Security Holes . . . Who Cares?
نویسنده
چکیده
We report on an observational study of user response following the OpenSSL remote buffer overflows of July 2002 and the worm that exploited it in September 2002. Immediately after the publication of the bug and its subsequent fix we identified a set of vulnerable servers. In the weeks that followed we regularly probed each server to determine whether its administrator had applied one of the relevant fixes. We report two primary results. First, we find that administrators are generally very slow to apply the fixes. Two weeks after the bug announcement, more than two thirds of the servers were still vulnerable. Second, we identify several weak predictors of user response and find that the pattern differs in the period following the release of the bug and that following the release of the worm.
منابع مشابه
The custodian administered research extract server: “improving the pipeline” in linked data delivery systems
BACKGROUND At Western Australia's Data Linkage Branch (DLB) the extraction of linked data has become increasingly complex over the past decade and classical methods of data delivery are unsuited to the larger extractions which have become the norm. The Custodian Administered Research Extract Server (CARES) is a fast, accurate and predictable approach to linked data extraction. METHODS The Dat...
متن کامل"Patch on Demand" Saves Even More Time?
I n the June 2004 Security column (" A Patch in Nine Saves Time? " pp. 82-83), Bill Arbaugh makes two interesting observations: first, whoever has the tightest observe-orient-decide-act (OODA) loop will prevail in a confrontation; second, the infection rates of recent worms suggest that the good guys are losing the battle. Arbaugh offers some sensible suggestions to vendors and security profess...
متن کاملEmpirical Analysis of SSL/TLS Weaknesses in Real Websites: Who Cares?
As SSL/TLS has become the de facto standard Internet protocol for secure communication in recent years, its security issues have also been intensively studied. Even though several tools have been introduced to help administrators know which SSL/TLS vulnerabilities exist in their network hosts, it is still unclear whether the best security practices are effectively adopted to fix those vulnerabi...
متن کاملThe new impact factor has arrived. Who cares?
ISSN: 1381-4788 (Print) 1751-1402 (Online) Journal homepage: http://www.tandfonline.com/loi/igen20 The new impact factor has arrived. Who cares? An De Sutter, Mieke van Driel, Manfred Maier & Jan De Maeseneer To cite this article: An De Sutter, Mieke van Driel, Manfred Maier & Jan De Maeseneer (2015) The new impact factor has arrived. Who cares?, European Journal of General Practice, 21:3, 153-...
متن کامل