close

Privacy guaranteed - Your email is not shared with anyone.

Mozilla security flaw

Discussion in 'Tech Talk' started by Jack T., Jul 9, 2004.

  1. Jack T.

    Jack T.

    Messages:
    109
    Likes Received:
    0
    Joined:
    Jan 23, 2002
    Location:
    Great State Of Oklahoma
  2. David_G17

    David_G17 /\/\/\/\/\/\/\/

    Messages:
    2,046
    Likes Received:
    0
    Joined:
    Oct 7, 2002
    step one.
     

  3. HerrGlock

    HerrGlock Scouts Out CLM

    Messages:
    23,801
    Likes Received:
    254
    Joined:
    Dec 28, 2000
    ~1 ~2 ^b

    DanH
     
  4. hapuna

    hapuna Trusted Member

    Messages:
    734
    Likes Received:
    0
    Joined:
    Apr 22, 2002
    Location:
    Washington
    It is a dirt simple fix!!!:cool:
     
  5. Harlequin

    Harlequin I need a weapon

    Messages:
    455
    Likes Received:
    0
    Joined:
    Sep 19, 2003
    Location:
    East Central Indiana
    It was bound to happen eventually. At least it's only happened to them once and not once a week like with IE. You can bet they will be more careful now.
     
  6. HerrGlock

    HerrGlock Scouts Out CLM

    Messages:
    23,801
    Likes Received:
    254
    Joined:
    Dec 28, 2000
    No, it happens with all software, more often than anyone would like. Two things tend to lessen the number or severity of vulnerabilities:

    1) If the software is made by hackers it tends to be more secure. These people are paranoid about their own stuff and make sure anything they write has gone through every check they know about. Sometimes the vulnerability only manifests if it is running in conjuction with other software that the writers do not have on their systems. When you find a vulnerability that is only for one OS, it's usually not the program that is actually vulnerable, it's the combination of programs or a vulnerability in the OS proper that is only there with the calls the software makes. Sometimes the home brewed and community written software takes longer to get out but when it does come out, it tends to be more stable than stuff that had to meet some arbitrary deadline.

    2) Look at the time from finding the vulnerability Vs the patch or fix. There are some software writers that take their time getting something out to patch it. The claims "It needs testing" is not an excuse for waiting six months to get a root/admin level vulnerability fixed. Get people to work 24/7 and make sure it's tested NOW and get the patch out NOW. Also, threatning to sue anyone who publishes a vulnerability for your software before you have a fix out is not right!

    All software will have vulnerabilities. OpenBSD has had exactly one root level exploit in its default install in 10 years. They don't give you the latest and greatest, it's usually a generation behind what's out on the streets now, but it's secure.

    Okay, more coffee needed so I can actually make sense today.

    DanH