Network News

X My Profile
View More Activity

Some Sobering Security Stats

Symantec today released its latest report on Internet security, cataloging 2,249 software vulnerabilities discovered or reported from January through June 2006 -- the most the company has ever recorded in a six-month period.

Nearly 80 percent of the vulnerabilities were considered easily exploitable and involved applications like Web browsers or software such as blogging and shopping cart programs.

Hackers often use Web application flaws to deface Internet sites -- thousands of sites are defaced each day thanks to this class of vulnerabilities. Annoying as they are, however, defacements aren't the real problem. Criminals can exploit the same Web application flaws to gain access to sensitive databases, access that can drive credit card and identity theft. Online criminals also can use Web app flaws to hijack legitimate sites and redirect visitors to sites that try to install spyware and other malicious programs.

Web application flaws can even cause a Web site to become a drone in a massive army of computers that organized criminals use to launch crippling and extortionist attacks against other Web sites. According to Symantec's stats, the first six months of 2006 brought an average of 6,110 distributed denial-of-service attacks (DDoS) each day.

That figure is a low-ball number, as Symantec only measured DDoS attacks in cases where the perpetrators faked the Internet addresses of the compromised computers doing the attacking. With millions of compromised machines on the 'Net these days available for use in DDoS attacks, spoofing the source Internet address of drone computers is really not necessary, and the practice is now a lot less common than it used to be.

Other stats of interest in the report: Microsoft's Internet Explorer was the most frequently targeted Web browser, with 47 percent of all attacks. Mozilla's Firefox and other browsers had the most number of flaws -- 47 -- (IE had 38), but IE continued to have the largest window of exposure to known security flaws.

A PDF copy of the Symantec report can be downloaded here.

By Brian Krebs  |  September 25, 2006; 2:35 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: IM Worms "Epidemic" on MSN Messenger
Next: Microsoft Issues Emergency Patch for IE Flaw

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company