Language Selection

English French German Italian Portuguese Spanish

Hackers aren't just picking on Microsoft - study

Filed under
Security

Online criminals turned their attention to antivirus software and media players like Apple Computer Inc.'s iTunes in the first three months of 2005 as they sought new ways to take control of users' computers, according to a survey released on Monday.

While hackers continued to poke new holes in Microsoft Corp.'s popular Windows operating system, they increasingly exploited flaws in software made by other companies as well, the nonprofit SANS Institute found.

As more Windows users agreed to receive security upgrades automatically, hackers looked to take advantage of other software programs that might not be patched as frequently, the head of the cybersecurity training and research organization said.

"Operating systems have gotten better at finding and fixing things and auto-updating, so it's less fertile territory for the hackers," said SANS Chief Executive Alan Paller.

Malicious hackers exploit security holes to lift credit-card numbers and other sensitive personal information from a user's computer, or commandeer it to send out spam and pornography.

More than 600 new Internet security holes have surfaced in 2005 so far, SANS found.

Of those, 20 were deemed most dangerous because they remain unfixed on a large number of Internet-connected computers even though software makers quickly made patches available.

As always, Microsoft products were a popular target.

Hackers found ways to take control of a user's computer by tunneling through Microsoft's Web browser, media player and instant-messaging software, as well as Windows software for servers and personal computers.

But software by Oracle Corp. and Computer Associates International Inc. also made the list, along with media players like Apple's iTunes, RealNetworks Inc.'s RealPlayer, and Nullsoft's Winamp.

Anti-virus products from Symantec Corp.. F-Secure, TrendMicro and McAfee Inc. proved vulnerable as well, a prospect Paller found particularly discouraging.

"We ought to do better in our industry -- we should be a model for others," he said.

The complete list can be found at sans.org.

Source.

More in Tux Machines

Linux Foundation: New Members, Certifications and Microsoft Entryism

ETSI/GNU/Linux-based MANO

  • ETSI Open Source MANO announces Release FOUR, moving faster than ever
    ETSI is pleased to announce the availability of OSM Release FOUR. Bringing a large set of new features and enhancements, this version is the most ambitious and innovative OSM Release to date and constitutes a huge leap forward in terms of functionality, user experience and maturity. This new Release brings substantial progress thanks to a number of architectural improvements, which result in a more efficient behaviour and much leaner footprint – up to 75% less RAM consumption. Additionally, its new northbound interface, aligned with ETSI NFV work, and the brand-new cloud-native setup, facilitate OSM’s installation and operation, while making OSM more open and simpler to integrate with pluggable modules and external systems, such as the existing OSS.
  • Open Source MANO Release FOUR lands
    In monitoring, ETSI says OSM Release FOUR's alarm and metric settings are easier to use, and a new policy manager adds push notifications and reactive policy configuration, which the standards body says “opens the door to closed-loop operations”. The monitoring module uses Apache Kafka as its message passing bus, and the module also implements a flexible plugin model so sysadmins can BYO monitoring environment.

today's howtos part 2

Programming: GitLab, Security, Power and Jakarta EE

  • GitLab 10.8 open sources push mirroring
    GitLab 10.8 was released this week with the open sourcing of a highly requested feature. The company announced its push mirroring capability is now open sourced. Push mirroring was originally introduced as a paid feature, but GitLab says it is one of the most frequently requested to be moved into the open-source codebase. This move will add a few new use cases for GitLab Core users, such as freelance developers being able to mirror client repos and users migrating to GitLab being able to use push mirroring to ease the migration path.
  • How Security Can Bridge the Chasm with Development
    Enhancing the relationships between security and engineering is crucial for improving software security. These six steps will bring your teams together. There's always been a troublesome rift between enterprise security teams and software developers. While the friction is understandable, it's also a shame, because the chasm between these teams makes it all the more challenging to build quality applications that are both great to use and safe.
  • Which Programming Languages Use the Least Electricity?
    Can energy usage data tell us anything about the quality of our programming languages? Last year a team of six researchers in Portugal from three different universities decided to investigate this question, ultimately releasing a paper titled “Energy Efficiency Across Programming Languages.” They ran the solutions to 10 programming problems written in 27 different languages, while carefully monitoring how much electricity each one used — as well as its speed and memory usage.
  • How Java EE found new life as Jakarta EE
    The title of this post may seem strange, but if you look a bit into Java EE's recent history, it will make sense. Originally, Sun started and ran Java Enterprise Edition, and later Oracle took over after it acquired Sun. Specifications were driven by a Sun/Oracle-governed process. At more or less regular intervals, they made a new version of the specification available, which was implemented by the server vendors. Those vendors had to license the technology compatibility kits (TCKs) and brand from Oracle. Let's fast-forward a bit. In 2013, Java EE 7 was released, and Oracle began work on EE8, but it did not progress quickly. Meanwhile, new technologies like Docker and Kubernetes came along and changed the way applications run. Instead of running a single fat server process on a big machine, the software is now split into smaller, independent services that run in a (usually) Docker container orchestrated by Kubernetes.