Search

  
 
Biggest security holes revealed


May 05 2005

Biggest security holes revealed

 

Media players and anti-virus programs have been named in a list of the most pressing security problems.


Drawn up by non-profit security group Sans, the Top 20 names the software most in need of fixing to avoid attack by malicious hackers.

Programs make it on to the list if they are widely used, the bugs widely known and are being actively exploited.

Vulnerabilities are being exploited so fast that Sans is issuing its Top 20 four times as often.

Faster threats
The Sans Top 20 used to be issued in October but the organisation has upped the pace of warnings in response to the accelerating speed of attacks from malicious hackers.

"The number of vulnerabilities is fairly solid," said Gerhard Eschelbeck, chief technology officers at security firm Qualys and contributor to the Sans list. "What's changing is the fact that these vulnerabilities are being exploited faster."

When Sans started producing its Top 20, he said, it took 9 months to a year for exploit code to appear.

"Now code is circulating within weeks of the appearance of the vulnerability," he said.

If exploit code keeps appearing faster, Sans might have to issue alerts even more quickly, said Mr Eschelbeck.

"I think the truth lies somewhere between monthly and quarterly updates," he said, "because firms need to put resources behind it to schedule patches and so on."

As well as issuing reports more often, Sans has for the first time started including applications found to be vulnerable to attack. Previously the list has concentrated on operating systems such as Windows and Unix.

In the list of at risk programs include Microsoft's media player, iTunes, RealPlayer, WinAmp as well as anti-virus software from Symantec, F-Secure, Trend Micro and McAfee.

"These programs are out there being used and being exploited as well," he said.

The ease with which media players let people share playlists was putting people at risk, he said.

The good news was that there were patches available for all the vulnerabilities identified in the Sans Top 20, said Mr Eschelbeck.


 

Reproduced from an article published by BBC News
© BBC News

The original article can be viewed here:
http://news.bbc.co.uk/1/hi/technology/4514489.stm

 Bookmark Digg this story

RSS feed  |  About RSS feeds

Get the Industry's top stories delivered straight to your inbox...
Firstname:

Surname:

Email:

Frequency:
 Daily  Weekly
 
© 2003-2009 Global Secure Systems Ltd | Terms and Conditions
 
Industry News
Case Studies
White Papers
Press Releases
Vulnerability Advisories
Monthly Newsletter Archive
Bandwidth Management
Consultancy Products
Content Control
Desktop Protection
Email Management
Encryption Solutions
Firewall/VPN Solutions
Identity and Security
Intrusion Management
Network Optimisation
Secure Remote Access
SIEM (Event correlation)
Strong Access Control
Vulnerability Management
Web Services Security
Wireless Security
About GSS
Supported Charities
Partner Accreditations
Exhibitions & Events
Contact Details
Location
Careers
Terms & Conditions of Sale
Network Penetration Testing
Web Application Testing
Managed Vulnerability Scanning
Citrix ESA
Wireless Scanning
GCSx ITHC Testing
Vulnerability Advisories
ICS Catalogue