* Posts by Wladimir Palant

2 publicly visible posts • joined 6 Mar 2009

Cybercrime server exposed through Google cache

Wladimir Palant

It is gone now

Only two hours ago I searched Google and found the site immediately - with lots of data, some of it still in Google's cache. But now everything is gone, Google only left the unsuspicious pages from that server in its index.

Firefox went ton up in bugs in 2008

Wladimir Palant
Thumb Down

Misrepresentation

I don't know what I have to think about this piece of bad reporting - usually the security stories published here are pretty accurate. Issues with this article:

1) Not a single word mentioning that the number of security issues fixed are absolutely meaningless, esp. the headline is misleading. See Nicholas Ettel's comment for an explanation. Note that Mozilla has a strict policy of publishing all security issues fixed (and even issues that *might* be security-relevant). In particular, many of these issues have been discovered internally - Microsoft typically silently patches internally discovered issues.

2) "It reports that Mozilla took an average of 43 days to deal with three such incidents last year, not all of which covered critical flaws" - why use "not all" instead of "none"? Fact is, none of the zero-day vulnerabilities discovered in Firefox were critical. Even quoting the average is misleading because it is being dragged down by issues rated as "not critical". The only "less critical" issue was fixed in merely 15 days.

3) "Microsoft took an average of 100 days to deal with three zero-day flaws" - this gives the impression that the number of zero-days in IE is the same as for Firefox. That's what you get from the article if you don't read it too carefully. Also, the figures are certainly not 43 days vs. 100 days since three IE issues remain unpatched (and they have the same criticality as the issues that went into Firefox numbers).

There aren't that many good sources of security news, please don't let this one become another "we just print press releases without asking questions" publication.