Hackers now targetting security apps and backup: SANS |
|
|
Published
:
Wed, 23 Nov 2005 20:05
|
Hackers are proving to be nearly as smart as software developers and evolving with a matching pace. According to SANS, the world’s leading Internet security body, hackers had already moved on to target applications that are difficult to protect. Prime targets now are backup applications, anti virus software and web browser services.
The institute has published the list on its web site to warn users and technology departments as “most people mistakenly believe their computers are protected”. The institute’s survey revealed a marked shift in hackers’ focus which had so far targeted operating systems like Microsoft Windows and e-mail systems. With more efficient security applications hackers are now aiming at desktop software, the institute said.
The institute’s Twenty Most Critical Vulnerabilities list includes many which are already being exploited. The most commonly targeted backup applications top the list.
While one can normally expect any software to have flaws and security holes, the shift in hackers’ focus is a matter of great concern, a SANS spokesperson said. Businesses and government agencies who had so far been familiar with attacks on browsers, operating systems and e-mail, would simply not know if their backup applications and antivirus software are being exploited.
The most obvious and common flaw among the targets is the lack of an auto-updating mechanism where security holes are patched. Patching programmes takes time to be developed. Microsoft whose Windows applications continue to be favourite targets for hackers, took close to four years to develop their own patching programme.
SANS had already warned about backup applications being vulnerable, in an earlier report based on a Technical Cyber Security Alert indicating Veritas backup server as one of the targets.
The latest report also points to an increase in vulnerabilities among software used in routers and switches – networking products “the backbone of the Internet”.
Besides anti-virus software, the list of cross-platform applications with vulnerabilities includes instant messaging, media player, Mozilla and Firefox browsers, database software, files-sharing applications and PHP-based applications.
Allan Paller, director of research at the institute, said the situation had become as bad as it was six years ago when everyone screamed at Microsoft to fix the security holes in its Windows O/S. All the problems that people worried about six years ago were a concern again, which meant we were “back to the Stone Age”.
|
|
|
|
Print this Story
Microsoft to beta security tools by year-end 