Digital Home Advisor

Apple gets bruised in vulnerability report
IE more secure than Firefox: X-Force report
Darren Pauli (Computerworld) 05/08/2008 18:42:56

iPhone Centre
iPhone CentreFind out all about the iPhone at our iPhone Centre. News, reviews, how-tos and video - all in one location.
  • +

    Locked iPhones can be unlocked without a password 28/08/2008 10:13:00

    Private information stored in Apple's iPhone and protected by a lock code can be accessed by anyone with just a few button presses.
    Private information stored in Apple's iPhone and protected by a lock code can be accessed by anyone with just a few button presses.
  • +

    Twenty08 MobileChat 3 27/08/2008 14:15:00

    Until now, Palringo has been the only legitimate cross-service instant messaging program for the iPhone. We didn’t dislike the app, but in a lucrative market like mobile instant messaging it was unlikely to go unchallenged. Twenty08’s MobileChat 3 allows users to connect to up to six different IM protocols and chat using a telco's 3G network or a local Wi-Fi network. The program provides some useful features, but poor implementation and numerous bugs make it a poor competitor to the free alternative offered by Palringo.
  • +

    iPhone 3G reception 'normal,' say Swedish engineers 26/08/2008 10:39:00

    Apple's iPhone 3G offers "normal" reception, Swedish engineers who tested the smart phone said today, adding to the controversy over recent user reports of dropped calls and slow surfing speeds.
Additional Resources

Newsletter Subscription

Sign up for our Good Gear Guide newsletters!
Each day the GearDaily Newsletter covers the latest from the last week in a specific category. Monday is "Computing, Small Office and Home Office", Tuesday is "On the Move", Wednesday is "Digital Cameras, Video and Imaging", Thursday is "Mobile Phones and Communications" and Friday is "Home Entertainment".
See the latest products and comparison prices added to GearShop each week.
The GoodGearGuide portfolio of services is rapidly expanding. By joining this list you will be pre-registered for any new email services we launch so you won't miss out on any of our independent product guidance and purchasing information. You will be automatically subscribed and receive the new service(s) but dont worry, should you wish to unsubscribe you can do so with only one click.

Apple has taken the place of Microsoft for disclosing more vulnerabilities than any other vendor, according to an IBM security report.

The company rose from second place in 2007 to take the top spot away from Microsoft, which had fallen into third place behind open source content management system Joomla.

Final results were close, according to the IBM X-Force 2008 mid-year report, with Apple achieving vulnerability disclosure score of 3.2 percent, followed by Joomla with 2.7 percent and Microsoft at 2.5 percent.

IBM remained in fourth spot, followed by Sun, a newcomer to the top five, while Oracle and Cisco fell from their former positions to sixth and seventh respectively.

The introduction of a new Common Platform Enumeration (CPE) into the X-Force database introduced PHP-based Joomla, WordPress and Drupal into the top ten disclosure list.

X-Force attributes their appearance to a rise in Web application flaws, predominantly cross-site scripting (XSS) and SQL injection attacks, that account for 51 percent of all vulnerabilities.

The report claimed PHP would have taken forth spot in the 2007 disclosure list if the CPE rules were applied.

"From 2007 to the first half of 2008, vulnerabilities affecting Web server applications accounted for 51 percent of all vulnerability disclosures.

Microsoft held on to the top spot for the number of public exploits, followed by Hewlett Packard and Apple. The three vendors accounted for about half of all exploits found in the top ten list.

Internet Explorer and Mozilla Firefox browsers had a marked drop in critical vulnerabilities from 2007. Both browsers had six memory corruption vulnerabilities, down from 20 and eight respectively in 2007, however Firefox fell short of it's rival with one security zone bypass, and a single miscellaneous vulnerability. Firefox had 11 security zone bypass and four buffer overflow flaws in 2007.

X-Force claims 94 percent of all browser exploits occur within 24 hours of vulnerability disclosure.

X-Force operations manager Kris Lamb said the attacks will be reduced if independent researchers stop publishing exploit code with vulnerability disclosures.

"Without a unified process for disclosing vulnerabilities, the research industry runs the risk of actually fueling online criminal activity," Lamb said.

"There is a reason why X-Force does not publish exploit code for the vulnerabilities we have found, and perhaps it is time for others in our field to reconsider this practice."

Holes in third party virtualisation (VM) software has fallen, according to the study, while unexpected vulnerabilities have risen over the last three years as they are discovered in increasingly complex VM services. Vulnerability research is now focused on complex areas including I/O fuzzing, random opcode generators and static analysis.

Market Place
Get up to $200 cashback on selected Brother MFCs and printers
Get wireless coverage in every corner of your home – the D-Link Wireless N Range.
$50 Cashback and Latest Map Guarantee on selected models until October 7.
Linksys Introduces the Fusion of Speed, Style and Power…in a Router.Speed, Style and Power…in a Router.

Good Gear Guide Member Login

 
close
Hot Deals
4 Stars Plus Video Reviews
AV Enthusiast Centre
iPhone Centre
HD Advisor
The Business Centre
Digital Home Advisor
GPS Advisor
Broadband Advisor
CareerOne
Get a job Careerone
Sponsored Links