• Your biggest vulnerabilities aren’t what you think

    Posted on September 16, 2009 at 07:32 CDT by Comment in the Forums

    SANS Institute just released a security vulnerability analysis covering real infections and vulnerabilities on 9,000,000 real computers at big companies. Interesting reading, with some surprising conclusions.

    According to SANS:

    Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have Internet access… Because the visitors feel safe downloading documents from the trusted sites, they are easily fooled into opening documents and music and video that exploit client-side vulnerabilities… In many cases, the ultimate goal of the attacker is to steal data from the target organizations and also to install back doors through which the attackers can return for further exploitation.

    Other than Conficker/Downadup, no new major worms for OSs were seen in the wild during the reporting period. Even so, the number of attacks against buffer overflow vulnerabilities in Windows tripled from May-June to July-August and constituted over 90% of attacks seen against the Windows operating system.

    World-wide there has been a significant increase over the past three years in the number of people discovering zero-day vulnerabilities, as measured by multiple independent teams discovering the same vulnerabilities at different times. Some vulnerabilities have remained unpatched for as long as two years. There is a corresponding shortage of highly skilled vulnerability researchers working for government and software vendors. So long as that shortage exists, the defenders will be at a significant disadvantage in protecting their systems against zero-day attacks.

    Bottom line: stay cautious. Realize that even big-name Web sites can have infected files (as Graham Cluley explains, even the New York Times site was hit recently). For heaven’s sake, don’t install or run programs that you don’t know. Keep your whole system patched, using a tool like Secunia Personal Software Inspector. And stay away from ActiveX controls, the biggest source of buffer overflow vulnerabilities – which, in my opinion, means, you should be running Firefox (or Chrome or Opera or anything but Internet Explorer).

    Office Patches/Security, Windows Patches/Security , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.