Security report attacks backup software

The Sans Institute has identified 422 new internet security vulnerabilities in its most recent quarterly report, up nearly 11 per cent on the first quarter of the year. 

The report highlighted weaknesses in popular backup software, including programs from Veritas (now part of Symantec) and Computer Associates, both of which made the Sans Institute's list of top 20 new vulnerabilities. 

"Because backup programs grant access to virtually all of a company's data they are particularly attractive to attackers. And since updating these applications with patches is often overlooked, they represent a real vulnerability," said Alan Paller, director of research at the Sans Institute.

"These are weaknesses that people can actually exploit to cause damage. I advise firms to use the patches available on the Institute's list."

Sans also reported new vulnerabilities in popular music download programs from Apple and RealNetworks. Both iTunes and RealPlayer contain flaws that allow for playlists or music files to be downloaded that contain malware, according to Paller.

Also on the list are Internet Explorer, Firefox and Mozilla, which contain vulnerabilities allowing PCs to become infected simply by visiting a website.

Matt Peachey, managing director of email security vendor Ironport Systems., said: "The security holes highlighted by the Sans report are a huge problem, primarily because there is an increase in the number of hackers who are eager to exploit these holes.

"The findings highlight the importance of the often neglected area of pre-patch management and the need for a proactive, rather than a reactive, approach.

"What is needed is a filter which proactively controls and quarantines traffic from suspicious or unknown senders."