Shoddy Web Programs & Cunningness are the Top Threats, SANS
To defeat security on computer systems and their networks, cyber criminals have two basic methods to evade firewalls and alternative security devices - poorly coded Web programs and deceitful users.
In a report from IT training and certifying authority SANS Institute, the group of cunning and busy computer users who do what spear phishing e-mails falsely instruct is one among the highest 18 security threats facing private corporations, government agencies and individual computer users.
The report said that since the risk was most challenging, it was essential to impart training on security awareness, although it is not a sufficient solution to the problem. The report said that the problem was unique from case to case and could not be solved in all of them.
It also highlighted that while the attacks were advancing in sophistication, it was primarily the weaknesses on the application and client sides that open the maximum opportunities for the attacks' launch. DarkReading published this in news on November 27, 2007.
According to At TippingPoint's Senior Manager of Security Research Rohit Dhamankar, who is also SANS study's project manager, there has been an explosion of client side vulnerabilities over 2006. Desktop users who surf the Internet without using proper controls pose the greatest danger to their companies. DarkReading published the news on November 27, 2007.
Talking about the attacks, SANS Institute's Director of Research, Alan Paller, said that for many years, the sophistication in them was in effectively finding flaws in the target system. The new development is that the attacks have been aborted in the case of simple vulnerabilities with two entirely new ones emerging that no one even anticipated. Government Executive published this on November 27, 2007.
The threat that lies within the Web applications allows one of those attacks, which happened due to 50% of all vulnerabilities detected in 2007, reported Tipping Point.
A similar report from security firm Symantec noted that the first half of 2007 witnessed vulnerabilities in Web applications at 61% of the total.
Besides training on security awareness and tracking of traffic from network, the SANS Institute also suggests for starting 'inoculation' where users are periodically sent benign spear phishing e-mails.
Related article: South Korea Becomes Infamous For Being World’s Fifth Spamme
» SPAMfighter News - 11-12-2007