http://www.computerworld.com/s/article/9218057/Researcher_Threats_from_zero_day_exploits_overhyped By Jeremy Kirk IDG News Service June 30, 2011 Computers lacking patches for long-known vulnerabilities potentially face more of a hacking risk than from zero-day exploits, or attacks targeting vulnerabilities that haven't been publicly disclosed, according to new research from Secunia. Finding an unknown vulnerability and crafting an exploit requires advanced skills, said Stefan Frei, research analyst director at Denmark-based Secunia. Those type of exploits are highly valuable since no patch exists and can be sold on the black market. However, there are plenty of software vulnerabilities for which patches have been engineered but never applied by users, in part due to the fractured way companies release patches. Targeting those vulnerabilities is much easier for hackers, Frei said. "Even if a cybercriminal knows that a patch is available, that does not imply that the patch has been installed," Frei said. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Fri Jul 01 2011 - 05:15:56 PDT
This archive was generated by hypermail 2.2.0 : Fri Jul 01 2011 - 05:23:06 PDT