Hackers look outside Windows for flaws

SANS Top 20 highlights backup risks

graph up

Security vulnerabilities are on the rise with a 10.8 percent increase in vulnerabilities over last quarter, according to a study from the SANS Institute. There were 422 new vulnerabilities in the second quarter of 2005, compared to the 381 reported in Q1 2005.

SANS highlights a growing number of vulnerabilities in popular back-up products from Symantec/Veritas and Computer Associates as an unwelcome trend. Meanwhile consumers face risk from new vulnerabilities in iTunes and RealPlayer, along with a seemingly endless stream of browser vulnerabilities. The full SANS report (featuring a list of the top 20 newly discovered security vulnerabilities) can be found here.

"We are seeing a trend to exploit not only the Windows, but other vendor programs that are installed on potentially large number of systems," says Rohit Dhamankar, a research manager in 3Com's TippingPoint security appliance division. "These include backup software, management software, licensing software etc. Flaws in these programs put critical resources at risk as well as having a potential to compromise the entire enterprise."

Security firm Qualys has released a free network scanning service (here) to help companies find and eliminate vulnerabilities listed in the SANS Top 20 update. ®

Related stories

SANS revises Top 20 security vulns list
Red Hat holes less severe than Windows - study
Three critical fixes in MS July security update
3Com puts a bounty on vulns
Browser bugs sprout eternal

Sponsored: 10 ways wire data helps conquer IT complexity