Internet Security Industry News
Hacking hit-list to highlight security flaws
August 6, 2003
Hacking hit-list: Security experts Qualys have put together a list of the top ten computer security priorities - vulnerabilities in computer systems that can be used by hackers. The list, which will be updated in real time, can be found at www.qualys.com/RV10.
The RV10scan will be continually recompiled from - in the words of Qualys - 'a statistically representative sample, including thousands of networks'. Currently top of the chart is the 'Microsoft IIS CGI Filename Decode Error Vulnerability'.
Note that the system cannot monitor the flaws actually targeted by hackers. Instead, Qualys claims that it is based on Gerhard Eschelbeck's Laws of Vulnerabilities, which states that vulnerability prevalence is directly related to exploitation. In other words, these are the most common flaws to be found out in the real world, which means they are most likely to be attacked.
The move will help highlight the fact that most security violations involve well-known and documented flaws for which patches have been made available. It could also, it must be said, help hackers write their viruses. For the most widespread vulnerabilities.
The chart of 'hacking hits' is particularly well-timed. Only this last week we have seen fears of a new mass-mailing worm spreading from the States, and the arrival of Autorooter, which exploits a Windows RPC (Remote Procedure Call) flaw. The American Department of Homeland Security fears this is just the harbinger of more malicious attacks to exploit this well-known Windows vulnerability.
Source: PC Pro .co.uk
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing