[RndTbl] wireshark warning
Trevor Cordes
trevor at tecnopolis.ca
Fri Jan 17 03:46:30 CST 2014
Didn't have a chance to bring it up at the meeting, but I feel it's
important to add that wireshark is probably the most frequently
security-patched FOSS out there. I watch the security feed from Fedora
and the package I see sec-updated most often is wireshark, probably
followed by PHPMyAdmin. It's quite astonishing how miserably insecure
wireshark is. (Hmm, too bad there doesn't seem to be a page or chart
ranking FOSS by CVE count, unless someone else can find one.)
So, if you use wireshark, do your package updates frequently and/or
before each invocation of wireshark.
This is a great argument for not using wireshark on Windows, as there
is not yum/apt-get for it, AFAIK, meaning you'd be on your own to
check for and install updates.
More information about the Roundtable
mailing list