SANS: No Safety From Vulnerabilities

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Unless you've been hiding under a rock for the past three months, you've likely been hit with an Internet security vulnerability needing your attention. The latest threats cover the gamut of popular client- and server-side applications, and they're even getting the ones once thought to be safe.

There were 422 newly reported Internet security vulnerabilities in the second quarter of 2005, according to the SANS Institute. The number represents a 20 percent year-over-year and an 11 percent quarterly increase in reported vulnerabilities.

SANS' quarterly update of the top 20 list of Internet vulnerabilities, released Monday, identifies the most critical of the 422 that resulted in widespread damage to both enterprise and home users. Six different vendors made the list, including Microsoft, Mozilla, Apple, Real Networks, Computer Associates and Veritas.

Rohit Dhamankar, editor of the SANS Top 20, noted on a morning conference call that the issues with backup software products from Computer Associates and Veritas were particularly worrisome.

At the end of June, US-CERT issued a Technical Cyber Security Alert warning that a previously disclosed vulnerability with the Veritas backup server was being actively exploited.

Backup software may just be the tip of the iceberg in terms of new attacks being waged against critical management applications.

''In the future we can expect to see more flaws being targeted against such class of products like management software and even licensing software,'' Dhamankar said.

Another trend noted by SANS is the increasing number of client-side vulnerabilities, such as those appearing in Microsoft Internet Explorer and Mozilla Firefox, as well as Apple iTunes and Real Networks' Real Player.

''Two of the products that people have been moving to to protect themselves had vulnerabilities,'' Alan Paller, director of research for SANS Institute said. "Firefox and Mozilla browsers had multiple vulnerabilities this quarter and Apple -- the company that people think of as the safe haven -- had two separate updates fixing multiple security vulnerabilities.

''So as you can see there are no safe havens,'' Paller added.

This article was first published on internetnews.com. To read the full article, click here.

Submit a Comment

Loading Comments...