Slashdot Mirror

← Back to Stories (view on slashdot.org)

SANS Institute Warns of Attack Shift

Posted by Zonk on from the new-targets dept.

JamesAlfaro writes "SANS warned of the switch to attacks on applications and network devices in its annual publication of the Top 20 vulnerabilities on Tuesday. The annual SANS Top 20 highlights holes in software programs that are considered the most serious for security professionals. Microsoft shares the spotlight this year with Symantec Corp., Cisco Systems Inc., Oracle Corp. and others, after a year in which warnings about vulnerabilities in antivirus and computer backup software and the surprise publication of information on a hole in Cisco Systems' IOS (Internetwork Operating System) made headlines."

11 of 80 comments (clear)

  1. Interesting article, but... by someone1234 · · Score: 4, Insightful

    What about IE? Is it 'internet' or 'application'? Ie. (not pun) does it belong to the former or the latter group. You can hear a new ActiveX or Javascript vulnerability in IE every month. And holes in Oracle are old news too. So, i don't see the 'big shift'. I expect some shift towards Firefox exploits though (as contrary to belief, it crashes too). As soon as it reaches a critical mass of users so it 'worths bothering with'.

    --
    Patents Drive Free Software as Hurricanes Drive Construction Industry
  2. Link to list by UnderAttack · · Score: 5, Informative

    the actual top 20 list can be found here: http://www.sans.org/top20

    --
    ---- join dshield.org Distributed Intrusion Detec
  3. shares? by gcnaddict · · Score: 5, Funny

    " Microsoft shares"

    Microsoft shares? Did I read that right?

    --
    Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
  4. Coding practices by Dekortage · · Score: 4, Insightful

    From the article: "You could be the most secure operation in the world, but if you have applications that were developed using bad coding practices, you're open to exposure," said Braunstein.

    While this is true, it is also possible that software developed with good coding practices can still have vulnerabilities -- because some things you just can't predict or determine. All you need to do is overlook one itty bitty thing and it becomes a weak link, but I still wouldn't call it "bad coding practices".

    --
    $nice = $webHosting + $domainNames + $sslCerts
    1. Re:Coding practices by Anonymous Coward · · Score: 4, Interesting

      I disagree, that's like saying an airplane will fall out of the sky if you forget one little thing.

      You know how the people who make airplanes avoid this type of situation? They double-check. They triple-check. They fire people who can't do a good job and hire ones who can. They actually, you know, *try*. Can you honestly say the same thing for the average coder?

      If you have a network app, and it accepts a finite language of bytes, just how hard is it to secure this? Not very hard. Either you can do it, or your app is too complex, and you need to simplify it.

      I don't think software with security holes should *ever* be "the norm". That's a dangerous way of thinking. It just makes software worse and worse. I have no problem with calling any software with holes the result of "bad coding practices". Including my own.

      Every single time a flaw is discovered, it's a failure. It's not business as usual. Just because it happens a lot in our industry doesn't change that.

  5. In other news... by pmike_bauer · · Score: 4, Funny

    Sony, looking to expand its product line, is selling the new $sys$Attack package to hackers.

    Sharp criticism for this product inspired Sony to offer $sys$CounterAttack, $sys$Peekaboo, and $sys$Shields to private induhviduals and security experts.

    A $sys$spokes-person for Sony, who wishes to remain anonymous, says these products are the precurser to the $sith$ branded products that will ensure peace and justice in the galaxy.

    --
    I read /. for the (Score:-1, Conservative) comments.
  6. Yes, but I'm safe by punxking · · Score: 5, Funny

    Microsoft shares the spotlight this year with Symantec Corp., Cisco Systems Inc., Oracle Corp. and others

    Thank goodness I'm protecting my well-patched XP system with Norton and a Linksys router, so I'm safe!
    This levee is rock-solid baby!

    --
    You can have my cynical agnosticism when you pry it from my cold, dead logic.
  7. Get the actual report here by hal9000(jr) · · Score: 4, Insightful

    SANS Top 20, November 22, 2005 is here.

    This is the first year that they are pulling out specifically application and network devices/software. However, to anyone who reads Bugtraq, Full Disclosure, or VulnWatch, this is incredibly old news.

    I suspect that the new attention is partly due to marketing and partly due to better tracking facilities by ISC.

  8. What about Chinese attacks? by Anonymous Coward · · Score: 4, Interesting

    I've had various Chinese hosts hammering on my SSH door for at least seven months with no end in sight. I understand that it isn't a "sexy worm" but rather, a simple brute force password guessing attack but, I rarely see any mention of it anywhere.

    Who's behind these attacks and what's being done to put an end to them? I'm tired of seeing Slashdot headlines about "poor Chinese people behind the Great Firewall" when they don't seem to be having any trouble hammering on my SSH door.

  9. Re:Symantec by someone1234 · · Score: 4, Insightful
    That must be embarrassing for a company that sells security products themselves.

    No, that must be profitable.

    --
    Patents Drive Free Software as Hurricanes Drive Construction Industry
  10. attack shift? or change in strategies? by theCat · · Score: 4, Interesting

    The hardware and IOS vulns may not be entirely new, but the *interest* in them probably is. We've gone from recreational hacking that produced interesting viruses to organized crime looking at ways to make money. When the mob gets involved, you can bet they'll take any route they can, all the time.

    IMO hardware vulns are best used to extort businesses, and are no good for terrorism. The DOS, which used to be seen as a tool for revenge, is now used as a tool for extortion. Being able to shut down some business' router, and keep it down, is in the end far more effective than trying to build a small army of bots to packet flood the same router. Master Sun Tzu reminds us: "Therefore those who win every battle are not skillful... those who render others' armies helpless without fighting are the best of all."

    That's the science of Internet Warfare.

    --
    =^..^= all your rodent are belong to us