- Palm unwraps the unlocked 3G Treo Pro
- FTC targets prerecorded telemarketing drivel
- New algorithm offers hope for old routers
- Microsoft hires Seinfeld to bite Apple
- 'White space' spectrum debate to get hotter
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
SANS Institute Monday updated its list of “Top 20” vulnerabilities discovered in products or types of exploits and attacks that threaten users on the Internet.
The SANS “Spring Update” of its Top 20 Internet Security Vulnerabilities cites a growth in critical vulnerabilities discovered in the Mac OS/X operating systems, as well as vulnerabilities associated with the Mozilla Firefox open-source Web browsers that had to be patched.
Rohit Dhamankar, editor of the SANS Top 20 and manager of security research at 3Com’s TippingPoint division, said the good news is that software patches for the Mozilla Firefox open-source browsers are usually more quickly issued compared with Microsoft’s patch process for its Internet Explorer.
“The [Mozilla Firefox] patches arrive much faster, typically within a week,” said Dhamankar, adding that Microsoft generally waits for its scheduled second Tuesday of the month to issue software patches. He added that so many zero-day exploits have been discovered recently in association with Microsoft Explorer, the browser’s name should be changed to “Internet Exploiter.”
Other trends cited by SANS Institute include SQL injection vulnerabilities and attacks against databases, as well as the “scourge” of successful "spear phishing" attacks, especially against U.S. defense and nuclear-energy sites.
In spear phishing, an attacker sends e-mail pretending to be a trusted source to a targeted victim who turns over sensitive information to the attacker.
While SANS Director of Research Alan Paller declined to reveal the names of specific agencies that had been the target of spear phishing, this type of attack has caused so much concern in the U.S. government, he said, that there’s been a new word coined for such an attack: “exfiltration.”
A play on the word “infiltration,” the word “exfiltration” is “being used a lot around Washington these days,” because of a number of successful spear-phishing attacks, says Paller.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment