Language Selection

English French German Italian Portuguese Spanish

Hackers aren't just picking on Microsoft - study

Filed under
Security

Online criminals turned their attention to antivirus software and media players like Apple Computer Inc.'s iTunes in the first three months of 2005 as they sought new ways to take control of users' computers, according to a survey released on Monday.

While hackers continued to poke new holes in Microsoft Corp.'s popular Windows operating system, they increasingly exploited flaws in software made by other companies as well, the nonprofit SANS Institute found.

As more Windows users agreed to receive security upgrades automatically, hackers looked to take advantage of other software programs that might not be patched as frequently, the head of the cybersecurity training and research organization said.

"Operating systems have gotten better at finding and fixing things and auto-updating, so it's less fertile territory for the hackers," said SANS Chief Executive Alan Paller.

Malicious hackers exploit security holes to lift credit-card numbers and other sensitive personal information from a user's computer, or commandeer it to send out spam and pornography.

More than 600 new Internet security holes have surfaced in 2005 so far, SANS found.

Of those, 20 were deemed most dangerous because they remain unfixed on a large number of Internet-connected computers even though software makers quickly made patches available.

As always, Microsoft products were a popular target.

Hackers found ways to take control of a user's computer by tunneling through Microsoft's Web browser, media player and instant-messaging software, as well as Windows software for servers and personal computers.

But software by Oracle Corp. and Computer Associates International Inc. also made the list, along with media players like Apple's iTunes, RealNetworks Inc.'s RealPlayer, and Nullsoft's Winamp.

Anti-virus products from Symantec Corp.. F-Secure, TrendMicro and McAfee Inc. proved vulnerable as well, a prospect Paller found particularly discouraging.

"We ought to do better in our industry -- we should be a model for others," he said.

The complete list can be found at sans.org.

Source.

More in Tux Machines

GNU/Linux Laptops for Developers

  • 5 New & Powerful Dell Linux Machines You Can Buy Right Now
    The land of powerful PCs and workstations isn’t barren anymore when we talk about Linux-powered machines; even all of the world’s top 500 supercomputers now run Linux. Dell has joined hands with Canonical Inc. to give Linux-powered machines a push in the market. They have launched five new Canonical-certified workstations running Ubuntu Linux out-of-the-box as a part of the Dell Precision series. An advantage of buying these canonical-certified machines is that the users won’t have to worry about incompatibility with Linux.
  • How to set up a Pixelbook for programming
    The beauty of Chrome OS is that most of the "state" of your system is in the cloud, attached to your Google Account, but if you have any local documents those will be gone. This is because Developer Mode basically destroys the physically secure design of Chrome OS. Now you're in Linux land, and local security is your job, not Google's. Every time you boot up now, you'll have the option to press Space bar and wipe the system again and return to the safety of vanilla Chrome OS. Press Ctrl-D to continue into the unknown.

today's leftovers

Graphics: Intel, Mesa, Wayland and Bosch

  • Intel's Mesa GLSL Shader Cache Is Speeding Up Game Load Times
    At the start of the month the Intel i965 Mesa driver finally landed its on-disk shader cache, months after the GLSL on-disk shader cache originally landed in core Mesa and wired up for the RadeonSI Gallium3D driver. While you can't play too many shader-heavy games with current Intel integrated graphics, this GLSL shader cache within Mesa 17.4-dev Git is working well for speeding up load times and does provide some frame-rate benefits in games dynamically loading shaders.
  • Bosch Has Been Developing A 3D Window Manager Using Wayland
    In what appears to be research for potential use within in-vehicle infotainment (IVI) systems, Bosch in conjunction with other organizations has been developing a 3D window manager that's built atop Wayland/Weston. Wayland is already used within automobiles for IVI purposes, etc, but this is the first we're seeing at least publicly of creating a 3D window manager around it. Harsha Manjula Mallikarjun of Bosch has talked about their work in developing a middleware framework for a 3D window manager that is making use of Wayland's Weston library, libweston. The window manager maps client buffers to 3D shapes like cubes and cylinders.
  • MESA_program_binary_formats Added To The OpenGL Registry
    Intel developers have seen their MESA_program_binary_formats extension added to the official OpenGL registry. The extension is really quite simple and just documents the unique format designator to be used by Mesa for ARB_get_program_binary/OES_get_program_binary extensions. Overnight it was merged into the OpenGL Registry.

Software: Nuclide, QEMU, Mailspring, GNOME Calendar and To Do, LibreOffice

  • Nuclide – An Open IDE for Mobile and Web Development
    It wasn’t too long ago that we wrote about an IDE that was developed by adding support for advanced debugging and development functions to Atom text editor to create Atom-IDE. We’ve got another such application for you today and it goes by the name of Nuclide. Nuclide is a free Electron-based IDE created by combining a collection of Atom’s features to provide IDE-like functions for several programming languages and technologies.
  • “Improving the performance of the qcow2 format” at KVM Forum 2017
    I was in Prague last month for the 2017 edition of the KVM Forum. There I gave a talk about some of the work that I’ve been doing this year to improve the qcow2 file format used by QEMU for storing disk images. The focus of my work is to make qcow2 faster and to reduce its memory requirements.
  • QEMU and function keys (follow-up)
    Since I posted my suggestion for QEMU a few weeks ago, I've learned a few things about QEMU. Thanks so much to the folks who contacted me via email to help me out. A brief review of my issue: I like to run FreeDOS in QEMU, on my Linux laptop. QEMU makes it really easy to boot FreeDOS or to test new installations. During our run up to the FreeDOS 1.2 release, I tested every pre-release version by installing under QEMU.
  • Mailspring Email Client is now available as a Snap app
    The Mailspring email client is now available as a Snap application on Ubuntu and other Linux distros. The part-Electron, part C++ mail app works with most major email providers, lets you add multiple accounts, has fast mail searching, and offers some advanced features, like read receipts and quick reply templates.
  • The Road to 3.28: Calendar and To Do
    It’s been a long time with no news. I guess work and masters are really getting in the way… good news is that I’ll finish masters in 2 months, and will have some free time to devote to this beloved project. “Bad” news is that, after almost 6 years, I’ll finally take some time to have a real vacation. I’ll stay 3 weeks out of the loop in February, a time where I’ll be traveling to the other side of the world, watching the sunset at the beach with my wife. Without a computer. While it’s unfortunate to the community, I think this time is necessary for my mental health – I’ve gone way too many times through the almost-burned-out state recently.
  • LIBREOFFICE MASCOT SURVEY: THE PROGRESS SO FAR
    As you’ve no doubt seen, over the last few months we’ve been looking for a LibreOffice mascot. This is just something fun for our community to use, for instance on T-shirts at events, so it doesn’t have to be ultra slick and professional – it isn’t a replacement for the official branding and logos that we use in the software, website and marketing materials. At the start, we asked for your submissions and received over 300 of them – thank you so much to everyone who contributed! Many of them were excellent, but we had to remove quite a few from the following voting round for various reasons (such as potential copyright issues, conflicts with other FOSS projects, and use of the official LibreOffice document logo). If your submission didn’t make it to the voting round, we still really appreciate your input, and we apologies if we didn’t make it clearer why some didn’t get through!