The Business Centre

Apple gets bruised in vulnerability report
IE more secure than Firefox: X-Force report
Darren Pauli (Computerworld) 05/08/2008 18:42:56

iPhone Centre
iPhone CentreFind out all about the iPhone at our iPhone Centre. News, reviews, how-tos and video - all in one location.
  • +

    Google touts iPhone, Chrome browser 05/09/2008 08:50:00

    Google heaps praise on the iPhone, Chrome and their cloud potential at the Office 2.0 Conference.
    A Google executive Thursday heaped praise on Apple's iPhone, even with his company set to challenge Apple in this same space with its Android mobile computing platform.
  • +

    Disgruntled customer files second iPhone 3G class-action lawsuit 04/09/2008 10:29:00

    An iPhone 3G customer has filed the second lawsuit against Apple and US telecommunications provider AT&T over the popular phone. This one, by William J. Gillis Jr., was filed in San Diego, California and charges that the two companies deliberately misrepresented what users could expect in terms of 3G connectivity and performance, according to blogger Justin McLachlan who first broke the news on Tuesday.
  • +

    iPhone imitators prepping for their close-ups 01/09/2008 08:22:00

    It may be too early, or too presumptuous, to call Apple's iPhone a technology icon, but all the other major equipment makers in the emerging smart phone realm are looking to create their own "iconic" device.
Additional Resources

Newsletter Subscription

Sign up for our Good Gear Guide newsletters!
Each day the GearDaily Newsletter covers the latest from the last week in a specific category. Monday is "Computing, Small Office and Home Office", Tuesday is "On the Move", Wednesday is "Digital Cameras, Video and Imaging", Thursday is "Mobile Phones and Communications" and Friday is "Home Entertainment".
See the latest products and comparison prices added to GearShop each week.
The GoodGearGuide portfolio of services is rapidly expanding. By joining this list you will be pre-registered for any new email services we launch so you won't miss out on any of our independent product guidance and purchasing information. You will be automatically subscribed and receive the new service(s) but dont worry, should you wish to unsubscribe you can do so with only one click.

Apple has taken the place of Microsoft for disclosing more vulnerabilities than any other vendor, according to an IBM security report.

The company rose from second place in 2007 to take the top spot away from Microsoft, which had fallen into third place behind open source content management system Joomla.

Final results were close, according to the IBM X-Force 2008 mid-year report, with Apple achieving vulnerability disclosure score of 3.2 percent, followed by Joomla with 2.7 percent and Microsoft at 2.5 percent.

IBM remained in fourth spot, followed by Sun, a newcomer to the top five, while Oracle and Cisco fell from their former positions to sixth and seventh respectively.

The introduction of a new Common Platform Enumeration (CPE) into the X-Force database introduced PHP-based Joomla, WordPress and Drupal into the top ten disclosure list.

X-Force attributes their appearance to a rise in Web application flaws, predominantly cross-site scripting (XSS) and SQL injection attacks, that account for 51 percent of all vulnerabilities.

The report claimed PHP would have taken forth spot in the 2007 disclosure list if the CPE rules were applied.

"From 2007 to the first half of 2008, vulnerabilities affecting Web server applications accounted for 51 percent of all vulnerability disclosures.

Microsoft held on to the top spot for the number of public exploits, followed by Hewlett Packard and Apple. The three vendors accounted for about half of all exploits found in the top ten list.

Internet Explorer and Mozilla Firefox browsers had a marked drop in critical vulnerabilities from 2007. Both browsers had six memory corruption vulnerabilities, down from 20 and eight respectively in 2007, however Firefox fell short of it's rival with one security zone bypass, and a single miscellaneous vulnerability. Firefox had 11 security zone bypass and four buffer overflow flaws in 2007.

X-Force claims 94 percent of all browser exploits occur within 24 hours of vulnerability disclosure.

X-Force operations manager Kris Lamb said the attacks will be reduced if independent researchers stop publishing exploit code with vulnerability disclosures.

"Without a unified process for disclosing vulnerabilities, the research industry runs the risk of actually fueling online criminal activity," Lamb said.

"There is a reason why X-Force does not publish exploit code for the vulnerabilities we have found, and perhaps it is time for others in our field to reconsider this practice."

Holes in third party virtualisation (VM) software has fallen, according to the study, while unexpected vulnerabilities have risen over the last three years as they are discovered in increasingly complex VM services. Vulnerability research is now focused on complex areas including I/O fuzzing, random opcode generators and static analysis.

Market Place
More features and more value. Get more with the Moov range from MIO, a world leader in GPS.
Get up to $200 cashback on selected Brother MFCs and printers
Get wireless coverage in every corner of your home – the D-Link Wireless N Range.
$50 Cashback and Latest Map Guarantee on selected models until October 7.

Good Gear Guide Member Login

 
close
Hot Deals
4 Stars Plus Video Reviews
AV Enthusiast Centre
iPhone Centre
HD Advisor
The Business Centre
Digital Home Advisor
GPS Advisor
Broadband Advisor
CareerOne
Get a job Careerone
Sponsored Links