Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, July 25, 2005

Survey: Hackers Target Flawed Backup Software

The survey by the nonprofit SANS Institute found new holes in widely used software products, even as computer users are getting better at patching some favorite hacker targets.  Attackers are now focusing on desktop software, like Web browsers and media players, that might not get fixed as frequently as Microsoft Corp.‘s Windows operating system and other software widely used by business, the cybersecurity research organization found.

More than 422 significant new Internet security vulnerabilities emerged in the second quarter of 2005, the cybersecurity research organization found, an increase of 11 percent from the first three months of the year.

Particularly troubling are holes in backup software made by Computer Associates International Inc. and Veritas Software Corp., which together account for nearly one-third of the backup-software market, said Ed Skoudis, founder of the security company Intelguardians.  Fixes are available for all the problems outlined in the SANS report, but many of the new flaws aren’t fixed as quickly as older ones.

Administrators take an average of 62 days to fix backup software and other software inside their firewall, compared to an average of 21 days for e-mail servers and other products that deal directly with the Internet, said Gerhard Eschelbeck, chief technical officer of business-software maker Qualsys.

Home users typically take even longer to fix problems, said SANS chief executive Allan Paller.  Many of the new flaws were found on products popular with home users.  Flaws in media players like Apple Computer Inc.‘s iTunes and RealNetworks Inc.‘s RealPlayer could enable a hacker to get into a user’s computer through a poisoned MP3 file.  Users of Microsoft’s Internet Explorer Web browser could be compromised simply by visiting a malicious Web site, SANS said.  Even the open-source Mozilla and Firefox Web browsers, which has gained in popularity thanks to security concerns, had flaws as well, Paller said.,1895,1840577,00.asp

Posted on 07/25