Slashdot Mirror

← Back to Stories (view on slashdot.org)

SANS Report Says Organizations Focusing On the Wrong Security Threats

Posted by timothy on from the here's-mud-in-yer-eye dept.

yahoi writes "Companies around the world are leaving themselves wide open to Web- and client-side attacks, according to a new report released today by the SANS Institute that includes real attack data gathered from multiple sources. SANS found that most organizations are focusing their patching efforts and vulnerability scanning on the operating system, but they're missing the boat: 60 percent of the total number of attacks occur on Web applications, and many attacks are aimed at third-party applications such as Microsoft Office, and Adobe Flash and other tools. Exacerbating the problem, they're taking twice as long to patch Microsoft Office and other applications than to patch their operating systems."

7 of 98 comments (clear)

  1. We are just lucky I guess by 2names · · Score: 2, Informative

    My place of employment is lucky to have our "patch management" guy. He is absolutely fanatical about keeping up-to-date on patches for OS and apps, anti-virus updates, and anti-malware updates. I make sure that I tell upper management about him every chance I get so he continues to be properly compensated. He would be difficult to replace. In fact, I doubt I would find another person with his level of dedication, which is kind of sad.

    --
    "I'm just here to regulate funkiness."
  2. Re:Most type of exploit is 'other' by Anonymous Coward · · Score: 1, Informative

    Unless I am reading that wrong, the 92% is the other blue item: MS08-067 (buffer overflow).
    Other is only 2%.

    Though they really should have used colors that contrasted better than light and dark blue.

  3. Re:The problem is in job responsibility by PlusFiveTroll · · Score: 5, Informative

    For commonly used applications that make the CSV lists I find the Personal Software Inspector an excellent tool.

    http://secunia.com/vulnerability_scanning/personal/

    Amazing how many userland applications out there have some kind of exploit against them : /

  4. Re:OpenBSD vs Linux by Penguinisto · · Score: 2, Informative

    Is the OS important when someone snarfs up your web app and all data it had access to?

    Depends on how long you want to spend in doing recovery. If I have incremental copies (in addition to normal backup/DR actions) and a live copy of the DB transaction logs sitting on the local box outside of the chroot jail (and thus remain untouchable)? It is a lot easier and faster to disable the offending script (or apply the needed patch), copy over the last known good data, and be up and running - with a very short downtime.

    If the OS is untrusted, you get to rebuild the entire - which means you get to reach for disk backup or VM clone (if you're lucky) or tapes (if you're not), or you're basically screwed (if you're stupid).

    Corner cases naturally will change all of this, but that's the basic premise.

    /P

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
  5. Re:The problem is in job responsibility by spinkham · · Score: 2, Informative

    Cassandra is probably the best resource for that, you can build a profile of the software you use, and it will alert you when a vulnerability is fixed in that software.

    Secunia of course offers commercial tools, but I've never used them, so not sure how useful they are.
    http://secunia.com/advisories/business_solutions/

    Also, vulnerability management/discovery software like NeXpose or Nessus also can find many similar problems, especially if you give them access credentials.

    --
    Blessed are the pessimists, for they have made backups.
  6. Re:Most type of exploit is 'other' by ShieldW0lf · · Score: 2, Informative

    Did you forget to read the top of the figure where it says "Microsoft OS" and not "Linux"?

    No, I didn't forget to read it. It wasn't there. "Microsoft OS", "Windows", these were not mentioned in the article nor in the report. Things that were mentioned were things like Flash, Acrobat Reader and Microsoft Office. I get my updates to Flash and Acrobat through apt, so I think it's pretty relevant. My office suite is also updated via apt, although it wasn't made by Microsoft.

    --
    -1 Uncomfortable Truth
  7. Re:OpenBSD vs Linux by greenbird · · Score: 2, Informative

    Today, the PHP service that got popped was running on the... PHP server. Is the OS important when someone snarfs up your web app and all data it had access to?

    Yes, it's very important. To extend your analogy a little, with Microsoft all the goodies are sitting on open tables inside the big tent so a tear in the big tent generally allows complete access to all the goodies. With linux there are locked covered cubicles inside the tent that you can keep the goodies in. If the goodies are kept in the cubicles, as they should be, it's much harder to get at them even after you tear through the outside tent. With OpenBSD there are steel cubicles for the goodies.

    --
    Who is John Galt?