Sampling Bias

Published: 2014-06-10
Last Updated: 2014-06-10 23:29:31 UTC
by Daniel Wesemann (Version: 1)
0 comment(s)

Today, I was researching a rather complex subject, and it brought me to dozens of web sites to catch up on the latest techie clue. And what felt like half of the web pages popped up that obnoxious
 

HI. CAN WE ASK YOU A COUPLE QUESTIONS ABOUT OUR WEB SITE?

[YES]  [NOT RIGHT NOW]


insert that seems to be all too common these days. Who on earth is clicking "yes" on these?? Or, put differently, how irrelevant must the results of such "surveys" be if the respondents probably all are bored loafers who have unlimited time on their hands, and don't mind to be distracted from their work by an (end|use|point)less survey that intrudes into the thought process, clamoring for attention?

It's what statisticians call "sampling bias". Something like going to a pub to determine if people like alcoholic beverages. Surprise surprise, many of them do :). I suspect the results of such web site "surveys" are similar: WOW!! 96% of the respondents say our web page is cool!!1)

 


1) n=18 / N=1'284'154

 

Keywords: survey web
0 comment(s)
Adobe Fl(u|a)sh Patches: https://helpx.adobe.com/security/products/flash-player/apsb14-16.html
Mozilla Patches - Firefox to 30, ESR to 24.6, Thunderbird to 24.6. See https://www.mozilla.org/security/known-vulnerabilities/

Microsoft Patch Tuesday June 2014

Published: 2014-06-10
Last Updated: 2014-06-10 18:08:54 UTC
by Alex Stanford (Version: 1)
1 comment(s)

Overview of the Jun 2014 Microsoft patches and their status.

# Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*)
clients servers
MS14-030 Vulnerability in Remote Desktop Could Allow Tampering
Microsoft Windows

CVE-2014-0296		 KB 2969259 . Severity:Important
Exploitability: 1		 Important Important
MS14-031 Vulnerability in TCP Protocol Could Allow Denial of Service
Microsoft Windows

CVE-2014-1811		 KB 2962478 . Severity:Important
Exploitability: 1		 Important Important
MS14-032 Vulnerability in Microsoft Lync Server Could Allow Information Disclosure
Microsoft Lync Server

CVE-2014-1823		 KB 2969258 . Severity:Important
Exploitability: 1		 N/A Important
MS14-033 Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure
Microsoft Windows

CVE-2014-1816		 KB 2966061 . Severity:Important
Exploitability: 1		 Important Important
MS14-034 Vulnerability in Microsoft Word Could Allow Remote Code Execution
Microsoft Office

CVE-2014-2778		 KB 2969261 . Severity:Important
Exploitability: 1		 Critical Important
MS14-035 Cumulative Security Update for Internet Explorer
Microsoft Windows, Internet Explorer
CVE-2014-0282 CVE-2014-1762 CVE-2014-1764 CVE-2014-1766 CVE-2014-1769 CVE-2014-1770 CVE-2014-1772 CVE-2014-1773 CVE-2014-1774 CVE-2014-1775 CVE-2014-1778 CVE-2014-1779 CVE-2014-1780 CVE-2014-1781 CVE-2014-1782 CVE-2014-1783 CVE-2014-1784 CVE-2014-1785 CVE-2014-1786 CVE-2014-1788 CVE-2014-1789 CVE-2014-1790 CVE-2014-1791 CVE-2014-1792 CVE-2014-1794 CVE-2014-1795 CVE-2014-1796 CVE-2014-1797 CVE-2014-1799 CVE-2014-1800 CVE-2014-1802 CVE-2014-1803 CVE-2014-1804 CVE-2014-1805 CVE-2014-2753 CVE-2014-2754 CVE-2014-2755 CVE-2014-2756 CVE-2014-2757 CVE-2014-2758 CVE-2014-2759 CVE-2014-2760 CVE-2014-2761 CVE-2014-2763 CVE-2014-2764 CVE-2014-2765 CVE-2014-2766 CVE-2014-2767 CVE-2014-2768 CVE-2014-2769 CVE-2014-2770 CVE-2014-2771 CVE-2014-2772 CVE-2014-2773 CVE-2014-2775 CVE-2014-2776 CVE-2014-2777 CVE-2014-0282 CVE-2014-1762 CVE-2014-1764 CVE-2014-1766 CVE-2014-1769 CVE-2014-1770 CVE-2014-1771 CVE-2014-1772 CVE-2014-1773 CVE-2014-1774 CVE-2014-1775 CVE-2014-1777 CVE-2014-1778 CVE-2014-1779 CVE-2014-1780 CVE-2014-1781 CVE-2014-1782 CVE-2014-1783 CVE-2014-1784 CVE-2014-1785 CVE-2014-1786 CVE-2014-1788 CVE-2014-1789 CVE-2014-1790 CVE-2014-1791 CVE-2014-1792 CVE-2014-1794 CVE-2014-1795 CVE-2014-1796 CVE-2014-1797 CVE-2014-1799 CVE-2014-1800 CVE-2014-1802 CVE-2014-1803 CVE-2014-1804 CVE-2014-1805 CVE-2014-2753 CVE-2014-2754 CVE-2014-2755 CVE-2014-2756 CVE-2014-2757 CVE-2014-2758 CVE-2014-2759 CVE-2014-2760 CVE-2014-2761 CVE-2014-2763 CVE-2014-2764 CVE-2014-2765 CVE-2014-2766 CVE-2014-2767 CVE-2014-2768 CVE-2014-2769 CVE-2014-2770 CVE-2014-2771 CVE-2014-2772 CVE-2014-2773 CVE-2014-2775 CVE-2014-2776 CVE-2014-2777		 KB 2969262 . Severity:Critical
Exploitability: 1		 Critical Critical
MS14-036 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution
Microsoft Windows, Microsoft Office, Microsoft Lync

CVE-2014-1817
CVE-2014-1818		 KB 2967487 . Severity:Critical
Exploitability: 1		 Critical Critical
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.

-- 
Alex Stanford - GIAC GWEB & GSEC,
Research Operations Manager,
SANS Internet Storm Center

Keywords: mspatchday
1 comment(s)
ISC StormCast for Tuesday, June 10th 2014 http://isc.sans.edu/podcastdetail.html?id=4015

Comments

cwqwqwq

www

Nov 17th 2022
6 months ago

eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>

EEW

Nov 17th 2022
6 months ago

WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]

qwq

Nov 17th 2022
6 months ago

dwqqqwqwq mashood

mashood

Nov 17th 2022
6 months ago

[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)

isc.sans.edu

Nov 23rd 2022
6 months ago

[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]

isc.sans.edu

Nov 23rd 2022
6 months ago

What's this all about ..?

isc.sans.edu

Dec 3rd 2022
5 months ago

password reveal .

isc.sans.edu

Dec 3rd 2022
5 months ago

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission

isc.sans.edu

Dec 26th 2022
5 months ago

https://thehomestore.com.pk/

isc.sans.edu

Dec 26th 2022
5 months ago

Login here to join the discussion.


Diary Archives