[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Researcher: Threats from zero-day exploits overhyped



http://www.computerworld.com/s/article/9218057/Researcher_Threats_from_zero_day_exploits_overhyped

By Jeremy Kirk
IDG News Service
June 30, 2011

Computers lacking patches for long-known vulnerabilities potentially face more of a hacking risk than from zero-day exploits, or attacks targeting vulnerabilities that haven't been publicly disclosed, according to new research from Secunia.

Finding an unknown vulnerability and crafting an exploit requires advanced skills, said Stefan Frei, research analyst director at Denmark-based Secunia. Those type of exploits are highly valuable since no patch exists and can be sold on the black market.

However, there are plenty of software vulnerabilities for which patches have been engineered but never applied by users, in part due to the fractured way companies release patches. Targeting those vulnerabilities is much easier for hackers, Frei said.

"Even if a cybercriminal knows that a patch is available, that does not imply that the patch has been installed," Frei said.

[...]


___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/