Forwarded from: Mark Bernard <mbernard@private> Dear Associates, Am I not sure if I am the only one here that is concerned about this fact or not, so here it goes. Isn't it at cross purposes perhaps even a ethical question, that a report like this was created by a company that sells the stuff to prevent all this bad stuff from happening to you? Why has no one ever suggested this before? It seems like a logical conclusion. For me independent sources, even if only in appearances, would help to validate this information adding credibility and trust. It appears that each and every group from Symantec to PWC, E & Y and CSI/FBI has a different story to tell and its difficult to tell which one is correct because none of them support each other. Regards, Mark. ----- Original Message ----- From: "InfoSec News" <isn@private> To: <isn@private> Sent: Tuesday, March 16, 2004 3:44 AM Subject: [ISN] Symantec: Boom Times For Hackers > http://www.informationweek.com/story/showArticle.jhtml?articleID=18400171 > > By Gregg Keizer > TechWeb News > March 15, 2004 > > Symantec Corp.'s twice-annual Internet Security Threat Report paints > a menacing picture, one that security professionals know all too > well. > > A report released Monday by the security vendor using data from > customers as well as from its DeepSight Threat analysis system says > attackers are having an easier time than ever exploiting > vulnerabilities. They're also increasingly using back doors to gain > access to compromised systems, and are trying to turn a quick buck > with stolen confidential information. > > During 2003, according to Symantec's data, the number of > easily-exploited vulnerabilities climbed about 10% from the year > before, marking the first time that vulnerabilities so classified > broke the two-thirds mark. In 2003, fully 70% of all security > vulnerabilities were simple for attackers to manage. > > The reasons are twofold, said Brian Dunphy, director of Symantec's > managed securities services group. More vulnerabilities, such as > those affecting Web services, take very little exploit expertise. > Also, more hackers are relying on already-published exploit code and > easily available tools to craft new attacks. > > Other security analysts have harped on the same subject, and the > proof in the trend has been as recent as 2004's wave of worms, due > in part to the release of source code to such malware as MyDoom and > Netsky into the underground. [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Mar 18 2004 - 03:06:07 PST