Where the Flaws Are
One of the major themes of this blog has been the need for computer users to develop their Internet "street smarts." Even those who observe the most basic security advice -- by applying Microsoft Windows patches and using antivirus and firewall software -- must also stay abreast of updates for dozens of software applications that run on top of Windows, including media players, alternative Web browsers and even the security software itself.
So it should come as little surprise to Security Fix readers that a new study points to flaws in media players, browsers and products issued by computer-security vendors as some of the top Internet security threats facing home and business computer users today.
The report, issued by the SANS Institute, a security research and training group in Bethesda, documents some 422 new vulnerabilities discovered or reported in the second quarter of 2005, a 20 percent increase over the same time in 2004 and an 11 percent rise over the first quarter of this year.
The report notes that home users also face a "seemingly endless stream of new vulnerabilities in Microsoft's Internet Explorer Web browser." This isn't to say alternative browsers are worry free: Mozilla's Firefox had a string of embarrassing new problems with its latest release. Mozilla also issued packages of security updates in May and another big security update in April. Even Opera users need to apply browser fixes from time to time.
Jerry Dixon, deputy director of the National Cyber Security Division for the U.S. Computer Emergency Readiness Team, puts the threat presented by today's browser flaws this way:
"No longer do users have to take some action, such as clicking on an e-mail attachment, but the mere browsing to a particular Web site, in some instances popular Web sites that you would assume are safe, will cause their system to be exploited through their vulnerable Web browser unless properly patched."
For corporations, some of the biggest threats these days reside in flaws like those recently discovered in data-backup software made by Computer Associates and Veritas, a company recently acquired by Symantec Corp. Days after Computer Associates released a patch to fix a problem in BrightStor, SANS began noticing signs of hackers scanning the Internet for companies running vulnerable versions of the software. Similar scanning is ongoing for older Brightstor products and against companies running vulnerable versions of the Veritas backup software, the report notes.
"Backup products are designed to prevent catastrophes by recording copies of important data and allowing those copies to be stored in a safe place. Unfortunately, those products have become easy targets for attackers and since they have access to substantially all data, their weaknesses create real danger," SANS said.
[JULY 26 UPDATE: Washington Post reporter Jonathan Krim reported on the SANS study in today's edition. Read his story here.]
Posted by: Bozo Hunter | July 26, 2005 4:37 AM | Report abuse
Posted by: Bozo Hunter | July 26, 2005 4:44 AM | Report abuse
Posted by: LJ | July 26, 2005 9:29 AM | Report abuse
Posted by: Fred Albrecht, Emeryville, Ca | July 28, 2005 3:08 AM | Report abuse
Posted by: meanpeoplealert | September 26, 2005 12:25 PM | Report abuse
Posted by: justneededtolook | September 26, 2005 12:30 PM | Report abuse
The comments to this entry are closed.