Sampling Bias

Published: 2014-06-10. Last Updated: 2014-06-10 23:29:31 UTC
by Daniel Wesemann (Version: 1)

Today, I was researching a rather complex subject, and it brought me to dozens of web sites to catch up on the latest techie clue. And what felt like half of the web pages popped up that obnoxious

HI. CAN WE ASK YOU A COUPLE QUESTIONS ABOUT OUR WEB SITE?

[YES] [NOT RIGHT NOW]

insert that seems to be all too common these days. Who on earth is clicking "yes" on these?? Or, put differently, how irrelevant must the results of such "surveys" be if the respondents probably all are bored loafers who have unlimited time on their hands, and don't mind to be distracted from their work by an (end|use|point)less survey that intrudes into the thought process, clamoring for attention?

It's what statisticians call "sampling bias". Something like going to a pub to determine if people like alcoholic beverages. Surprise surprise, many of them do :). I suspect the results of such web site "surveys" are similar: WOW!! 96% of the respondents say our web page is cool!!¹⁾

^{1) n=18 / N=1'284'154}

Keywords: survey web

0 comment(s)

Adobe Fl(u|a)sh Patches: https://helpx.adobe.com/security/products/flash-player/apsb14-16.html

Mozilla Patches - Firefox to 30, ESR to 24.6, Thunderbird to 24.6. See https://www.mozilla.org/security/known-vulnerabilities/

Microsoft Patch Tuesday June 2014

Published: 2014-06-10. Last Updated: 2014-06-10 18:08:54 UTC
by Alex Stanford (Version: 1)

1 comment(s)

Overview of the Jun 2014 Microsoft patches and their status.

#	Affected	Contra Indications - KB	Known Exploits	Microsoft rating(**)	ISC rating(*)
#	Affected	Contra Indications - KB	Known Exploits	Microsoft rating(**)	clients	servers
MS14-030	Vulnerability in Remote Desktop Could Allow Tampering
MS14-030	Microsoft Windows CVE-2014-0296	KB 2969259	.	Severity:Important Exploitability: 1	Important	Important
MS14-031	Vulnerability in TCP Protocol Could Allow Denial of Service
MS14-031	Microsoft Windows CVE-2014-1811	KB 2962478	.	Severity:Important Exploitability: 1	Important	Important
MS14-032	Vulnerability in Microsoft Lync Server Could Allow Information Disclosure
MS14-032	Microsoft Lync Server CVE-2014-1823	KB 2969258	.	Severity:Important Exploitability: 1	N/A	Important
MS14-033	Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure
MS14-033	Microsoft Windows CVE-2014-1816	KB 2966061	.	Severity:Important Exploitability: 1	Important	Important
MS14-034	Vulnerability in Microsoft Word Could Allow Remote Code Execution
MS14-034	Microsoft Office CVE-2014-2778	KB 2969261	.	Severity:Important Exploitability: 1	Critical	Important
MS14-035	Cumulative Security Update for Internet Explorer
MS14-035	Microsoft Windows, Internet Explorer CVE-2014-0282 CVE-2014-1762 CVE-2014-1764 CVE-2014-1766 CVE-2014-1769 CVE-2014-1770 CVE-2014-1772 CVE-2014-1773 CVE-2014-1774 CVE-2014-1775 CVE-2014-1778 CVE-2014-1779 CVE-2014-1780 CVE-2014-1781 CVE-2014-1782 CVE-2014-1783 CVE-2014-1784 CVE-2014-1785 CVE-2014-1786 CVE-2014-1788 CVE-2014-1789 CVE-2014-1790 CVE-2014-1791 CVE-2014-1792 CVE-2014-1794 CVE-2014-1795 CVE-2014-1796 CVE-2014-1797 CVE-2014-1799 CVE-2014-1800 CVE-2014-1802 CVE-2014-1803 CVE-2014-1804 CVE-2014-1805 CVE-2014-2753 CVE-2014-2754 CVE-2014-2755 CVE-2014-2756 CVE-2014-2757 CVE-2014-2758 CVE-2014-2759 CVE-2014-2760 CVE-2014-2761 CVE-2014-2763 CVE-2014-2764 CVE-2014-2765 CVE-2014-2766 CVE-2014-2767 CVE-2014-2768 CVE-2014-2769 CVE-2014-2770 CVE-2014-2771 CVE-2014-2772 CVE-2014-2773 CVE-2014-2775 CVE-2014-2776 CVE-2014-2777 CVE-2014-0282 CVE-2014-1762 CVE-2014-1764 CVE-2014-1766 CVE-2014-1769 CVE-2014-1770 CVE-2014-1771 CVE-2014-1772 CVE-2014-1773 CVE-2014-1774 CVE-2014-1775 CVE-2014-1777 CVE-2014-1778 CVE-2014-1779 CVE-2014-1780 CVE-2014-1781 CVE-2014-1782 CVE-2014-1783 CVE-2014-1784 CVE-2014-1785 CVE-2014-1786 CVE-2014-1788 CVE-2014-1789 CVE-2014-1790 CVE-2014-1791 CVE-2014-1792 CVE-2014-1794 CVE-2014-1795 CVE-2014-1796 CVE-2014-1797 CVE-2014-1799 CVE-2014-1800 CVE-2014-1802 CVE-2014-1803 CVE-2014-1804 CVE-2014-1805 CVE-2014-2753 CVE-2014-2754 CVE-2014-2755 CVE-2014-2756 CVE-2014-2757 CVE-2014-2758 CVE-2014-2759 CVE-2014-2760 CVE-2014-2761 CVE-2014-2763 CVE-2014-2764 CVE-2014-2765 CVE-2014-2766 CVE-2014-2767 CVE-2014-2768 CVE-2014-2769 CVE-2014-2770 CVE-2014-2771 CVE-2014-2772 CVE-2014-2773 CVE-2014-2775 CVE-2014-2776 CVE-2014-2777	KB 2969262	.	Severity:Critical Exploitability: 1	Critical	Critical
MS14-036	Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution
MS14-036	Microsoft Windows, Microsoft Office, Microsoft Lync CVE-2014-1817 CVE-2014-1818	KB 2967487	.	Severity:Critical Exploitability: 1	Critical	Critical

We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.

--
Alex Stanford - GIAC GWEB & GSEC,
Research Operations Manager,
SANS Internet Storm Center

Keywords: mspatchday

1 comment(s)

ISC StormCast for Tuesday, June 10th 2014 http://isc.sans.edu/podcastdetail.html?id=4015

Sampling Bias

Microsoft Patch Tuesday June 2014

Comments