Entries:
Comments:
Discussions:

Loading user information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading user information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Discussions

cheong cheong Recent Achievement unlocked: Code Avenger Tier 4/6: You see dead program. A lot!
  • When will be the last ​vulnerabili​ties in XP be patched?

    wastingtimewithforums said:
    fknight said:
    *snip*
    "Apparently not if they can't keep track of when vulnerabilities are fixed."

    -----------------------------------------------------------------

    You may not like it, but Secunia IS the authority on security stuff on the web.

    Even Microsoft acknowledges it.

    Look how many pages on microsoft.com mention Secunia and their statistics:

    Google search

    http://search.microsoft.com/results.aspx?form=MSHOME&setlang=en-us&q=secunia&mkt=en-us



    Look at this:

    http://www.microsoft.com/windowsserver/compare/reportsdetails.mspx?recid=23

    "
    Secunia Vulnerability Study
    Published: 12/1/2006
    In a comparison of relative security, this study of third-party vulnerability data found Windows Server 2003 to have fewer vulnerabilities than Red Hat ES 3 and ES 4.

    This paper compares the security of Red Hat Enterprise Linux ES 3, Red Hat Enterprise Linux ES 4, and Microsoft Windows Server 2003 Enterprise Edition. Different aspects of operating system security, such as the number of vulnerabilities and the time to resolve them, were analyzed as indicators of security for each operating system.
    Data collection and analysis for this study was performed in December 2006. Data was collected from Secunia (http://secunia.com), a leading independent source of vulnerability intelligence. For each vulnerability, data on start and patch dates was collected from all security bulletins and announcements under all CVE references associated by Secunia with that vulnerability.
    The study found that Windows Server 2003 is consistently lower risk than Red Hat ES 3 or Red Hat ES 4. Windows Server 2003 has fewer total vulnerabilities, which means users have fewer patching events to respond to, the first high-criticality vulnerability was not identified until over two years after release, and on average Windows Server 2003 has fewer unpatched vulnerabilities per day.

    "

    Another MS page:


    http://www.microsoft.com/hun/getthefacts/secuina.mspx

    :

    "

    Secunia Vulnerability Study Summary and Analysis

    I. Core Analysis

    Overview and Methodology

    This paper compares the security of Red Hat Enterprise Linux ES 3, Red Hat Enterprise Linux ES 4, and Microsoft Windows Server 2003 Enterprise Edition. Different aspects of operating system security, such as number of vulnerabilities and the time to resolve them, were analyzed as indicators of security for each operating system. Data collection and analysis for this study was performed in December 2006.

    Data was collected from Secunia (http://secunia.com/" target="_blank">http://secunia.com/), a leading independent source of vulnerability intelligence. Secunia was used because they do not rely on a single source for vulnerability information, and their source data is highly transparent. Secunia not only performs their own security research but also collects and verifies security bulletins and announcements from a large base of external sources: vendors, internet forums, newsletters, security analyst bug reports, CERT, and web sites maintained by unaffiliated individuals who are tracking security issues for each platform.1 For each operating system, Secunia tracks all vulnerabilities that affect a full installation of all components and packages included in the current release."


    Another MS page:


    http://www.microsoft.com/presspass/features/2007/jun07/06-04IIS7.mspx

    ".[...]Press Pass: From a security perspective, how is IIS7 different from what else is out there?
    Laing:
    IIS6 was already rock-solid on security. You can look at the Secunia Web site where they list security bulletins and see that IIS6 hasn’t suffered a single critical security vulnerability.  Even after that great success, we are still looking for ways to raise the Web server security bar.[...]"



    ---------


    So, Secunia and their statistics are mentioned all over Microsoft's own sites.

    Again, you may not like it, but being the authority on security stuffs is one thing, being accurate enough to track whether the reported vulunerabilities has fixed is quite another.

    This might be intentional, I think. As if they keep the list up-to-date, their website will be used as a convenient source of information of exploitable vulunerabilities, which is not a good thing.

    Therefore, comparing the numbers of unpatched vulunerabilities shown on their website does make little sense.

  • Identificat​ion

    In Hong Kong, we're given juvenile ID card at age of 11, to be replaced for an adult one at age of 18.

    It pretty much surprise me that people in UK don't, as I thought most of the government policies before 1997 are copied from UK.

  • When will be the last ​vulnerabili​ties in XP be patched?

    wastingtimewithforums said:
    W3bbo said:
    *snip*
    "For instance, take a look at the one about MITM attacks on mstsc. That was fixed in Version 6 of the client and server yet it's still shown there"

    ------------

    If that's the case, MS should contact them and ask them to fix the entries on the site.

    Secunia is _the_ authority on the web on software vulnerabilities, much like netcraft is the authority on web server statistics.

    Those statistics are more important for image and marketing than many seem to think.
    Indeed... Take SA10968 (a.k.a.: Microsoft Windows Enhanced/Windows Metafile Handling Vulnerability) for example.

    It's related to size information of header. I thought they had fixed (or at least partially fixed) it 2 or 3 years ago...

  • Securing Developer Workstations

    jjesse said:
    ScottWelker said:
    *snip*
    Follow the corportate standard the infratstructure team has created or if possible work on creating a developer standard.  As to the "free" adobe program are you sure its licenseable for business work?  Remember the "Free" version of Adobe is for personal use and not corporate use.

    Licensing is a huge pain in the a$$ however it sis something that needs to be dealt with and worked with. 

    Infrastructure team is trying to manage the devices in an easy to do automated way and needs to be kept as standard as possible.

    Actually, he did mention that it is "Adobe SVG viewer" which is free even for corporate use (Just like the Adobe Reader.)

    Note that lots of the "read only" softwares (like Microsoft's Word/Excel/Powerpoint viewers, RARLAB's UnRAR DLL, just to name a few) are free and you might use them freely.

    If it's in-house development, the choice of free software/libraries would have been even wider (GPL does allow free usage as long as you're not going to sell the software that includes it).

    Although I'd agree that's the way to go to ask the infrasturcture team to install it, dealing with unresponse infrastructure team can be a pain. It's always a good idea to keep a handfull of "replacement toolset" that offers less functionality, but neither need administrative right to run nor need to be installed (mostly command-line tools however... who knows why it's so rare to find capable GUI variants).

  • Brilliant Code! Got Some?

    I've seen someone asking others to post code for some "hello world" level assignment on a C++ community in C, so someone took time to write a main.c that consist of all kinds of "ooOOo", "oOoo" and "#define" directive that replacing them with meaningful keywords like "void", "main"...

    That's what we called remarkable "OO programming in C"... Tongue Out

  • Never thought I'd thank typhoon so much

    Today, my family went back to normal daily schedule... My brother and I go working, my aunt had to went back to Taiwan....... That means only my mother is left in my home. She looks far better than she had been before, so we thought it's okay for us to resume normal schedule...

    So as you may have guessed, we just almost lost another family member. Fortunately because of typhoon, my aunt's flight is canceled, and she went home soon enough to stop her. Thanks god.

    At this point we decided to send my mom with my aunt to go to my grandmother's home and live there for a while... If this situation continues, I'm afraid that our nerve won't stand the stress any longer...

  • Help of DOS command/s

    Raghavendra_Mudugal said:
    littleguru said:
    *snip*
    thank you... littleguru

    i am already done with this...

    cd c:\windows\temp
    del /S /Q *.*

    cd C:\Documents and Settings\RMudugal\Local Settings\Temp
    del /S /Q *.*


    actually... i was trying to automate the key stroke "y" rather than using a flag. Smiley using a flag is like common approach... but key stroking... and automating the input of "y" from the script ... will be cool, I have never tried it before. Big Smile
    Whenever you need to input something in script but using pipe redirection is not good enough / not applicable, Expect < http://expect.nist.gov/ > comes to my mind.

    P.S.: Link creation not work again.

  • So is anyone else having fun with Pandemic II?

    AndyC said:
    cheong said:
    *snip*
    Madagascar beats me every time. Even when I made an entirely non-lethal disease with absolutely no symptoms they still shut their ports before I had  a chance to infect them. The cheeky scamps.
    It seems that each time if any of the region got half of their population infected, Madagascar will close its port.

    If your disease doesn't get in before that, you won't have a chance... :O

    Seems making it spread too fast isn't a good thing...

  • So is anyone else having fun with Pandemic II?

    Funny game... just tried a once and didn't made good progress...

    It barely takes me a few minutes to kill everyone in cuba, but the disease doesn't seems to spread elsewhere... :O

    Maybe try again when go home... Tongue Out

  • Windows 7 name snd slogan spoofs

    Itslloydhere said:

    Windows Banana and Windows 7/10 made me laugh Big Smile

    Glad to be back Smiley

    Same here.

    These names are really amusing. Smiley