Risk
7/1/2008
09:33 PM
George V. Hulme
George V. Hulme
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Hey You. Yeah, You: Patch Your Web Browser

Roughly 59% of Internet users use the latest, more secure Web browsers, according to an examination of what version Web browser, down to the patch level, people are using. That means about 576 million Web surfers leave themselves vulnerable to attack. You might just (not) be surprised by who doesn't patch.

Roughly 59% of Internet users use the latest, more secure Web browsers, according to an examination of what version Web browser, down to the patch level, people are using. That means about 576 million Web surfers leave themselves vulnerable to attack. You might just (not) be surprised by who doesn't patch.The study, published today, was conducted by the Swiss Federal Institute of Technology, Google, and IBM Internet Security Systems. The researchers found that no matter how quickly browser and plug-in vendors create patches to fill security holes, it could be months before a large segment of the Internet population will apply those patches.

While I wasn't surprised to see 83.3% of Firefox users having applied the most recent patches, the same can't be said for Opera users, because only 56.1% of those users keep their browser up to date. One would think that both Firefox and Opera users would be more technically savvy than the average user, thereby more prone to patch. Unlike Internet Explorer users, where less than half, at 47.6%, bother to apply the most recent software updates.

The study examined search and Web application log data from Google to ascertain what version of browsers, including patch levels, are used. For Internet Explorer, the researchers culled data from Danish security firm Secunia's Personal Software Inspector.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0761
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.

CVE-2014-0762
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line.

CVE-2014-2380
Published: 2014-08-27
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.

CVE-2014-2381
Published: 2014-08-27
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.

CVE-2014-3344
Published: 2014-08-27
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq3...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.