[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Researcher: Threats from zero-day exploits overhyped
By Jeremy Kirk
IDG News Service
June 30, 2011
Computers lacking patches for long-known vulnerabilities potentially
face more of a hacking risk than from zero-day exploits, or attacks
targeting vulnerabilities that haven't been publicly disclosed,
according to new research from Secunia.
Finding an unknown vulnerability and crafting an exploit requires
advanced skills, said Stefan Frei, research analyst director at
Denmark-based Secunia. Those type of exploits are highly valuable since
no patch exists and can be sold on the black market.
However, there are plenty of software vulnerabilities for which patches
have been engineered but never applied by users, in part due to the
fractured way companies release patches. Targeting those vulnerabilities
is much easier for hackers, Frei said.
"Even if a cybercriminal knows that a patch is available, that does not
imply that the patch has been installed," Frei said.
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.