Language Selection

English French German Italian Portuguese Spanish

Hackers aren't just picking on Microsoft - study

Filed under
Security

Online criminals turned their attention to antivirus software and media players like Apple Computer Inc.'s iTunes in the first three months of 2005 as they sought new ways to take control of users' computers, according to a survey released on Monday.

While hackers continued to poke new holes in Microsoft Corp.'s popular Windows operating system, they increasingly exploited flaws in software made by other companies as well, the nonprofit SANS Institute found.

As more Windows users agreed to receive security upgrades automatically, hackers looked to take advantage of other software programs that might not be patched as frequently, the head of the cybersecurity training and research organization said.

"Operating systems have gotten better at finding and fixing things and auto-updating, so it's less fertile territory for the hackers," said SANS Chief Executive Alan Paller.

Malicious hackers exploit security holes to lift credit-card numbers and other sensitive personal information from a user's computer, or commandeer it to send out spam and pornography.

More than 600 new Internet security holes have surfaced in 2005 so far, SANS found.

Of those, 20 were deemed most dangerous because they remain unfixed on a large number of Internet-connected computers even though software makers quickly made patches available.

As always, Microsoft products were a popular target.

Hackers found ways to take control of a user's computer by tunneling through Microsoft's Web browser, media player and instant-messaging software, as well as Windows software for servers and personal computers.

But software by Oracle Corp. and Computer Associates International Inc. also made the list, along with media players like Apple's iTunes, RealNetworks Inc.'s RealPlayer, and Nullsoft's Winamp.

Anti-virus products from Symantec Corp.. F-Secure, TrendMicro and McAfee Inc. proved vulnerable as well, a prospect Paller found particularly discouraging.

"We ought to do better in our industry -- we should be a model for others," he said.

The complete list can be found at sans.org.

Source.

More in Tux Machines

Security: WPA2, CVE-2017-15265, Fuzzing, Hyperledger

  • Fedora Dev Teaches Users How to Protect Their Wi-Fi Against WPA2 KRACK Bug
    Former Fedora Project leader Paul W. Frields talks today about how to protect your Fedora computers from the dangerous WPA2 KRACK security vulnerability that affects virtually any device using the security protocol to connect to the Internet.
  • WPA2 was kracked because it was based on a closed standard that you needed to pay to read
    How did a bug like krack fester in WPA2, the 13-year-old wifi standard whose flaws have rendered hundreds of millions of devices insecure, some of them permanently so? Thank the IEEE's business model. The IEEE is the standards body that developed WPA2, and they fund their operations by charging hundreds of dollars to review the WPA2 standard, and hundreds more for each of the standards it builds upon, so that would-be auditors of the protocol have to shell out thousands just to start looking. It's an issue that Carl Mamamud, Public Resource and the Electronic Frontier Foundation have been fighting hard on for years, ensuring that the standards that undergird public safety and vital infrastructure are available for anyone to review, audit and criticize.
  • Patch Available for Linux Kernel Privilege Escalation
    The issue — tracked as CVE-2017-15265 — is a use-after-free memory corruption issue that affects ALSA (Advanced Linux Sound Architecture), a software framework included in the Linux kernel that provides an API for sound card drivers.
  • ​Linus Torvalds says targeted fuzzing is improving Linux security
    Announcing the fifth release candidate for the Linux kernel version 4.14, Linus Torvalds has revealed that fuzzing is producing a steady stream of security fixes. Fuzzing involves stress testing a system by generating random code to induce errors, which in turn may help identify potential security flaws. Fuzzing is helping software developers catch bugs before shipping software to users.
  • Devsecops: Add security to complete your devops process [Ed: more silly buzzwords]
  • Companies overlook risks in open source software [Ed: marketing disguised as "news" (and which is actually FUD)]
  • Q&A: Does blockchain alleviate security concerns or create new challenges?
    According to some, blockchain is one of the hottest and most intriguing technologies currently in the market. Similar to the rising of the internet, blockchain could potentially disrupt multiple industries, including financial services. This Thursday, October 19 at Sibos in Toronto, Hyperledger’s Security Maven Dave Huseby will be moderating a panel “Does Blockchain technology alleviate security concerns or create new challenges?” During this session, experts will explore whether the shared nature of blockchain helps or hinders security.

Games: Nowhere Prophet, Ebony Spire: Heresy, The First Tree, Daggerfall, Talos Principle

  • Nowhere Prophet, a single-player tactical roguelike with card-based battles has Linux support
    Nowhere Prophet [Official Site, itch.io], a single-player tactical roguelike with card-based battles is currently going through 'First Access' (itch's version of Early Access) and it has Linux support.
  • Ebony Spire: Heresy, a first-person turn-based dungeon crawler will release next month
    For fans of the classic first-person dungeon crawlers, Ebony Spire: Heresy [Steam] looks like it might scratch the itch. One interesting thing to note, is that Linux is the primary platform for the development of the game. It's really great to hear about more games actually developed on Linux! Even better, is that the source code for the game is under the MIT license. You can find the source on GitHub. The source is currently a little outdated, but the developer has told me that it will be updated when the Beta becomes available.
  • The First Tree, a short and powerful exploration game is now available on Linux
    The developer of The First Tree [itch.io, Steam, Official Site] email in to let everyone know that their beautiful 3rd-person exploration game is now on Linux 'due to a ton of requests'. Linux support arrived as part of a major patch, which improves gamepad support, adds an option to invert the Y-axis and Camera Sensitivity options are in too. On top of that, a bunch of bugs were also squashed.
  • The open source recreation of Daggerfall hits an important milestone
    Another classic game is getting closer to being fully playable natively on Linux. The project to recreate The Elder Scrolls II: Daggerfall in the Unity engine has hit an important milestone and now the the main quest is completely playable. Daggerfall is the second entry in Bethesda’s long-running Elder Scrolls series of role-playing games and was originally released way back in 1996. It was an ambitious game, with thousands upon thousands of locations to explore in an virtual game area the size of a small real-world nation. It’s a game that I personally lost a lot of time to way back in the day and I’m happy to see that a project that allows me to play it natively on Linux is coming along swimmingly.
  • The Talos Principle VR Launches With Linux Support
    Croteam has just released The Talos Principle VR, the virtual reality edition of their award-winning The Talos Principle puzzle game. SteamOS/Linux with the HTC Vive is supported alongside Windows. This VR-enhanced version of The Talos Principle is retailing for $39.99 USD.

Android Leftovers

Review: Google Pixel 2

If I had to pick the moment I most appreciated the Google Pixel 2, it would be when our airboat driver-slash-tour guide put a hot dog and a piece of raw chicken in his pocket, dove into the New Orleans swamp, and began playing with a giant gator named Who Dat. I’m no social media whiz, but I knew there was Instagram gold unfolding in front of me. So I pulled out my Pixel 2 XL, the larger of Google’s two new models, double-clicked on the power button to open the camera, and started snapping. Read more