Every day a new exploit, bug, or vulnerability is found and reported on the Internet, in the news and on TV. Although Microsoft seems to get the greatest number of bug reports and alerts, they are not alone. Bugs are found in all of the operating systems, whether it is server software, desktop software or imbedded systems.
Here is a list of bugs and flaws affecting Microsoft products that have been uncovered just in the month of June 2001:
The mere frequency and number of bugs that are being found does not bode well for Microsoft and the security of their programming methods. These are just the bugs that have been found and reported, but bugs like the Internet Explorer bug may have been around and exploited for months and hidden from discovery by the underground community.
But it isn't just Microsoft that is plagued with bugs and vulnerabilities. All flavors of Linux have their share of serious bugs also. The vulnerabilities below have also been discovered or reported for the month of June 2001:
These are not all of the bugs and exploits that affect *nix systems, there are at least as many *nix bugs found in the month of June as there are for Microsoft products. Even the Macintosh OS, the operating system that is famous for being almost hacker proof, is also vulnerable. This is especially true with the release of OS X. This is because OS X is built on an OpenBSD Linux core. Many of the Linux/BSD specific vulnerabilities can also affect the Macintosh OS X. As an example the Macintosh OS X is subject to the SUDO buffer overflow vulnerability.
Does all of this mean that you should just throw up your hands and give up? Absolutely not! Taken as a whole the sheer number of bugs and vulnerabilities is massive and almost overwhelming. The point is that if you keep up with the latest patches and fixes, your job of keeping your OS secure is not so daunting.
Keeping up is simple if you just know where to look. Each major OS keeps a section of their Web site that is dedicated to security, fixes and patches. Here is a partial list categorized by operating system:
Windows
The Microsoft TechNet section on security contains information on the latest vulnerabilities, bugs, patches and fixes. It also has a searchable database that you can search by product and service pack.
RedHat
Alerts and Errata
RedHat lists some of the most recent vulnerabilities here as well as other security links on the RedHat site and security links that can be found elsewhere on the Web.
Slackware
Security Mailing List Archives
Although not as well organized as the Microsoft or RedHat sites, the mailing list archives contain a wealth of information. The archive is organized by year and then by month.
Apple Product Security
Even though the Mac is not as prone to security problems as other OSs, you should still take steps to secure your Mac. With the introduction of OS X, security will be more of a concern.
Decrypt Cisco Type-7 Passwords on the fly!
