Tuesday, August 16, 2011

death penalty is expensive

death penalty case costs costs, on average, $2.3 million to execute a prisoner in Texas—about three times the cost of incarcerating someone in a single cell at the highest security level for forty years


Friday, August 12, 2011

what is CVSS perfect score 10 ( perfect storm)

actually it's pretty difficult to have CVSS perfect 10.
the exploit must be from remote, easy to implement, does not require authentication, the impact must be complete confidential&integrity&availability, the damage must be catastrophic & very vulnerable, for a system that requires high confidential&integrity&availability...

you can try it yourself:

it's not easy to get perfect 10 score...


IE vulnerability: MS11-057

MS11-057 Cumulative Security Update for Internet Explorer (2559049)

Risk factor :
High / CVSS Base Score : 9.3


Again and again Adobe vulnerability

5 new Adobe security bulletins

* APSB11-19 – Security update available for Adobe Shockwave Player (Critical Severity)
* APSB11-20 – Security update available for Adobe Flash Media Server (Critical Severity)
* APSB11-21 – Security update available for Adobe Flash Player (Critical Severity)
* APSB11-22 – Security update available for Adobe Photoshop CS5 (Critical Severity)
* APSB11-23 – Security updates available for RoboHelp (Important Severity)

update immediately!!!


BB server remote execution vulnerabilty: CVSS score 10 !!!!

RIM issue a critical update on BB server

Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution

These vulnerabilities have a Common Vulnerability Scoring System (CVSS) score of 10.0 (high severity).

Scary shit..

to get SVSS score of 10 seems to be a "perfect" vulnerability.

Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process PNG and TIFF images for rendering on the BlackBerry smartphone. Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server.

many enterprises consider BB good as it's secure... :-B