[LINK] Users tackling 10 new vulnerabilities a day

Pilcher, Fred Fred.Pilcher at act.gov.au
Tue Sep 20 09:06:06 EST 2005 

Comments on this? It sounds odd to me.

Fred


http://www.computerworld.com.au/index.php/id;71021633;fp;16;fpid;0


Users tackling 10 new vulnerabilities a day
Michael Crawford

19/09/2005 14:00:02

Australians cope with 10 new application vulnerabilities every day, with no immediate relief in sight. 

The six months between January and June 30 this year also saw a 31 percent increase of vulnerabilities, with the Firefox browser fairing worse than Internet Explorer with 25 critical vulnerabilities discovered compared with Explorer's eight, according to the Symantec Internet Security Threat Report. 

The report also discovered an alarming rise in the number of bot networks available worldwide. This year alone 10,352 new bot computers were discovered, more than double the 4,348 found in December 2004. 

Symantec Australia vice president David Sykes said the increase in bots is an alarming figure, however it goes hand in hand with the volume of spam or phishing incidents - and can be tracked to the penetration of broadband. 

"If you dig deeper into this you find the vast majority of these vulnerabilities are easy to exploit and the majority will compromise a system or data, and they are targeting computers for user identities," Sykes said. 

"Mozilla is a nice soft target if you want to go and drop a keylogger and the vulnerabilities were probably always there but now, the people using it are targets. "People don't attack systems they attack the people who use them; Linux was hardly a concern until commercial sites used it, then people went after it." 

The report outlined it took an average of 54 days between a vulnerability being discovered and vendors releasing a patch, and six days before the release of an exploit code. This means on average, 48 days lapse between the release of an exploit and relevant patch. 

Sykes said the three industries in Australia heaviest hit so far this year in terms of attacks are the education sector, small business and financial services. 
  
-----------------------------------------------------------------------
This email, and any attachments, may be confidential and also privileged.
If you are not the intended recipient:
Please notify the sender and delete all copies of this transmission along with any attachments immediately.
You should not copy or use it for any purpose, nor disclose its contents to any other person.
-----------------------------------------------------------------------

More information about the Link mailing list