Stories
Slash Boxes
Comments

SoylentNews is people

posted by azrael on Monday July 28 2014, @02:28PM   Printer-friendly
from the wide-open-spaces dept.

Roy Schestowitz asks:

Why is the press not covering Microsoft back doors, as confirmed last year?

The other day we found this report[1] (via) about "Internet Explorer vulnerabilities increas[ing] 100%" (year-to-year):

Bromium Labs analyzed public vulnerabilities and exploits from the first six months of 2014. The research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities.

Here is more on the subject:

The report summarises public vulnerabilities and exploit trends that the firm observed in the first six months of 2014 and found that Microsoft's web browser set a record high for reported vulnerabilities in the first half of 2014 while also "leading in publicly reported exploits".

Remember that Microsoft tells the NSA about these vulnerabilities before they are patched. Perhaps the media should stop focusing only on Apple's back doors.

[1] Gawd, what a horribly constructed HTML page; had to go to No Style in my browser.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by Nerdfest on Monday July 28 2014, @03:06PM

    by Nerdfest (80) on Monday July 28 2014, @03:06PM (#74629)

    I really wish they'd be accurate and say "Java Plug-in vulnerabilities".

    As for IE, and Windows as well, any non-US government using Microsoft (or really, any proprietary code from the US) should start realizing what it really means. It means the US government owns your computer. I'm hoping loss of business for some of these larger companies (Microsoft, Cisco, etc) will put some corporate weight on the US government to behave better, as complaints from citizens doesn't seem to be doing much good.

  • (Score: 3, Insightful) by wonkey_monkey on Monday July 28 2014, @03:10PM

    by wonkey_monkey (279) on Monday July 28 2014, @03:10PM (#74630) Homepage

    Frequency of discovery of back doors in IE is increasing.

    -

    PS Dear Soylent News, it's really annoying how, when posting a comment, the Post Comment page doesn't re-iterate even the title of the story to which you are replying. It's handy to have if only for copying and pasting!

    --
    systemd is Roko's Basilisk
    • (Score: 3, Funny) by VLM on Monday July 28 2014, @03:29PM

      by VLM (445) Subscriber Badge on Monday July 28 2014, @03:29PM (#74638)

      Even worse, technically its frequency of public reporting of back doors. I'm sure the NSA and .ru gangs and the like don't report everything they discover and/or intentionally insert into the code.

      I've always thought it would be hilarious for a "real hacker" to upload the MSIE source code somewhere for us to examine the comment upon. How do they document "NSA property do not fix" in source code sections and topics like that. Or does the NSA own the compilation step where they get the official MS source code, then insert extra secret sauce, compile, and finally the NSA provides the "enhanced" binary to MS to distribute. In that case a NSA free MSIE would be an interesting torrent download. I imagine it would be smaller and faster aside from obviously being more secure. An interesting question would be how is MSIE as bad as it is? It must take a lot of work to ship code that's that bad yet still compiles and sometimes runs.

      • (Score: 0) by Anonymous Coward on Monday July 28 2014, @05:17PM

        by Anonymous Coward on Monday July 28 2014, @05:17PM (#74673)

        Wasn't there a story some years back that revealed that even Microsoft employees working on the same project could not view each other's source code? Each project was sub-divided to assigned tasks etc?

        Which of course would mean that nothing ever really gets fixed. At best would be attempt to cover up with a patch. No clean coding and extreme bloat.

        • (Score: 2) by tibman on Monday July 28 2014, @07:23PM

          by tibman (134) Subscriber Badge on Monday July 28 2014, @07:23PM (#74737)

          Probably the result of primadonna's complaining about everyone else's terrible code. That and the lack of communication across task lines.

          --
          SN won't survive on lurkers alone. Write comments.
    • (Score: 0) by Anonymous Coward on Monday July 28 2014, @03:58PM

      by Anonymous Coward on Monday July 28 2014, @03:58PM (#74649)

      Your sig is spot on.

  • (Score: 3, Funny) by Anonymous Coward on Monday July 28 2014, @03:15PM

    by Anonymous Coward on Monday July 28 2014, @03:15PM (#74633)

    The reason why you see more back door action on the internet is very obvious: men have gotten used to regular pornography that features only vaginal sex. It's like eating ice-cream for the past 12 years: eventually, you want to see the ice-cream take it in the rear door, get spanked, or possibly use a toy on an orifice you own. It's all a matter of getting used to what you see. Before pornography was so easily accessible, you appreciated every Hustler and Playboy you saw. Now it takes two hours of scanning YouPorn videos before you even get an erection. Men have become spoiled and need more extreme things to get them aroused, hence the prevalence of back doors on the internet.

    By the way, I only read the headlines to articles now due to the abundance of information on the internet.

    • (Score: 1, Funny) by Anonymous Coward on Monday July 28 2014, @06:40PM

      by Anonymous Coward on Monday July 28 2014, @06:40PM (#74719)

      Ethanol-fueled? Is that you?

    • (Score: 0) by Anonymous Coward on Monday July 28 2014, @07:47PM

      by Anonymous Coward on Monday July 28 2014, @07:47PM (#74749)

      ...and I would like to subscribe to your newsletter.

      -- gewg_

  • (Score: 5, Informative) by VLM on Monday July 28 2014, @03:19PM

    by VLM (445) Subscriber Badge on Monday July 28 2014, @03:19PM (#74635)

    To save the community the time, when someone talks about percentages and refuses to discuss actual counts, you can usually safely assume they're lying about something.

    However, I clicked thru and read and on the 8th page of the actual report, last year there were 130 reported problems and in the first half of this year there have been 133 reported problems so thats almost precisely twice as many per unit time.

    Maybe a more accurate summary is the rate of vulnerability discovery has increased for MSIE from twice a week to more or less every other day. Whats really useful is comparing the other browsers. Chrome and FF both went from four a week last year to twice a week this year. It appears that for about the 20th year running, you're always safer installing and using anything other than MSIE, it doesn't really matter what as long as its not MSIE.

    And comparing to other software. Adobe reader (does anyone still use that bloated rotting POS?) went from a little more than one per week last year to about two per month this year. Adobe flash has maintained a very consistent one security hole per week for years. Java continues to have about two problems per week, again constant on a long term basis.

    So adobe reader and "real" web browsers have improved, MSIE is spectacularly worse, and everything else is pretty consistent.

  • (Score: 2, Funny) by Horse With Stripes on Monday July 28 2014, @06:11PM

    by Horse With Stripes (577) on Monday July 28 2014, @06:11PM (#74695)

    Gawd, what a horribly constructed [w3.org] HTML page

    Maybe you should have viewed it in IE. I hear that on the internet two wrongs make a right ;-)