| |||
|
|
||
|
|||
| |
|
Home > Security News > Symantec threat report under the microscope |
| |
|
|
|
|
| Security News: |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Among the highlights of the latest report:
Symantec warned IT security professionals to prepare for threats against Windows Vista, with a focus on vulnerabilities, malicious code and attacks against the Teredo platform. The company also predicted attackers will target third-party applications that run on Vista and step up their assault against mobile devices and virtualization programs.
For people like Mike Rothman, president and principal analyst of Security Incite in Atlanta, the findings were hardly surprising. "The biggest news peg … is that the bad guys are now selling multiple pieces of identity data, basically enough to compromise your identity, for $18," he wrote in his Daily Incite blog. "Seems cheap, no? The point is that identity information is plentiful out there and that means prices are coming down." That doesn't mean that all of those $18 identities will be compromised, but they could be, he said, adding, "That's why I pay 'insurance' to a company called LifeLock. I hope I never need it, but if I do I'd rather have these folks fight the battles with the credit rating companies. I've got too much other stuff to do." Richard Bejtlich, founder of the Washington, D.C.-based consultancy Tao Security, found no new revelations in the report, but found it a pretty good overview of what's going on in cyberspace today. "Nothing really jumped out at me … but it's good background data if you need to cite the state of digital security for a report," he wrote in his blog. Some did find fault with sections of the report, however. Stephen Kost, CTO of Chicago-based security firm Integrigy Corp., wrote in his blog that while he's usually not in a position to defend Oracle's patching process, he did think Symantec overshot the database giant's vulnerability count. "[The report] inflated the vulnerability count for Oracle by comparing apples and oranges," he said. "This version of the threat report contains a comparison of the number of vulnerabilities found in five leading relational databases (Oracle, IBM DB2, Microsoft SQL Server, MySQL, and PostgreSQL) [and] Oracle looks really bad with 168 vulnerabilities published during the second half of 2006 as compared to five for IBM DB2 and zero for Microsoft SQL Server during the same period."
While Oracle has suffered plenty of flaws, Kost said the number is far less than 168. "Our internal count puts the Oracle Database-only published vulnerability count for the second half of 2006 at 49," he said. Others found a little humor amidst all the sobering statistics. StillSecure Chief Strategy Officer Alan Shimel wrote in his blog that it was simply nice to see Symantec writing about something other than the evils of Microsoft and Windows Vista. "And here I just thought Symantec was busy preparing reports that knocked Vista and Microsoft's inherent conflict of interest in providing operating systems and security programs that protect them," he said. Dave Goldsmith of New York-based Matasano Security LLC joked in the organization's blog that the report at least showed that America was leading the world in malware production. "Overcoming stereotypes of American laziness, Symantec's research has shown that our malware authors are more productive than any other country!" he wrote.
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
| |||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
