Original URL: http://www.theregister.co.uk/2005/07/28/sans_top_20/
Hackers look outside Windows for flaws
SANS Top 20 highlights backup risks
Security vulnerabilities are on the rise with a 10.8 percent increase in vulnerabilities over last quarter, according to a study from the SANS Institute. There were 422 new vulnerabilities in the second quarter of 2005, compared to the 381 reported in Q1 2005.
SANS highlights a growing number of vulnerabilities in popular back-up products from Symantec/Veritas and Computer Associates as an unwelcome trend. Meanwhile consumers face risk from new vulnerabilities in iTunes and RealPlayer, along with a seemingly endless stream of browser vulnerabilities. The full SANS report (featuring a list of the top 20 newly discovered security vulnerabilities) can be found here.
"We are seeing a trend to exploit not only the Windows, but other vendor programs that are installed on potentially large number of systems," says Rohit Dhamankar, a research manager in 3Com's TippingPoint security appliance division. "These include backup software, management software, licensing software etc. Flaws in these programs put critical resources at risk as well as having a potential to compromise the entire enterprise."
Security firm Qualys has released a free network scanning service (here) to help companies find and eliminate vulnerabilities listed in the SANS Top 20 update. ®