Re: Evolution of security threats and exploits...

[Todd Haverkos <infosec () haverkos com>]

cribbar <crib.bar () hotmail co uk> writes:

> Could I ask, from the perspective of an internal systems administrator, the
> so called “good guy”, do you hackers / pen testers see any major trends in
> the IT security industry that people with malicious intent are now targeting
> or exploiting these days, as opposed to say, 5 years ago? Has any of the
> main focus of primary attack shifted in the last few years? 

Seems like client-side attacks have been quite on the rise recently.
Web exploit packs and crimeware to enable drive by exploitation of
unpatched web browsers and plugins seem to be quite the rage.  This is
now over a year old, but activity on this front certainly continues 
    http://blog.avast.com/2009/08/12/exploit-pack-as-the-way-to-infect/

Web applications, of course remain under constant attack, but that's
been true for the past 5 years. 

--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------