Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, July 25, 2005

Security holes add up in second quarter

More than 422 new Internet security holes were found during the second quarter, according to data released by the SANS Institute.

This represents an increase of 10.8 percent compared with the number found in the first quarter, and a jump of 20 percent compared with the second quarter of last year, the institute said in its quarterly report.

If companies and individuals don’t take corrective action, the agency warned, their systems could be used by remote hackers for identity theft, industrial espionage, and distribution of spam and pornography.

In order to be included on the quarterly list, the vulnerabilities must affect a large number of users, the SANS Institute said.  Additionally, they must allow an attacker to take control of a PC remotely, and they must remain unpatched on a substantial number of systems.  Information sufficient to let people exploit the flaws must be available on the Net.

Among the flaws are serious vulnerabilities in popular data backup products used by enterprises, while home users face increased risk from holes in iTunes and RealPlayer, as well as Internet Explorer.  “These include backup software, management software, licensing software, etc. Flaws in these programs put critical resources at risk, as well as having a potential to compromise the entire enterprise.”

Posted on 07/25