Thursday November 20, 2008 11:08 PM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Hi this is the mail I received Brett Karpman show details Nov 17 (3 days ago) Reply Atten..."
on Yahoo and Microsoft take aim at lottery scams
by Rodney Churchyard | Nov 20, 2008 6:13 PM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"Umm. no. The 6.5 product is mounting the offline VM image and performing a scan for patch ..."
on Shavlik Technologies to broaden its patch management offerings
by eric | Nov 20, 2008 8:15 AM
 
"it's great i tried it"
on McAfee offers free trial of security appliance
by divyacharan | Nov 20, 2008 12:24 AM
 
"I actually love the RoboForm software myself. I use it all of the time and it takes all of the ..."
on Siber Systems RoboForm Enterprise
by Omarra Byrd | Nov 18, 2008 8:19 AM
Web

Hackers targeting 'forgotten' web apps

  • Email a Friend
  • Print Page
Hackers targeting 'forgotten' web apps
Related Articles
By Clement James
Dec 10, 2007 9:59 AM
Tags: Hackers | targeting | 'forgotten' | web | apps
The attacks are focusing on popular applications which are usually left unpatched or untracked by administrators.

While most enterprises schedule Microsoft security deployments, applications from other vendors are usually left unpatched and are becoming as an easy target for hackers, according to Finjan.

"The 2007 Sans Institute annual review of the top 20 IT security risks confirms our reports last year, notably in the field of web 2.0 application vulnerabilities," said Yuval Ben-Itzhak, chief technology officer at Finjan.

"There has been a significant move into custom web applications by a growing number of organisations, and it is these applications that criminal hackers are now targeting."

The problem with hackers targeting media players, chat applications, content management systems and discussion forums is that the threats are not tracked on general vulnerability reporting services such as BugTraq and @Risk.

"This makes the task of identifying and protecting against these types of attacks all the more difficult," Ben-Itzhak added.

Finjan agreed with the broad findings of the Sans Institute's analysis of web browser vulnerabilities, but warned that hackers are also focusing on non-Microsoft products.

"The trend towards companies of all sizes adopting open source and, of course, Mac applications, has been steadily increasing over the last 12 months, " said Ben-Itzhak.

"Since most vulnerability reporting services tend to focus on Microsoft software, this makes the business of criminal hackers a lot easier."

Copyright © 2008 vnunet.com

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
clickjacking cyberwar election enable forensics georgia hackers internet major may mccain networks obama penalty rational responsible scam security tools web