Re: Symantec: Boom Times For Hackers

[InfoSec News <isn () c4i org>]

Forwarded from: Mark Bernard <mbernard () nbnet nb ca>

Dear Associates,

Am I not sure if I am the only one here that is concerned about this
fact or not, so here it goes. Isn't it at cross purposes perhaps even
a ethical question, that a report like this was created by a company
that sells the stuff to prevent all this bad stuff from happening to
you? Why has no one ever suggested this before? It seems like a
logical conclusion.

For me independent sources, even if only in appearances, would help to
validate this information adding credibility and trust.

It appears that each and every group from Symantec to PWC, E & Y and
CSI/FBI has a different story to tell and its difficult to tell which
one is correct because none of them support each other.

Regards,
Mark.


----- Original Message ----- 
From: "InfoSec News" <isn () c4i org>
To: <isn () attrition org>
Sent: Tuesday, March 16, 2004 3:44 AM
Subject: [ISN] Symantec: Boom Times For Hackers


> http://www.informationweek.com/story/showArticle.jhtml?articleID=18400171
>
> By Gregg Keizer
> TechWeb News
> March 15, 2004
>
> Symantec Corp.'s twice-annual Internet Security Threat Report paints
> a menacing picture, one that security professionals know all too
> well.
>
> A report released Monday by the security vendor using data from
> customers as well as from its DeepSight Threat analysis system says
> attackers are having an easier time than ever exploiting
> vulnerabilities. They're also increasingly using back doors to gain
> access to compromised systems, and are trying to turn a quick buck
> with stolen confidential information.
>
> During 2003, according to Symantec's data, the number of
> easily-exploited vulnerabilities climbed about 10% from the year
> before, marking the first time that vulnerabilities so classified
> broke the two-thirds mark. In 2003, fully 70% of all security
> vulnerabilities were simple for attackers to manage.
>
> The reasons are twofold, said Brian Dunphy, director of Symantec's
> managed securities services group. More vulnerabilities, such as
> those affecting Web services, take very little exploit expertise.
> Also, more hackers are relying on already-published exploit code and
> easily available tools to craft new attacks.
>
> Other security analysts have harped on the same subject, and the
> proof in the trend has been as recent as 2004's wave of worms, due
> in part to the release of source code to such malware as MyDoom and
> Netsky into the underground.

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.