- Related Stories
-
Offering a bounty for security bugs
July 24, 2005 -
Windows flaw reaches beyond XP
July 18, 2005 -
RealNetworks plugs security holes in player
June 23, 2005 -
Apple plugs security hole in iTunes
May 10, 2005
This represents an increase of 10.8 percent compared with the number found in the first quarter, and a jump of 20 percent compared with the second quarter of last year, the institute said in its quarterly report.
If companies and individuals don't take corrective action, the agency warned, their systems could be used by remote hackers for identity theft, industrial espionage, and distribution of spam and pornography.
In order to be included on the quarterly list, the vulnerabilities must affect a large number of users, the SANS Institute said. Additionally, they must allow an attacker to take control of a PC remotely, and they must remain unpatched on a substantial number of systems. Information sufficient to let people exploit the flaws must be available on the Net.
Among the flaws are serious vulnerabilities in popular data backup products used by enterprises, while home users face increased risk from holes in iTunes and RealPlayer, as well as Internet Explorer.
"We are seeing a trend to exploit not only...Windows, but other vendor programs that are installed on potentially large number(s) of systems," said Rohit Dhamankar of TippingPoint, which collaborated with the SANS Institute for the study.
"These include backup software, management software, licensing software, etc. Flaws in these programs put critical resources at risk, as well as having a potential to compromise the entire enterprise."
See more CNET content tagged:
SANS Institute, flaw, Apple Computer, security, PC
Mr. AT Alishtari, Founder and POA EDI Secure LLLP, says there is a lot of business for IT giants other than two factor authentication with offline device that stops online private ID theft and bank rape from use of stolen IDs.
There is also the fact that many machines and PCs are turned into robots blindly attacking government and network bank sites around the world. This cyber crime needs to be stopped directly with improved software since the PC owners do not even know they are being used for crime. There is a lot of work to do.
Security is becoming a myth inside an allusion inside a dream the truth thereto is the Emperor has no clothes. That is what I think. Ciao now.
- Lack of security is not what anybody needs
- by grabacontroller July 25, 2005 3:34 PM PDT
- Why don't companies hire people to fix security holes or hold companies that lack in security legally responsible for insecurity of there products? If the products lack security, you put corporations at risk and people at risk, too. Also, paying for security is putting extra money in anti-virus, anti-spyware, and firewall companies pockets. Something has to be done and somebody has to be responsible for having insecure products. Who has to pay for the damages that security holes have? I think security should be more important than adding features. You add the security first, then the features, then we will talk about how good your product is. Forget Windows Vista. Make the current products better. If Microsoft, just made the products more secure, everybody would be happier. Also, whats up with the registry? Why don't software companies clean that up? It slows your computer down like bad when you uninstall stuff and it leaves stuff behind. No matter how good a product can be on windows, you have to buy so much stuff or get stuff for free in order to keep up with it. Its expensive sometimes and your computer can get damged severly and thats money out of your pocket and very unhappy customers.
- Reply to this comment
-
(5 Comments)