PDA

View Full Version : Severity of security compromise in software



razz
5-11-12, 8:00am
Security software is vulnerable in this CBC http://www.cbc.ca/news/technology/story/2012/05/10/f-cyber-risks.html story inlcuding Apple software.
Quotes:
The total number of security flaws in software applications that hackers can use to their advantage has dropped in recent years, but the number of vulnerabilities considered "high risk" has increased as both criminals and researchers race to find weaknesses, a new report says.

The HP 2012 Cyber Security Report defines these high-risk vulnerabilities as holes in software that allow hackers to take unfettered control of a computer or server over the internet. It adds that finding these security holes has become a lucrative business for hackers, as well as for security companies working to keep their customers' computers safe.

Patrick Hill, product line manager of DV Labs and HP enterprise security products, discussed the study on Tuesday at Toronto's SC Congress Canada, an exposition for security professionals. He said that of all known security vulnerabilities discovered in 2011, 24 per cent of them were considered high risk, up from seven per cent in 2006...

Some commercial applications are more susceptible than others, but among the most vulnerable is Adobe’s Shockwave application, which took the No. 1 spot in the HP report, followed by Apple’s QuickTime...

Hill said there are many facets to a modern day attack, and the kits make attacks easier to launch. The kits can fetch around $1,300 each, and can allow novice hackers to initiate sophisticated attacks.

Security measures

Hill offered three solutions that can help people protect themselves or their business.

The first is updating to the latest versions of any software they use. Security holes are often fixed once they're known to developers, but people have to apply the updates.

“It’s not always easy [to keep software up to date] because you have dozens of applications, you’ve got hundreds of servers, along with plug-ins, add-ons, and pop-up ads,” Hill said.

The second suggestion is to apply an “umbrella patch” to your network. Hill said this provides an added layer of protection, especially for a company that runs its own applications.

The hardest solution, yet the most effective, is to, “block access to known bad actors," Hill said. That means if you can locate the source of an attempted attack, you can block the intruder from accessing your site in the future.