|
05.02.06
Mac Security Reputation 'is In Tatters'
By David A. Utter
The SANS Institute released its spring update of the top 20 Internet security vulnerabilities, and the increased adoption of Mac OS X and the Firefox browser have made them more tempting to malicious hackers.
SANS provided an update to its top 20 vulnerabilities list, to ensure the newest and most important ones are brought to the attention of security professionals everywhere.
Long regarded as much more secure than Windows, Apple's Mac OS X has slowly become a more attractive target for attacks. "OS/X still remains safer than Windows, but its reputation for offering a bullet-proof alternative to Windows is in tatters," SANS said.
Microsoft still figures prominently in several places on the list, thanks to the "continuing discovery of multiple zero-day vulnerabilities in Internet Explorer." SANS also noted a "substantial decline" in critical vulnerabilities in Windows Services, which unfortunately has been offset by the client-side problems in Windows and Internet Explorer.
Firefox and the Mozilla Foundation have found the price of fame includes a following from fans it does not want. SANS said there has been "rapid growth in critical Firefox and Mozilla vulnerabilities," as attackers continue to probe those products for arbitrary code execution weaknesses.
SANS also observed a couple of disturbing trends. One concerns zero-day attacks, which they claim are used to "infiltrate systems for profit motives." Adware figures in this trend, they noted:
One possible explanation is that cyber crime has become so lucrative - reaching at least $10 billion per year -- that huge sums of money are being spent to sponsor research to find more vulnerabilities faster. Many vulnerabilities being found make their way into zero-day attacks meant to collect zombies to be infected with lucrative adware downloads.
The other vulnerability can't be blamed on software, but "gullible users" instead. SANS cited a three-year series of disciplined attacks emanating from hostile countries against US, Canadian, and British government interests has escalated to a higher pitch.
Defense and nuclear sites have been specifically targeted, but SANS did not discuss which sites, or which countries have been the sources of the attacks. Spear-phishing attacks aimed at users at those sites try to entice users to download a piece of software for security needs.
They end up downloading a Trojan file that steals information, sends it back to its distributor, and opens a back door for future intrusions.
About the Author:
David Utter is a business and technology writer with WebProNews.
|
