48514007
submission
benjymouse writes:
Following a blog post by security company Secunia, VideoLAN (vendor of popular VLC media player) president Jean-Baptiste Kempf accuses Secunia of lying in a blob post titled More lies from Secunia. It seems that Secunia and Jean-Baptiste Kempf have different views on whether a serious vulnerability has been patched. At one point VLC threatened legal action unless Secunia updated their SA51464 security advisory to show the issue as patched. While Secunia changed the status pending their own investigation, they later reverted to "unpatched". Secunia claimed that they had PoC illustrating that the root issue still existed and 3rd party confirmation (an independent security researcher found the same issue and reported it to Secunia).
698167
submission
benjymouse writes:
The Register has picked up on a recent Microsoft security bulletin which urges Windows users to "restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple". This controversy comes after Apple has officially refused to promise to do anything about the carpet bombing vulnerability in the Safari browser. Basically, Apple does not see unsolicited downloads of hundreds or even thousands of executable files to users' desktops as being a security problem.
The MS bulletin speaks of a possible "blended" attack. This is obviously recognizing that having the desktop carpet bombed with executable files does not imply that they can be executed. However, once the files are on the desktop all an attacker needs to do is to find some social engineering attack vector or a way to launch one or more of the files through some other vulnerability. At the very least it does not take much imagination to come up with scenarios where this vulnerability can be used by spammers or skiddies out to annoy users.
It is unprecendented for Microsoft to recommend Windows users to abstain from using a mainstream software product, especially a competing product. Could it be that Microsofts security response team have grown sensitive over Apple TV ads ridiculing Windows users over security while at the same time Apple software products, especially Quicktime, and now Safari threatening the security of those very same users? Surely the "Apple software updater" push of Safari haven't exactly earned them points in Redmond. Surely MSRT realizes that this may be controversial. Is this a "stab" back at Apple and/or a way to shine light on Apples own security problems?
244855
submission
benjymouse writes:
From the latest Netcraft web server survey:
In the August 2007 survey we received responses from 127,961,479 sites, an increase of 2.3 million sites from last month. Microsoft continues to increase its web server market share, adding 2.6 million sites this month as Apache loses 991K hostnames. As a result, Windows improves its market share by 1.4% to 34.2%, while Apache slips by 1.7% to 48.4%. Microsoft's recent gains raise the prospect that Windows may soon challenge Apache's leadership position.
