Forgot your password?
typodupeerror

Comment: Vulnerabilities did not increase (Score 3, Interesting) 137

by WD (#47521903) Attached to: Internet Explorer Vulnerabilities Increase 100%

Just because you don't know about vulnerabilities, that doesn't mean that they're not there. The vulnerabilities are present in the code before they are discovered.

Having said that, drawing conclusions from vulnerability counts is usually an exercise in futility. There are many factors that affect how many vulnerabilities are discovered and disclosed. Including availability of vulnerability-finding tools, discovery of novel attack techniques, or simply critical mass of interest in the security field.

Comment: Re:WTF? (Score 1) 188

by WD (#46786939) Attached to: Heartbleed Sparks 'Responsible' Disclosure Debate
"High risk of leaking?" And what would the consequences of such a leak be? The affected vendors are only slightly better off than they were with how it actually turned out with Heartbleed?

When Heartbleed was disclosed, virtually no affected vendor (e.g., Ubuntu, Cisco, Juniper, etc.) had an update available. So there was a window where the vulnerability was public, but nobody had official updates from their vendor that would protect them. You are claiming that this is better than a coordinated release, where there would have been actual updates available to install?

It's not "buddies" that is being discussed here. It's the people producing the software that is affected!

Comment: This is absolute nonsense (Score 0) 373

by WD (#44641863) Attached to: German Government Warns Windows 8 Is an Unacceptable Security Risk
Has there been the same sort of outcry for iPhones being unacceptable security risks? I mean, Apple controls what software you can put on the device. And they can pretty much do anything to the device that they want without asking you. For any software that you use, you are trusting the vendor. You trust Microsoft to not push out a backdoor on patch Tuesday. You trust Google to not intercept your banking credentials with an automatic/silent Chrome update. etc. etc... There's no justification to say OMG Windows 8 now suddenly gives the ability for someone else to do something I might not want.

On a technical level (e.g. included exploit mitigations), Windows 8 is safer than any other Windows operating system. Even if Windows does go down the iOS route of only running approved software, does that really make it less safe? Maybe vendors are starting to realize that it's OK if Joe Home User can't run CuteKittens.exe that was just emailed to him.

Don't trust software vendors or other people? Good. Write your own OS and don't plug it into the internet. If you get that far.

You can't have everything... where would you put it? -- Steven Wright

Working...