In the Brave New World that is Web 2.0, everyone's going to use their browser for everything. Word Processor? Google Documents, via your browser. Email? Gmail, via your browser. Remote login? Thin Client, via (you guessed it) your browser.
What made the buzz get cranked all the way up to 11 is that you don't need to care about what computer people use to connect. Use whatever you want. Windows? Sure. Linux? OK, geek boy. Mac? Get your Think Different cult on. Everyone plays!
So what happens when there's a security bug in the browser? Ah, but there are so many browsers. Firefox, Internet Explorer, Opera, Chrome. They can't all be bad, right?
Wrong. OK, technically, they're not vulnerable. But they run Quicktime, which is vulnerable, and which is all over Al Gore's Intarwebz. All browsers run Quicktime. And Quicktime has a nasty bug that will get you pwned, no matter who you are.
So clicky here to patch. Yes, you.
I looked at the list of bugs in the linked article. Buffer overflow, buffer overflow, buffer overflow -- five of the seven bugs involve buffer overflow exploits. Ye ghods, doesn't anyone teach good programming practice anymore? The buffer overflow hack is one of the oldest tricks in the book. Preventing them should be an automatic reflex.
ReplyDeleteWolfwalker, that's a really good point. Buffer Overflow exploits have been known for what - 30 years?
ReplyDelete