Discovering a blind eye to vulnerabilities
Last week, I was horrified to discover a problem with my vulnerability scanner. The product I use relies on a user account to connect to our Microsoft Windows servers and workstations to check them for vulnerable versions of software, and that user account had never been configured properly. As a result, the scanner has been blind to a lot of vulnerabilities. And this has been going on for a long time.
I hate to think how much longer I might have remained blind to this problem if I hadn’t set out this week to search for a particular set of vulnerabilities inherent in Apple’s Safari browser. You see, Apple ended support for its Safari browser on Microsoft Windows a while ago, but I know that some of my users have installed it on their own, and I wanted to find out how many. It worries me because vulnerabilities in Safari for Windows will accumulate indefinitely. That’s the last thing I need. In fact, I plan to get rid of Safari entirely, but first I wanted to get some information about how much of a risk it really is.