The Last HITB Security Conference in Malaysia

Hands-on Technical Trainings - 13th & 14th October

http://conference.hitb.org/hitbsecconf2014kul/#tile_schedule

Triple-Track Conference - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/conference-speakers/

 

Capture the Flag - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/capture-the-flag/

HackWEEKDAY - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/hackweekday/

CommSec Village - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/commsec-village/

REGISTER ONLINE NOW

Linux, Windows, and security FUD

http://www.flickr.com/photos/spudoskys/121264217/

It's 2013. but the Linux FUD just keeps coming. In the most recent example, security firm Trustwave claimed that Linux kernel vulnerabilities went unpatched more than twice as long as it took to fix unpatched flaws in Windows. This assertion would be a lot more believable if it wasn't coming from a Microsoft partner.

What no one seems to have bothered to do when they reported that Linux was far more lax about taking care of so-called zero-day flaws was to see where Trustwave was coming from. Had they bothered with even a simple Google search they would have found that the company had partnered with Microsoft to bring their application firewall to Internet Information Server (IIS). In particular, Trustwave made a point of boasting how they'd collaborated with the Microsoft Security Response Center (MSRC).

A little more research would also have revealed that Trustwave has a rather untrustworthy reputation. Last year, Trustwave, which is also a Secure Socket Layer (SSL) certificate authority, admitted to selling a subordinate root certificate to an organization to allow it to eavesdrop on encrypted employee traffic.