Monday, June 18, 2007

Safari Browser Bugs, Attack Surfaces, Oh My!

Before anyone gets upset read the following, then if you have an opinion I would love to hear it.

http://www.darkreading.com/blog.asp?blog_sectionid=415

This is to be expected. I am not a Apple basher per say (Hey! I have an iPod nano that I love) but it is a matter of exposure to threats. Now that the source code for Safari has been exposed to a greater number of threats there will be more people poking and prodding at it and more vulnerabilities will be found. This is to be expected regardless of the platform or application.

In a semi-related blog post over at Taosecurity that I read yesterday it was put very well.

http://taosecurity.blogspot.com/2007/06/triple-boot-thinkpad-x60s.html

Richard Bejtlich says:

Second, I am attending Black Hat this summer, and I don't trust Windows or Linux to that crowd. Sure, FreeBSD is "just as vulnerable" but the majority of the attackers will be looking for Windows and Linux users. Booting into FreeBSD and staying there will reduce my exposure surface.”

I totally agree with this statement. Even with the risk of sounding like a broken record I will reiterate that regardless of platform or application there are vulnerabilities that can . I too will be attending Black Hat and Defcon and will take extra measures from an OS and application perspective to maintain as small an exposure surface as possible.

No comments: