[x-posted to hackquest, net-force and my blog]<br><br>yeah yeah. the year hasn't ended yet, but we've already got stuff like the top cybercrimes, top swimsuit design, top hot model, yada yada.<br>bit9 came up with the year's top vulnerable applications on the windows platform and guess who tops the list?<br>.<br>.<br>.<br>.<br>.<br>.<br>.<br>foxy! yeah. firefox, with 10 critical vulns that \"allows hackers to gain control of your computer and steal passwords\".<br>see the whole thing here - http://www.bit9.com/files/Vulnerable_Apps_DEC_08.pdf
as discussed with rhican in net-force, this document should not be taken seriously. can you believe that safari is listed as a popular application on the windows platform? and internet explorer is totally left out?
Of course the most used applications are those who are targeted by most \"security researchers\".<br><br>To name some other popular apps:<br>There have been mutliple buffer overflows fixed in Opera lately,<br>Microsoft Word has similar issues currently,<br>libpng is/was also vulnerable to some issue....,<br>the list continues...<br><br>What i like about firefox (and windows maybe) is the auto-update thingy.<br><br>BTW: There are techniques that help applications to defend against security threats and just to name a few things:<br><br>- (On OS basis there should be stack randomization)<br>- as user you should avoid using root/admin account<br>- use NoScript Plugin for Firefox<br><br>PS: Lately some helpful person proposed to abonnement security RSS Feeds. I really can recommend that. I am using Opera to do mail stuff pop3/smtp, and it works not too bad with feeds either.<br><br>Merry Christmas to all<br>Towley