Network News

X My Profile
View More Activity

Where the Flaws Are

One of the major themes of this blog has been the need for computer users to develop their Internet "street smarts." Even those who observe the most basic security advice -- by applying Microsoft Windows patches and using antivirus and firewall software -- must also stay abreast of updates for dozens of software applications that run on top of Windows, including media players, alternative Web browsers and even the security software itself.

So it should come as little surprise to Security Fix readers that a new study points to flaws in media players, browsers and products issued by computer-security vendors as some of the top Internet security threats facing home and business computer users today.

The report, issued by the SANS Institute, a security research and training group in Bethesda, documents some 422 new vulnerabilities discovered or reported in the second quarter of 2005, a 20 percent increase over the same time in 2004 and an 11 percent rise over the first quarter of this year.

SANS says home users face a heightened risk from new flaws in iTunes and RealPlayer. Other media-player makers who recently issued security patches for their products include MusicMatch and Winamp.

The report notes that home users also face a "seemingly endless stream of new vulnerabilities in Microsoft's Internet Explorer Web browser." This isn't to say alternative browsers are worry free:  Mozilla's Firefox had a string of embarrassing new problems with its latest release. Mozilla also issued packages of security updates in May and another big security update in April. Even Opera users need to apply browser fixes from time to time.

Jerry Dixon, deputy director of the National Cyber Security Division for the U.S. Computer Emergency Readiness Team, puts the threat presented by today's browser flaws this way:

"No longer do users have to take some action, such as clicking on an e-mail attachment, but the mere browsing to a particular Web site, in some instances popular Web sites that you would assume are safe, will cause their system to be exploited through their vulnerable Web browser unless properly patched."

For corporations, some of the biggest threats these days reside in flaws like those recently discovered in data-backup software made by Computer Associates and Veritas, a company recently acquired by Symantec Corp. Days after Computer Associates released a patch to fix a problem in BrightStor, SANS began noticing signs of hackers scanning the Internet for companies running vulnerable versions of the software. Similar scanning is ongoing for older Brightstor products and against companies running vulnerable versions of the Veritas backup software, the report notes.

"Backup products are designed to prevent catastrophes by recording copies of important data and allowing those copies to be stored in a safe place. Unfortunately, those products have become easy targets for attackers and since they have access to substantially all data, their weaknesses create real danger," SANS said.

[JULY 26 UPDATE: Washington Post reporter Jonathan Krim reported on the SANS study in today's edition.  Read his story here.]

By Brian Krebs  |  July 25, 2005; 1:15 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Flaw in Winamp Media Player Fixed
Next: Paying a Bounty for Security Flaws

Comments

Gee, maybe with your note about a new report from SANS, you could post a link to the report so people can actually see it for themselves. You have way too many links as it is--no we don't need links to Computer Associates and Symantec--but somehow you managed to leave out the one for the actual topic of your essay.

Posted by: Bozo Hunter | July 26, 2005 4:37 AM | Report abuse

Finally found it. For the rest of you, it's here:
http://www.sans.org/top20/q2-2005update/

Posted by: Bozo Hunter | July 26, 2005 4:44 AM | Report abuse

Brian, Great blog. Very useful for home PC users.
Many home users are getting savvy to the fact that they need to run windows updates, but few home users understand that other internet-connected apps can be vulnerable. And every application is different, so it's confusing to figure this out on your own. On top of it, some vendors (like AOL's IM service) appear to bundle security patches with unwanted adware, so, in the absence of a straight-forward description of the update by the vendor, it's hard for home users to do a risk/benefit analysis of whether to run the update. Do you know if any vendors or other sites offer a "scan for updates" service, where home PC users can visit for a one-stop assessment of whether security patches are needed for their applications? Or, alternatively, does any site have a home-PC-user-friendly inventory of vulnerabilities that home users can visit to learn how to keep internet-connected applications up to date? USCert, for example, is thorough in discussing vulnerabilities, but its website is kinda jargon-y. And its list of vendors that scan for vulnerabilities, located at http://www.sans.org/top20/q2-2005update/ ALL offer service only to companies, not home users.

Posted by: LJ | July 26, 2005 9:29 AM | Report abuse


Hello Brian:

I downloaded the recommended fix for the Real Player. When I was done I had the usual Real spyware cookie in my cache, so I deleted it. For good measure, I tried to delete all other
REAL cookies. It worked for IE and the web browser cache, but try as I may have, I couldn't get the Real and related cookies out of my FIREFOX cookie file. My solution: make sure that all useful existing cookies are entered into the "Allowed" heading of the "Exceptions" cookie file and then delete all existing cookies. Existing cookies replace themselves so that there's no re-upping @ useful websites (Like the POST or NY Times). And if you've listed all Real cookies on the "Exceptions" Block list, they disappear.

Thanks again for the Blog and advicef!

Posted by: Fred Albrecht, Emeryville, Ca | July 28, 2005 3:08 AM | Report abuse

You are assuming everyone is as mean, but not so. :) We understand that a link from SANS may or may not be there for any number of reasons. We also understand that not everyone will want a particular link, but then again some will. That is called good reporting.

Posted by: meanpeoplealert | September 26, 2005 12:25 PM | Report abuse

The link is there. It is under 'new study' in the paragraph. http://www.sans.org/top20/q2-2005update/

Posted by: justneededtolook | September 26, 2005 12:30 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company