[LINK] Users tackling 10 new vulnerabilities a day

rchirgwin at ozemail.com.au rchirgwin at ozemail.com.au
Tue Sep 20 10:00:21 EST 2005 

Quoting "Pilcher, Fred" <Fred.Pilcher at act.gov.au>:

> Comments on this? It sounds odd to me.

Also to me.

First point: it's a mistake to treat the population as representative 
of all its
members. "Users" aren't tackling all the vulnerabilities, because:
- not all users have all the applications which exhibit all the 
vulnerabilities;
- not all users take any action at all;
- most vulnerabilities are "tackled" by the supplier;
- the educated user with a solid defence and good habits doesn't need an
individual response to every possible threat (for example, a new worm can't
attack me unless I run the attachment).

Just off the top of the head...

RC

>
> Fred
>
>
> http://www.computerworld.com.au/index.php/id;71021633;fp;16;fpid;0
>
>
> Users tackling 10 new vulnerabilities a day
> Michael Crawford
>
> 19/09/2005 14:00:02
>
> Australians cope with 10 new application vulnerabilities every day, 
> with no immediate relief in sight.
>
> The six months between January and June 30 this year also saw a 31 
> percent increase of vulnerabilities, with the Firefox browser fairing 
> worse than Internet Explorer with 25 critical vulnerabilities 
> discovered compared with Explorer's eight, according to the Symantec 
> Internet Security Threat Report.
>
> The report also discovered an alarming rise in the number of bot 
> networks available worldwide. This year alone 10,352 new bot 
> computers were discovered, more than double the 4,348 found in 
> December 2004.
>
> Symantec Australia vice president David Sykes said the increase in 
> bots is an alarming figure, however it goes hand in hand with the 
> volume of spam or phishing incidents - and can be tracked to the 
> penetration of broadband.
>
> "If you dig deeper into this you find the vast majority of these 
> vulnerabilities are easy to exploit and the majority will compromise 
> a system or data, and they are targeting computers for user 
> identities," Sykes said.
>
> "Mozilla is a nice soft target if you want to go and drop a keylogger 
> and the vulnerabilities were probably always there but now, the 
> people using it are targets. "People don't attack systems they attack 
> the people who use them; Linux was hardly a concern until commercial 
> sites used it, then people went after it."
>
> The report outlined it took an average of 54 days between a 
> vulnerability being discovered and vendors releasing a patch, and six 
> days before the release of an exploit code. This means on average, 48 
> days lapse between the release of an exploit and relevant patch.
>
> Sykes said the three industries in Australia heaviest hit so far this 
> year in terms of attacks are the education sector, small business and 
> financial services.
>
> -----------------------------------------------------------------------
> This email, and any attachments, may be confidential and also privileged.
> If you are not the intended recipient:
> Please notify the sender and delete all copies of this transmission 
> along with any attachments immediately.
> You should not copy or use it for any purpose, nor disclose its 
> contents to any other person.
> -----------------------------------------------------------------------
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>



----------------------------------------------------------------
This message was sent using MyMail

More information about the Link mailing list