Language Selection

English French German Italian Portuguese Spanish

Hackers aren't just picking on Microsoft - study

Filed under
Security

Online criminals turned their attention to antivirus software and media players like Apple Computer Inc.'s iTunes in the first three months of 2005 as they sought new ways to take control of users' computers, according to a survey released on Monday.

While hackers continued to poke new holes in Microsoft Corp.'s popular Windows operating system, they increasingly exploited flaws in software made by other companies as well, the nonprofit SANS Institute found.

As more Windows users agreed to receive security upgrades automatically, hackers looked to take advantage of other software programs that might not be patched as frequently, the head of the cybersecurity training and research organization said.

"Operating systems have gotten better at finding and fixing things and auto-updating, so it's less fertile territory for the hackers," said SANS Chief Executive Alan Paller.

Malicious hackers exploit security holes to lift credit-card numbers and other sensitive personal information from a user's computer, or commandeer it to send out spam and pornography.

More than 600 new Internet security holes have surfaced in 2005 so far, SANS found.

Of those, 20 were deemed most dangerous because they remain unfixed on a large number of Internet-connected computers even though software makers quickly made patches available.

As always, Microsoft products were a popular target.

Hackers found ways to take control of a user's computer by tunneling through Microsoft's Web browser, media player and instant-messaging software, as well as Windows software for servers and personal computers.

But software by Oracle Corp. and Computer Associates International Inc. also made the list, along with media players like Apple's iTunes, RealNetworks Inc.'s RealPlayer, and Nullsoft's Winamp.

Anti-virus products from Symantec Corp.. F-Secure, TrendMicro and McAfee Inc. proved vulnerable as well, a prospect Paller found particularly discouraging.

"We ought to do better in our industry -- we should be a model for others," he said.

The complete list can be found at sans.org.

Source.

More in Tux Machines

Red Hat and Fedora

Android Leftovers

Leftovers: OSS and Sharing

  • CoreOS Tectonic Now Installs Kubernetes on OpenStack
    CoreOS and OpenStack have a somewhat intertwined history, which is why it's somewhat surprising it took until today for CoreOS's Tectonic Kubernetes distribution to provide an installer that targets OpenStack cloud deployments.
  • Docker and Core OS plan to donate their container technologies to CNCF
    Containers have become a critical component of modern cloud, and Docker Inc. controls the heart of containers, the container runtime. There has been a growing demand that this critical piece of technology should be under control of a neutral, third party so that the community can invest in it freely.
  • How Blockchain Is Helping China Go Greener
    Blockchain has near-universal applicability as a distributed transaction platform for securely authenticating exchanges of data, goods, and services. IBM and the Beijing-based Energy-Blockchain Labs are even using it to help reduce carbon emissions in air-polluted China.
  • An efficient approach to continuous documentation
  • The peril in counting source lines on an OSS project
    There seems to be a phase that OSS projects go through where as they mature and gain traction. As they do it becomes increasingly important for vendors to point to their contributions to credibly say they are the ‘xyz’ company. Heptio is one such vendor operating in the OSS space, and this isn’t lost on us. :) It helps during a sales cycle to be able to say “we are the a big contributor to this project, look at the percentage of code and PRs we submitted”. While transparency is important as is recognizing the contributions that key vendors, focus on a single metric in isolation (and LoC in particular) creates a perverse incentive structure. Taken to its extreme it becomes detrimental to project health.
  • An Open Source Unicycle Motor
    And something to ponder. The company that sells this electric unicycle could choose to use a motor with open firmware or one with closed firmware. To many consumers, that difference might not be so significant. To this consumer, though, that’s a vital difference. To me, I fully own the product I bought when the firmware is open. I explain to others that they ought to choose that level of full ownership whenever they get a chance. And if they join a local makerspace, they will likely meet others with similar values. If you don’t yet have a makerspace in your community, inquire around to see if anyone is in the process of forming one. Then find ways to offer them support. That’s how we do things in the FOSS community.
  • The A/V guy’s take on PyCon Pune
    “This is crazy!”, that was my reaction at some point in PyCon Pune. This is one of my first conference where I participated in a lot of things starting from the website to audio/video and of course being the speaker. I saw a lot of aspects of how a conference works and where what can go wrong. I met some amazing people, people who impacted my life , people who I will never forget. I received so much of love and affection that I can never express in words. So before writing anything else I want to thank each and everyone of you , “Thank you!”.
  • Azure Service Fabric takes first tentative steps toward open source [Ed: Microsoft Peter is openwashing a patent trap with back doors]
  • Simulate the Internet with Flashback, a New WebDev Test Tool from LinkedIn
  • Mashape Raises $18M for API Gateway Tech
    Casado sees Mashape's Kong API gateway in particular as being a particularly well positioned technology. Kong is an open-source API gateway and microservice management technology.
  • PrismTech to Demonstrate Open Source FACE 2.1 Transport Services Segment (TSS) Reference Implementation at Air Force FACE Technical Interchange Meeting
    PrismTech’s TSS reference implementation is being made available under GNU Lesser General Public License (LGPL) v3 open source license terms.
  • How Open-Source Robotics Hardware Is Accelerating Research and Innovation

    The latest issue of the IEEE Robotics & Automation Magazine features a special report on open-source robotics hardware and its impact in the field.

Security Leftovers