A Review of Headlines in Security
How do you tell that news in security has gone downhill? Well, if today is any indication, you tell when the headlines are: Microsoft Releases Flash Player Patch and TippingPoint Buys Vulnerability Information on its Own Code.
Here at SecuriTeam, we often read that vulnerability researchers provide free quality-assurance for vendors. Unless, of course, that vendor is Tipping Point. Yesterday’s ZDI disclosure avoided the “patch or run for the bunkers” theme of major vulnerabilities in widely-used software:
ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability
I don’t know about you, but if I have a choice between two IPS vendors with good products and one is willing to pay researchers who report even minor vulnerabilities in the code, I know where my money’s going.
One place your money probably didn’t go was on this:
MS06-020: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution
Yes, that’s right folks, a Microsoft patch for Flash Player. I was checking my eyes, too. This patch, for many desktop users, will be the only significant one from May.