[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9B9E7EA67E1B1342B2D25F3FD1B32930B3C486@BE35.exg3.exghost.com>
Date: Tue, 1 Jul 2008 15:31:32 -0400
From: "Larry Seltzer" <larry@...ryseltzer.com>
To: "Stefan Frei" <stefan.frei@...hzoom.net>,
<bugtraq@...urityfocus.com>
Subject: RE: New Paper: More than 600 million users surf at high risk
>From your paper:
>>It is noteworthy that it has taken 19 months since the initial general
availability of IE7 (public release October 2006) to reach 52.5%
proliferation amongst users that navigate the Internet with Microsoft's
Web browser. Meanwhile, 92.2% of Firefox users have migrated to FF2.
Could this be due to the fact that Mozilla stops supporting, and issuing
updates for old versions just a few months after the release of a new
one?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer@...fdavisenterprise.com
-----Original Message-----
From: Larry Seltzer
Sent: Tuesday, July 01, 2008 3:26 PM
To: 'Stefan Frei'; bugtraq@...urityfocus.com
Subject: RE: New Paper: More than 600 million users surf at high risk
A reply from Robert Hensing at Microsoft
(http://blogs.technet.com/robert_hensing/archive/2008/07/01/vulnerable-w
eb-browser-study-full-of-fail.aspx) says that your study did not include
minor version information for Internet Explorer, probably because such
information is not reported in the user-agent string. But fully-patched
copies of IE5 and IE6 are not insecure in the same way as an unsupported
version; Microsoft is still supporting them.
So is it true that your study calls anyone running IE7 secure, and
anyone running IE5 or IE6 insecure, regardless of their patch levels?
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer@...fdavisenterprise.com
-----Original Message-----
From: stefan.frei@...il.com [mailto:stefan.frei@...il.com] On Behalf Of
Stefan Frei
Sent: Tuesday, July 01, 2008 11:40 AM
To: bugtraq@...urityfocus.com
Subject: New Paper: More than 600 million users surf at high risk
Hi List,
For the last 18 month we analyzed the daily USER-AGENT data collected by
Google's Web search and application servers around the world to study
how users
patch and update their Web browsers.
We came out that approximately 637 million (or 45.2 percent) users
currently
surf the Web on a daily basis with an out-of-date browser - i.e. not
running a
current, fully patched Web browser version.
And this is only the tip of what we call the "Insecurity Iceberg", not
counting
all the vulnerable browser plug-ins.
One of the new concepts we came up for combating the inadequacies of
Web browser
patching was that of applying the food industries "Best Before" date to
the Web
browser and its plug-ins.
Paper:
Understanding the Web browser threat:
Examination of vulnerable online Web browser populations and the
"insecurity iceberg"
Authors
- Stefan Frei, Communication Systems Group, ETH Zurich, Switzerland
- Thomas Duebendorfer, Google Switzerland GmbH
- Gunter Ollmann, IBM Internet Security Systems, USA
- Martin May, Communication Systems Group, ETH Zurich, Switzerland
Paper Download:
http://www.techzoom.net/insecurity-iceberg
Regards
Stefan Frei
Powered by blists - more mailing lists