Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Researcher: Threats from zero-day exploits overhyped

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 1 Jul 2011 05:15:56 -0700 (MST)
http://www.computerworld.com/s/article/9218057/Researcher_Threats_from_zero_day_exploits_overhyped

By Jeremy Kirk
IDG News Service
June 30, 2011
Computers lacking patches for long-known vulnerabilities potentially face more of a hacking risk than from zero-day exploits, or attacks targeting vulnerabilities that haven't been publicly disclosed, according to new research from Secunia.
Finding an unknown vulnerability and crafting an exploit requires advanced skills, said Stefan Frei, research analyst director at Denmark-based Secunia. Those type of exploits are highly valuable since no patch exists and can be sold on the black market.
However, there are plenty of software vulnerabilities for which patches have been engineered but never applied by users, in part due to the fractured way companies release patches. Targeting those vulnerabilities is much easier for hackers, Frei said.
"Even if a cybercriminal knows that a patch is available, that does not imply that the patch has been installed," Frei said. 

[...]


___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Previous By Date Next
Previous By Thread Next

Current thread: