All the latest UK technology news, reviews and analysis
|
|
|
14 Jul 2010
A report into internet security has found that vulnerability patching is still woefully inadequate among computer users.
Just one of the top 10 exploited flaws in M86 Security's analysis of the first half of 2010 had been patched this year, while one fix was issued in 2006 and the majority were at least two years old.
Half of the flaws were in Microsoft products, namely Internet Explorer and Access Snapshot, and in video streaming controls.
"The attackers go for low hanging fruit," Bradley Anstis, vice president of technology at M86 Security, told V3.co.uk.
The level of client vulnerabilities and the differing access needs of users makes it difficult for IT departments to run a coherent patching strategy, and makes locking down users an imperfect solution.
Ideally almost no users should have admin access but this is seldom realistic, according to Anstis.
"Ideally is a great word. Ideally people shouldn't be logging on as admin. Ideally they should be closing things down as soon as possible. But there are other issues," he said.
Hackers are also becoming increasingly smart about hampering attempts to block their code. M86 Security detailed a new attack using JavaScript in conjunction with Adobe's ActionScript software, which sets up a communications channel via Flash so that only half of the attack code is exposed.
Spam levels in 2010 have now recovered from the shutdown of McColo and other rogue ISPs, the report found, and spam now accounts for around 86 per cent of incoming email to corporates.
The Rustock botnet is the biggest spam sender, accounting for over 40 per cent of all detected emails. Over 80 per cent of spam is for pharmaceutical products, usually from 'Canadian Healthcare' or 'Canadian Pharmacy'.
"Canadian Pharmacy is nothing to do with Canada," explained Anstis. "The company looks to be based in eastern Europe. They used 'Canadian Pharmacy' because, in North America, Canadians are seen to be a trustworthy, healthy well-living sort of people."
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Lead PHP Developer - Technical Architect - Ecommerce...
C# Software Engineers required to join rapidly expanding...
Java / J2EE Software Engineers required to join rapidly...
Developer (MIS / Business Systems - SQL / T-SQL, HTML...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?