Bonum Certa Men Certa

Eye on Security: Red Hat Explains Why Windows is Less Secure, New Windows 0-Day Attack

Knobsets



Summary: Comparative security news from this week

Open Source is Inherently More Secure, Says Red Hat (Microsoft admits silent patching it never discloses)

But in the closed source world, you have to trust your vendor completely. All you get to see are binaries, so you have no way of knowing how they were built. President Reagan was fond of saying to Soviet leader Mikhail Gorbachev, "Trust, but verify." With proprietary software, you simply have to trust.

Microsoft, for example, pushes out security updates on the second Tuesday of every month. Bressers said they can't do that. Microsoft has the advantage of hiding security flaws and working on them at their leisure, but with open source software, that's not possible because everyone can see that there's a problem and they expect it to be fixed right away.

And if a security hole isn't plugged quickly enough, you can fix it yourself, Bressers explained.

An example of the power of open source is the ping of death bug. Back in the late 1990s someone figured out that if you send a giant ICMP packet to a computer, just about any computer, it will crash. The bug affected every operating system, routers, printers, etc. When the problem was discovered, the open source Linux operating system had the bug squashed in about 2 hours, Bressers recalled. The closed source operating system vendors, however, took days, weeks and even months to make and distribute a patch for the ping of death.


Microsoft: 10,000 PCs hit with new Windows XP zero-day attack

Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.

Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting.


New Windows Live Messenger has same old privacy problems

Why do I get the impression that some folks at Microsoft just don’t get it?


Privacy problems persist in latest Windows Messenger 2011 beta [via]

Earlier versions of Messenger played fast and loose with your privacy. The new Live Messenger 2011, currently in beta, suffers from some of the same defects


Comments

Recent Techrights' Posts

Ongoing Media Campaign, Sponsored by Bill Gates, to Portray Critics of Gates Crimes as "Conspiracy" Cranks
In prior years we wrote about this PR tactic of Gates
[Meme] Follow the Law, Not Corrupt Bosses
pressuring staff to break the rules to make more money
The EPO Uses Appraisals to Force Staff to Illegally Grant European Patents or Lose the Job. The Matter is Being Escalated en Masse to ILO-AT, Requesting a Review of Appraisal Reports.
it is only getting worse over time
Debian History Harassment & Abuse culture evolution
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, February 25, 2024
IRC logs for Sunday, February 25, 2024IRC logs for Sunday, February 25, 2024
Gemini Links 25/02/2024: Chronic Pain and a Hall of the Broken Things
Links for the day
Links 25/02/2024: New Rants About 'Hey Hi' Hype and JavaScript Bloat
Links for the day
Going Static Helped the Planet, Too
As we've been saying since last year
Chris Rutter, Winchester College, Clare College choir, Arm Ltd, underage workers & Debian accidental deaths
Reprinted with permission from Daniel Pocock
Gemini Links 25/02/2024: Blocking Crawlers and Moving to gemserv
Links for the day
IRC Proceedings: Saturday, February 24, 2024
IRC logs for Saturday, February 24, 2024
Over at Tux Machines...
GNU/Linux news for the past day
[Meme] Objective Objection at the EPO
No more quality control
EPO Staff Explains Why It Cannot Issue EPC-Compliant European Patents (in Other Words, Why Many Fake Patents Get Issued)
chaos inside
Links 24/02/2024: More Sanctions Against BRICS, Software Patents Squashed
Links for the day
Microsoft's Demise on the Server Side Continues Unabated This Month
Netcraft says so
Bonnie B. Dalzell Explains Her Experience With Richard Stallman
new essay
Gemini Links 24/02/2024: OpenBSD Advocacy and Nonfree Firmware Debated
Links for the day
Mark Shuttleworth & Debian Day Volunteer Suicide cover-up
Reprinted with permission from Daniel Pocock
IRC Proceedings: Friday, February 23, 2024
IRC logs for Friday, February 23, 2024
Over at Tux Machines...
GNU/Linux news for the past day
Links 24/02/2024: EA Planning Layoffs and 'Liquor Regulators Are Seeking Revenge on Bars That Broke Pandemic Rules'
Links for the day
Gemini Links 24/02/2024: In Defense of Boilerplate and TinyWM Broke
Links for the day