Are we addressing the real security problems?

September 16, 2009

This report from SANS was an eye-opener for me:
http://www.sans.org/top-cyber-security-risks/

Priority One: Client-side software that remains unpatched.

Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have Internet access…

Priority Two: Internet-facing web sites that are vulnerable.

Attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. These vulnerabilities are being exploited widely to convert trusted web sites into malicious websites serving content that contains client-side exploits…

Posted by globalizenetworks
Filed in Uncategorized ·Tags:
1 Comment »

One Response to “Are we addressing the real security problems?”

  1. Big patch Tuesday « Globalize Networks Blog said
    October 15, 2009 at 5:11 am

    […] it’s updates.  This month, Adobe released a big update with 29 fixes.  As I noted in my previous post, un-patched client software is the primary way in which computers with internet access are being […]

    Reply

Leave a comment