while those in Microsoft…

  • 2007 Top Vulnerable Vendors?

    [This was originally published on the OSVDB blog.] http://www.eweek.com/article2/0,1895,2184206,00.asphttp://www.eweek.com/c/a/Security/Report-MS-Apple-Oracle-Are-Top-Vulnerable-Vendors/ New IBM research shows that five vendors are responsible for 12.6 percent of all disclosed vulnerabilities. Not surprising: In the first half of 2007, Microsoft was the top vendor when it came to publicly disclosed vulnerabilities. Likely surprising to some: Apple got second place. IBM Internet…

  • Depending on how you count flaws..

    [This was originally published on the OSVDB blog.] After flap, Symantec adjusts browser bug countDepending on how you count flaws, either IE or Firefox could be considered less secureNews Story by Robert McMillan MARCH 07, 2006 (IDG NEWS SERVICE) – A report issued today by Symantec Corp. seeks to satisfy users of both Mozilla Corp.’s…

  • Mac vs Windows – More “Statistics”

    [This was originally published by the OSVDB blog.] Yet another article comparing Mac vs Windows, and using statistics to back it up. Since this is getting to be a common occurrence, I won’t go into the usual lecture about statistics, how they can easily be manipulated to back any argument (including how VAX/VMS is the…

  • US-CERT: A Disgrace to Vulnerability Statistics

    [This was originally published on the OSVDB blog.] Several people have asked OSVDB about their thoughts on the recent US-CERT Cyber Security Bulletin 2005 Summary. Producing vulnerability statistics is trivial to do. All it takes is your favorite data set, a few queries, and off you go. Producing meaningful and useful vulnerability statistics is a…

  • “OSS means slower patches” – huh?!

    [This was originally posted on the OSVDB blog.] http://australianit.news.com.au/articles/0,7204[..].htmlOSS means slower patchesChris JenkinsSEPTEMBER 19, 2005 This was posted to Full-Disclosure where I first replied, and ISN picked up. Articles like this do nothing positive for our industry. Jenkins should not waste his time writing fluff pieces like this, and he should do some digging or…

  • Random Comments on the Symantec Internet Threat Report 2005

    [Originally posted to the ISN Mail List. Shortly after, modified for attrition.org. This was republished at The Age (AU) and the Sydney Morning Herald.] Some interesting stuff in the Symantec report that is being talked about in various news articles:http://www.zdnet.com.au/news/security/0,2000061744,39185387,00.htmhttp://uk.news.yahoo.com/050322/152/ferr7.htmlhttp://continuitycentral.com/news01804.htmhttp://www.macobserver.com/article/2005/03/23.4.shtml[..] The original Symantec release for this report:http://enterprisesecurity.symantec.com/content.cfm?articleid=1539 Symantec Internet Security Threat ReportTrends for July 04…

  • In Response To: Computer Crime-Abetting Sites…

    [This was originally published on Aviary Magazine and mirrored on attrition.org.] Original Article: http://biz.yahoo.com/bw/991018/ca_compute_1.html (Company Press Release) Computer Crime-Abetting Sites Will Dramatically Increase Costs for Businesses and Consumers Business Wire — Oct. 18, 1999 When it Rains it Pours It was only weeks ago that I wrote an article on inflated damage figures. After reading several pieces…

  • In Response To: Bring in the Cyberpolice

    [This was originally published on Aviary Magazine and mirrored on attrition.org.] Original Article: Bring in the Cyberpolice by Christopher Watts Forbes, November 1, 1999 page 112 Warning and Disclaimer Every once in a while a new article comes across my desk that I just have to respond to. In most cases I try to present…

  • In Response To: Unplugged! The biggest hack in history

    [This was originally published in Aviary Magazine and mirrored on attrition.org.] Original Articlehttp://www.zdnet.com/filters/printerfriendly/0,6061,2345639-2,00.htmlBy John Simons, WSJ Interactive EditionOctober 1, 1999 8:54 AM PT The Phonemasters and I In 1994, I was learning as much about computers and telephony as I could possibly take in. Had an extra 500 page manual? I’d digest it in days.…