[ISN] Researcher: Threats from zero-day exploits overhyped

From: InfoSec News <alerts_at_private>
Date: Fri, 1 Jul 2011 05:15:56 -0700 (MST)

By Jeremy Kirk
IDG News Service
June 30, 2011

Computers lacking patches for long-known vulnerabilities potentially 
face more of a hacking risk than from zero-day exploits, or attacks 
targeting vulnerabilities that haven't been publicly disclosed, 
according to new research from Secunia.

Finding an unknown vulnerability and crafting an exploit requires 
advanced skills, said Stefan Frei, research analyst director at 
Denmark-based Secunia. Those type of exploits are highly valuable since 
no patch exists and can be sold on the black market.

However, there are plenty of software vulnerabilities for which patches 
have been engineered but never applied by users, in part due to the 
fractured way companies release patches. Targeting those vulnerabilities 
is much easier for hackers, Frei said.

"Even if a cybercriminal knows that a patch is available, that does not 
imply that the patch has been installed," Frei said.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
Received on Fri Jul 01 2011 - 05:15:56 PDT

This archive was generated by hypermail 2.2.0 : Fri Jul 01 2011 - 05:23:06 PDT