Interesting

[FreewheelinFrank]

To add onto FreewheelinFrank's reply,

As Firefox and Chrome are open-sourced, it is only natural that more bugs are to be found; but because it is open-sourced, they will be fixed by the community. Internet Explorer, on the other hand, isn't open sourced. So naturally, less bugs will be announced to the public domain. The bad guys would want to keep the vulnerability from going public for as long as possible, no?

~!Donovan

It has nothing to do with what was announced by the browser providers but rather with flaws that were discovered by anyone, in house or not. Independent analysts all the way.

If in-house flaws are not disclosed, then they cannot be part of the analysis.

Microsoft doesn't report all security vulnerabilities that it fixes in its software. Bug comparisons between vendors therefore paint an incorrect picture.

"We don't document every issue found," Mike Reavey, director of the Microsoft Security Response Center (MSRC), said at a meeting with reporters at the company's corporate headquarters in Redmond, Washington.

http://www.pcworld.com/article/197410/Microsoft_patch.html

They most certainly can when discovered by independent analysts. If they don't get discovered that way, then they're not important.

Vulnerabilities that Microsoft fixes can't be part of the analysis if Microsoft doesn't disclose them, and Microsoft doesn't always disclose them; Mozilla has a different, open policy on vulnerabilities, which mean the two can't be compared.

Microsoft's "silent fixes" most certainly have been important.

Gotta love the way you blithely assume reality is going to comply with your prejudices, but how about looking at the evidence?

http://www.zdnet.com/blog/hardware/microsoft-silently-patches-vulnerabilities-leaves-admins-in-the-dark/8239

http://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&ved=0CFQQFjAE&url=http%3A%2F%2Fwww.blackhat.com%2Fpresentations%2Fbh-europe-06%2Fbh-eu-06-Manzuik.pdf&ei=dIcvUc7CF6ev0QXFkYCwDQ&usg=AFQjCNFpGNBrY_wAh64zTpWbuGCQQrjLhg&sig2=Bs5MQEEMB_Dvvie2YL5k1A&bvm=bv.43148975,d.d2k&cad=rja

[Dch48]

Don't see any "evidence" that changes the findings of the article that was posted.

[FreewheelinFrank]

Don't see any "evidence" that changes the findings of the article that was posted.

http://mason.gmu.edu/~cmcgloth/portfolio/fallacies/red.html

[polonus]

Hi FwF,

Some of the vulnerabilities have been longer with us, so MS was sitting on them for quite some time: http://www.coresecurity.com/content/CORE-2010-0424-windows-smtp-dns-query-id-bugs (2008/2009 flaw code recycled)
What has not been discussed here, and this is also seen to play a lot in theopen source bug discussion, is the impact when we combine two or more bugs/vulnerabilies and then sometimes we can arrive at a very workable dangerous new 0-exploit. Understanable because MS never started with a clean slate, but has been building code layer on code layer in their eternal patching and securing their multitude of lines with maybe as many bugs and holes like the proverbial Swiss cheese product 

In defense of our good friend, Dch48, however, we have to admit that exploits that are used in malware are almost 99% borrowed from known failsafe exploit code that malcreants get from hackers and/or security researchers/testers. Exploit kit code launchers do not add new exploit code, they use those of others. That is why I always been doing third party reconnaissance mainly...

pol

[FreewheelinFrank]

Hi FwF,

In defense of our good friend, Dch48, however, we have to admit that exploits that are used in malware are almost 99% borrowed from known failsafe exploit code that malcreants get from hackers and/or security researchers/testers. Exploit kit code launchers do not add new exploit code, they use those of others. That is why I always been doing third party reconnaissance mainly...

pol

New zero-day exploits seem to be used in targeted attacks and "watering hole" attacks before ending up in exploit kits (sometimes while still zero-day), the order of course being the order of payment size in time available- targeted and watering hole attacks paying more but only in the short period the exploit is zero-day.

http://krebsonsecurity.com/2012/12/attackers-target-internet-explorer-zero-day-flaw/

http://krebsonsecurity.com/2012/09/microsoft-issues-stopgap-fix-for-ie-0-day-flaw/

Edit: added some more links..

Here's an example of a zero-day sold for targeted attacks:

http://krebsonsecurity.com/2013/01/new-java-exploit-fetches-5000-per-buyer/

And here's an example of a zero-day added to an exploit pack:

http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/

[bob3160]

I received this today from Roku - There must be a lot of stupid people in this world if Roku
found it necessary to make up these instructions.
(Trying to install the batteries any other way is virtually impossible unless you want to  mash
the spring that sits at the negative side of the connection.)

[Dch48]

I received this today from Roku - There must be a lot of stupid people in this world if Roku
found it necessary to make up these instructions.
(Trying to install the batteries any other way is virtually impossible unless you want to  mash
the spring that sits at the negative side of the connection.)

Believe it or not, I had something once where the spring was actually located on the positive side.

The funniest one I have seen was in the manual for my old Emerson VCR where something obviously got lost in translation. It showed a picture of the remote control and in big red capital letters at the side it said "DO IMMERSE IN WATER". I always wondered how many people followed the instructions. 

[bob3160]

FancyCache

FancyCache is a supplementary software caching scheme that cooperates with system memory to provide data caching for volumes/disks.




any thoughts

[bob3160]

http://youtu.be/Dyy5mmiVxXY

[bob3160]

Google Glass
A computer you wear but it's expected to be quite pricy.
It also has the potential to be a great aid for those with disabilities.

[bob3160]

VideoGhost allows you to watch online videos in the background

[!Donovan]

Google Glass
A computer you wear but it's expected to be quite pricy.
It also has the potential to be a great aid for those with disabilities.

It is expected that by 2046 we will wear virtual computer software attached to our necks, accompanied by a chip implemented into the brain. They are suppose to improve both vision and act as a portable touchscreen anywhere you go. You would be able to send emails, phone others, play games, use wi-fi, everything you could imagine from this one touchscreen device. Privacy is a huge improvement. You'll only see the touchscreens of those you befriend. Any of those who are not on your friend list will not be able to see what you're doing on your virtual computer.

Source: AW Project, Japan.

[bob3160]

      5 PC-Cleaning Utilities - Do They Really Work

[bob3160]

           
               HOW SEARCH WORKS

[!Donovan]

KrebsonSecurity Attacked by DDoS + An unexpected SWAT attack + Determining the suspect.

http://krebsonsecurity.com/2013/03/the-world-has-no-room-for-cowards/
http://www.reversecurity.com/2013/03/analysis-of-bootertw.html