I must admit I am fed up of the hysteria that accompanies news of a vulnerability in a Microsoft product. In the last (admittedly serious) one in IE swarms of people were reporting they would never use IE again. So what are they going to switch to? FireFox, Opera – are these browsers invincible? Of course not! You only need to look at http://secunia.com/ to see that all software is vulnerable. This week they reported that “23 vulnerabilities have been reported in various Oracle products” (http://secunia.com/SA13862) and the following were the top read advisories:
1. [SA12889] Microsoft Internet Explorer Multiple Vulnerabilities
2. [SA13599] Mozilla / Mozilla Firefox Download Dialog Source Spoofing
3. [SA13482] Internet Explorer DHTML Edit ActiveX Control Cross-Site
Scripting
4. [SA13804] Apple iTunes Playlist Handling Buffer Overflow
Vulnerability
5. [SA13786] Mozilla / Mozilla Firefox Dialog Overlapping Weakness
6. [SA13129] Mozilla / Mozilla Firefox Window Injection Vulnerability
7. [SA13792] Check Point Firewall-1 NG SmartDefense RFC2397 Bypass
Weakness
8. [SA12041] Microsoft Outlook / Word Object Tag Vulnerability
9. [SA13818] Opera "data:" URI Handler Spoofing Vulnerability
10. [SA13704] Internet Explorer FTP Download Directory Traversal
We need a more balanced approach to the reporting of these issues, and less MS scaremongering.