TELECOM Digest OnLine - Sorted: Hackers Target Flawed Software

Hackers Target Flawed Software

Andy Sullivan (
Tue, 26 Jul 2005 14:14:24 -0500

By Andy Sullivan

Flawed backup software has emerged as the latest target for hackers
looking for corporate secrets, according to a survey released on

The survey by the nonprofit SANS Institute found new holes in widely
used software products, even as computer users are getting better at
patching some favorite hacker targets.

Attackers are now focusing on desktop software, like Web browsers and
media players, that might not get fixed as frequently as Microsoft
Corp.'s Windows operating system and other software widely used by
business, the cybersecurity research organization found.

More than 422 significant new Internet security vulnerabilities
emerged in the second quarter of 2005, the cybersecurity research
organization found, an increase of 11 percent from the first three
months of the year.

Particularly troubling are holes in backup software made by Computer
Associates International Inc. and Veritas Software Corp., which
together account for nearly one-third of the backup-software market,
said Ed Skoudis, founder of the security company Intelguardians.

"If you think about it, people back up information that is their most
important information, otherwise they wouldn't back it up at all,
right?" Skoudis said on a conference call.

"By exploiting one of these vulnerabilities, an attacker can get in
there and exploit some of the most sensitive information for some of
the most sensitive organizations."

Fixes are available for all the problems outlined in the SANS report,
but many of the new flaws aren't fixed as quickly as older ones.

Administrators take an average of 62 days to fix backup software and
other software inside their firewall, compared to an average of 21
days for e-mail servers and other products that deal directly with the
Internet, said Gerhard Eschelbeck, chief technical officer of
business-software maker Qualsys.

Home users typically take even longer to fix problems, said SANS chief
executive Allan Paller.

Many of the new flaws were found on products popular with home users.

Flaws in media players like Apple Computer Inc.'s iTunes and
RealNetworks Inc.'s RealPlayer could enable a hacker to get into a
user's computer through a poisoned MP3 file.

Users of Microsoft's Internet Explorer Web browser could be
compromised simply by visiting a malicious Web site, SANS said.

Even the open-source Mozilla and Firefox Web browsers, which has
gained in popularity thanks to security concerns, had flaws as well,
Paller said.

Copyright 2005 Reuters Limited.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at . Hundreds of new
articles daily.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Chet Brokaw: "Residents Fight to Keep Analog Cell Phones"
Go to Previous message: Danny Burstein: "Last Laugh! Spammer, age 35, meets "Moscow Rules""
TELECOM Digest: Home Page