Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Microsoft, Zero-Day Flaws Dominate SANS Vulnerability Rankings



 By: Matt Hines
2006-11-15
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Zero-day defects and holes in popular Microsoft products remain atop the SANS Institute's latest rankings of the world's top Web-based hacker targets, with VOIP attacks and government spying programs also reported to be on the rise.

The SANS Institute released its annual rankings of the Top 20 Internet-based attack vectors on Nov. 15, pointing to the continued rise of targeted threats aimed at newly discovered zero-day flaws and vulnerabilities in Microsoft products.

Among the other trends highlighted by SANS, a Washington, D.C.-based cooperative research and education group focused on IT security issues, are the continued proliferation of threats aimed at specific companies and growing evidence that governments are employing hackers to gather sensitive data from other countries.

Other shifts in the threat landscape charted by SANS include the more frequent creation of attacks on Internet-based phone systems and the increased popularity of threats that attempt to take advantage of vulnerabilities in Web-based applications.

Vulnerabilities in products made by software giant Microsoft represent the overwhelming majority of SANS list of operating system-oriented attack targets. The companys Internet Explorer Web browser remains the most popular object for threats such as malware attacks, followed by the data libraries in its Windows products, flaws present in Microsoft Office, glitches in Windows services, and other weaknesses in the configuration features of its dominant operating system.

Resource Library:

Microsoft has released a critical cumulative update for Internet Explorer that fixes a flaw that was being used in targeted zero-day attacks. Click here to read more.

Apples Mac OS X software and loopholes in the configuration functions of UNIX-based technologies rounded out the groups list of the most popular operating system targets, of which there were seven in total.

Cross-platform applications accounted for the most significant share of the vulnerability rankings. With eight targets listed overall, the category actually led the list of frequent attack points.

Web applications remain the most fashionable target for hackers in the genre, followed by vulnerabilities in database software, P2P (peer-to-peer) file sharing systems, instant messaging tools, media players, DNS (Domain Name System) servers, backup software applications and IT systems management servers.

Rounding out the 2006 SANS Top 20 were vulnerabilities in two types of network devices, specifically flaws in VOIP (voice over IP) systems and configuration weaknesses in other network hardware, along with two types of common security policy breaches—namely the existence of excessive user rights within networks and social engineering problems such as phishing schemes. Zero-day attacks were given their own designation in the rankings.

In addition to the well-publicized shift toward attacks that aim to steal money from businesses and users, compared to the defacement and denial-of-service threats of years past, hackers are working hard to ensure that their work remains hidden as long as possible, said Marc Sachs, director of the SANS Internet Storm Center research group. Sachs is also a security expert at the research group SRI International.

"Weve come from a world of disruptive behavior that was easy to see, with the trend moving toward value orientation from criminals who dont want their work to be noticed," Sachs said in a conference call. "The most effective way for them to do that is to use vulnerabilities that targets have no means of patching, or zero-day attacks, and we expect the amount of activity along those lines to continue to increase."

SANS experts contend that in addition to the ready availability of Windows vulnerabilities, users habits in utilizing Microsofts Office productivity software are contributing to the popularity of threats aimed at the companys products. Since workers feel comfortable viewing Microsoft PowerPoint documents and other files over the Web, there will continue to be more attacks that seek to take advantage of those systems, said Amol Sarwate, manager of security service provider Qualys Vulnerability Management Lab, in Redwood Shores, Calif.

According to Sarwate, the number of attacks targeting Microsoft vulnerabilities tripled over the last 12 months.

In the realm of VOIP attacks, experts said that there is also much for businesses to be concerned about. Among the threats highlighted for SANS by Rohit Dhamankar, senior manager of security research at 3Coms TippingPoint division, in Austin, Texas, were attacks on VOIP phones that have poorly configured interfaces and "weak" passwords, which could allow hackers to eavesdrop on callers or use the compromised devices to host phishing schemes.

Dhamankar said that SANS is also charting an increase in scams that aim to infiltrate VOIP systems with the goal of allowing outsiders to resell peoples calling minutes, and threats aimed at Internet telephony servers. The latter, he said, could present hackers with a new opportunity to impact telecommunications systems.

"Something more sinister, not yet exploited in the wild, will be if hackers can use compromised VOIP servers to connect to traditional phone systems, which have never been accessible to them before," Dhamankar said. "Especially in the service provider environment, hackers could craft attacks on traditional phone networks; as more vulnerabilities are found in VOIP servers, the risk of these types of attacks [is] growing significantly."

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Microsoft, Zero-Day Flaws Dominate SANS Vulnerability Rankings
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


x}r۸j9km]mGJɖkŶ,%^I*EBERv]K$oB}wNUQV #7((bP<HwO7n[Q0R?`᳙*,Q  tjGt0]2d6k6!o4vekOh cߨ_X&``1Zt|R!j 9iݒ i @I>R(ޗCѺYQy_HږyH6GǮJߣ*#7 ݙx8/DeOd^b{Ay<5;^0k>BQ570NK <[? #5nCUVekF֠}luy!l 1#osݿ!HͤNޤ@d`jId:@:",#63!p55\ap)zXY6tG-#H1PN$}+AbArxưciH|6XB¼'@{ uȭB¿{k߀#ݸ1ܷ_M[b6Z mO |lM=R~ %DhOǍ@uhs 2n eþ9Je_+aV+Cxxg9{ؖ3bTzEÝ1gJU4E?_tO/ $(֝h m+iu]+i0^w2 7y@ΰ{A>od}#5*%`ZJ4_S::_B ,=:GF n;|#ܲ_/ivdf1{PdXIc/YTUGf9vmҹt.tOd̲1<ZMӀ Zvb#?Z V5uݻiw>v;}dO't6 +?;VU'_ZUCp='^=:$~54Y01\ \^Kj-2OeLCxY$Y.r{&:Cj ݖEB_*D\_/Rzhf5 t @CX&%{e" :u P;|sƊNmҔ& 9B:%u(7hr Q@e)#8?S݇IhJq䨉k޳ذ 1"%̟^iJyOՋ"}Et"Aͩ0 (J!bV3E !\J!}! g|8Jn.b? [Z&ѻfmٜ҅%]WcNMQcL .Cu&͓Nk&E;~]8^%g 5F4 ,heݴ%!g8W5MGVOL탯Tf~X}U95zQnũl :2X jXR7XaQ/olA`:g!>QӚ#qRO#Gs>H2胎6mb8-" ,70}Hw@zqI 4o qx٭mE%_¤<  FA=H:}mP`~5$'@ ̀-s'08wɭ5E0ݻ#i`y1&=զA{ Tg ,zC / lmVl}d`1 >5%G@i0xzۢ dSJJd$D!-i]R@Az< -,rrtl++~'~vGBj+6ODs@PGҙ;qjRF;7 +=*%nqR%e 932YIf=?j1!UG ,D`v9J,L.[ O6jԍerY9Դj>Ҵ73[K{Һ<-$-X&1# IK8Y fzn4 Iߵo)Gla} / apO-]7m)tsf9`ZƔWj>!4ӇiЈ4XԽæYguϳ-j;rǸ!W.q9`n5ډIVB!7O)wz@aex**#wT4tj~#JwCݼ~hé;h{q#%MAw=e河xOuXKnuo?Hյ݋pz1TKúJj'/odm_EڠueLGeK-# IHf(XK+ezlx8$&le6LE6pȞZcnP jrIjS#SVhVK^Ma+ L 4 op*7`bB0N`Ncy6xN{zl.n18y<2M APSt @Iu5烆7@ƅ/k%|c*8tgpp0tׅ=% ΤxO擫Npu у=9Je!6c{e߯#;_=)V}B~, Ӥ`k@Lf2,rǮmwAu،;$ Eiy 9y$p}r)#‰5j!| jjx0A,cןř¨0qqԺ7 2­qŝa&1 DR)Ö13wdi';םT'咢TSxN¢ -{h'^+0ZN +J#2ByQYhw\rR2 S#<~Ɋ0 ClWõ]\Cc+>LuO##cYd:w@ݐ늦 uz7VE@ Gz#x؝N HuҚn7HiZX9rZkBZ'@ upϭ(D Qpᘙ@FCS؇`m/RۯTҞw ^,ߜmhD1(dyDF4D/qbk lR{}p@d#RiMݜ5o"uy@VIJYhQ[+X4M/и6>s}&noG{y}BoǶ;7Aɴ:(5<֐|o 6ߦI39旉)ϊhy4檦UR`,4Ω$6f ĮiϺV:9e>c'}}Rc7o2Z$t#n=/ UISԷлMklޣ06@ybkUa bȈCzfH~[q{?I ~9pTjgHUWt<,#o8jK#ߪ 靦x_7)~(zC9+muA>~RXS*.?HuTjjEIz$ :.i7xџ1YD+(++i-Y2ǽi m.D9[& 47ʨKu3[*X6DД4Ϩ;Rb h kGQh-BwYb `0W?=,i&i?r/퉚&RafHq#Z}_`V$$: 7C7{d',BGI}? \&I's3ҿ﹮ BD0|7#SGRiemRܑN[ 8ZrEç,D,t2jUk`Wɠ< j;! |{W !&c oR9 "K84L xϰL'JUVqm?3 cSWvv_05@ E D@D;n?% ?S-Ѝ)8FgMX1BNKE])4}һH'٧<d¼ǏDG/{ۻ8|HN;w8M0^x_vXj\/0C>K݋v_rH`QUE[ꞷuhClYj2e'A)hdQL?jnWOVݽx']wѳ `yB蕣`;p[WKǽ?wHκ)ޠw)z0WF:뾻8`9P*aӺ@>n48 Z&IĘ 36Q B@I˸ڝ+,WZXKs! }=#ɢjkhL٦;+^+,kZ\f·|CCZy,(@RPOh[#YS|b;3ĞZhh!:Ua2"(BS.iDOg49]8Sjw>#E%'E½}YVSX x4~WK0fAbQ+F+=ǭݏwGH$Y >u8/wbP!BQ9o =%E٦z;Wdj&ubNL5W"ȶv=O?8 clwQ(S!t$-zbeQnKlx0cR蔈'=J8 z>RB'Դ5˓4/iY(Eqjhdꒈ~~ j&'ءX֛_.6'8 $O kzisq/?$ݛ9V8:FXbp'awʜW#Sa( ?Y .k Cvc>&k?ɄZԍ)A0n=w>=aLHM\ghNPD(Vp%hh*f>TAk6Ê,;x\J}[<,'Mw[! Hlй"OSP+}Ƃ'y }GW+u\=e>d?HАZ=ty9#- k_͆ؓ9{Jǻc$Ǯz'ۻ7}Zؖ[q*ApMG*A ͏4v4 ]ekw}B%uJ+z%nwQZhr;Tʂ%%դY(IQ)"{"F%{two FuUN&6mt_c y‡i襎DwWw6BfX AV1a+ }kիR.B)@CiapvvƔI 3qc$H)ZS4 M _56DN X W+i?%IFܱSo-*ߞ?1;lT̈́3W7p&/5;U)&5!̼V&vFȗqi+"@wыK\-1-Z]M;d:X-?eȺ˕]F_TE(X(l\a.9WB,܏XF}w}+:_<۵Pi[ V5eg&BS_.}ױٙRW2DQ5~J'L;q;o(yEvyYмdnψdP!̆Z*/싿 dJfkLKs*Ouۦ΄c\)p0y`n/} $;R8H熰dLzC;bzzͼF9YBw4 [haIX@2,|ue"z\f>) N72@}X( ̀[ ,2SD=(Nr&WK'9A/i!6렳,&fLBb5=9ext9MNS^>vc"-Q2ގCmřIh'5XR1f}=t"R7bl<+< h*R$J]y,Rp⪒^ۃX9S|f8M5GR|Y}K+%G֦^cHoLl±.WY|$Y?9N y>BboxlA4/Æ2u-z$IwXR0ijJmԎ#aeEAF({j3]_/x;HP+j5pɌ%MoH}B^^`wUpnnK*isv9\=;WF, 0ӌ2b:Xra0xF ȷl[Qmn^w+J&)MYx~L?t%]`Ma "Dj!@ `FAUu eyX\t9`E-A q=#N+=#Mbrlxs[qVMR@U6+#b"xlut3h)ib/ҷlrpAl!W}1q&ˀ"vR;0I> ;IBt1o$A&Ric[Ures5Q}v䎥~/1MDJ涍.Nh\Dh^%FLܷPGDG|[[**42Yٙ sD,,G:݀m-EX\ǔ s! `$8j; Dopsꏰfur vƟ|k|,C.|RLT z7[x 9-[*g=&+Y{t$|# 7O>{YanZy4s 7gs{_Z{kR]@5%9'od6*^GF^6N@t XRsڱ}tf"`D>0}V:V7!k<;1X@JTVw'R+\b61N[^2Z #xyE‰uz&q;$Yǖthnʆ\Sy= n u:&Y?BF ]  RnZ|@;ܰↃlNH{H6X(*.}8Wm홷xQO&Âbx7j ̏وM6fy݄L7)I]].򹂃$nd 003heK_!⁅]]]]߂TV".نo^[lK^Y|^¤ٷ6| ⭳hdp !!׎MqmnZk͒VՊt+O{e`yI]ϦKWY77})HC­uci:o{s7^q(=J}k荐ԥ݆:C@_j Al[gEbX@ ,;ȃ%!HD^ޗ;??.u?t`*UUA$po55arT (PUW 03eRtj4'2͋%ܲ۾<\cbB2e\x;$vrVz;7Y[Ɵ0Bn-Fu%_j">݅!tMC*~#JXcM<+W\]cwɜMW5z/7&W[ 暂(At4iBsgkF_r^77p;̝ZV)+ܲjVpB~9/~e\3s=ݶ t%.⛽I7%ooi[TǬknzTT,찆_S ۩9Z,fFR Z!ߤ`4!Zp6P]?z Ucb^4؀®nK-twfGxqsR!cT"A%ee3-t{ (9\"ΙTh,ZNtOĥkc.-ZMWWK.KBG2K*ߕlW1 {BZFTeskɧj*V+iT-A8+\h1=9~RŠx!Vi =kNB .kXl; W*ZTf0}OZRa )d 0F80Jdy}TK[RJH`o2?o(}8Z @xl9c=ZF]盻^:]Yf02v4 "X<{^+jB_7"|pfs':Ath'&v* &V*t|m1Mέz_`yZܾ\`$;GV^t}(6Ŷlva|DuvH)Xp,Pm=сH5,?_J)m#Qi^߈fFܞUk"*1Xt1ц]3#ZMIxe5J7[Ai Pxy p#SKC7R<6$Aeȇ5T?0 )Uhueaj+;Y kjݤ:ҡD+q,තMÐe.E~b2oV0!wAG>p2zUR=U&=hxaـjEl~%:td;6ɭ:&&sُp+^3'&ΐ!,E|E|z['AU}>l1dR+62 1jLl/u\w:Z3rѹuU=<%x k `]Cߑ?ŕ~OG~WD 6NM)lI=R+ S0wMGE–cxo!G\oX|J7b75|$rkIC9ҌEooFE_WJYIݽa?ÈGs{COZ"^Z1ш@Q>~3&'N;%"&Lmahno}wFpbZ-퀉H'͈)i@;8hC1 ^dz[? T6CĊ1gOiX$_AYĶKbH"1XJe.J'eEt0w  sn Q&@Ԕu7SI8Wsm򽉑{0u 2C´vt(\/?<&).yci 8^yN4_Zl oX62 =Mo )ns9EЌLjV}QuxS9WP~ S>X_;9P~sCww9?/?vmC9CL"~S ?/?g9ak99?σ=ϡ9<>y9yyß(9_|9P~S(GN9^E\]_O/G@r%e\9_\O997k}9?~sCk(+kh:kKu3Ay+GZpzz;29)G9R{WK}(gUsV^Va{CjgU_?Gޫ@OIܽ< aqʍz^Syڙ閽pLڭe]9hwp_l(%^a/ ^敽< xEB+gٔ@#X{#uO'NW6#ﹺ d^)WsM}Ӊ{Z?Ś/Yy8qLkbžȁ>u~b>sr)'OYʘ+wV/sy˘![3;N=&%݆.n EpxL|}ZExvY^]Yj7mO9y}2So١Oh] ߊč,z %h_10(\ߏ|LBxZ namW'4`t.Zgֻ{gdaCedzX3/Us !Qao0H= x6 hعvЍ)5z$ YW8\xď;םCö0A |$U˚VVk[*jt{dv0&4vXW5rF(2B4|[Wu 8tS+r詓<+Lwp-}?"z•~B@N,1"/cfA6of!9^46T<gu o'2Pd SEe€;+Lb`|J oQr 9 cܛ]|LAۆ^0Ɩ,ڵ"o}t)1-X ,hcЁxNiŤ1kHl7g@oJ`Xkt(JV7Bg3΃>̆I ůD|݆mwnW<<T#0? ug+6a`类nǝZF&O!NYo1)K::F;;l/&?\vR C el(3>/BlKz=a,gESy@>;rsqS(89O ˽;`[CO֦ #0uocYo@d!X3W]dA_d|bhޱZo.TLHd v"ёe:4.\p bsފjd!׶_d7u>xkυxsp`,GÇ5 (OP"cq}$!3FqTHAGe)ESX^ Ղ]#rF31#qyU YT8V"6aZm% 1oEYR%:fk[1:f[BI<<>,[2G$I&1|w,Gwfgc#]^Πo'b_7v7eŁ&PL1)®c)Jq񹝾$rfR/\twў|7(6؎|!OG ϿayHO(t&Iw`R1ް ,NN,Gw U|ٲs9cbV)qmeGf[W-[$@5E`1|`ehDP0T6y63*>% ,1Qܛ>R\c *|? Ge Lwt4C&s`܈}I5#_z 9D/7ag} r@bbܢO\nnYc.KE&(Xp\GAΙَnw)Q -91"uz ?[<-v;# +_2sE>v/-GyJ~S.u 7tle @JM >mE73B*|X^c 0У,*0%95EE6<:=܈x;ݾ k3HUxXUR(X7l\TFM[¶":upxm;}k{**l+k[؅nTLxI;s__@>{zw!Ǹ[0rcz7Y= ɴ{%̅2 !IZxyU~ҥN.I,'aaQd+$*)ؐW k`LbV@P1,F,oԟ'TS*4.>ϭn_esq9v{jbCu*af!%׫rul#^"foa*H|rR$0$a1 +=c-hw͹!wS׆!0ו2E1F(g,1f_":xqeQ* T.7:KwcA; <] y$oꎾV;v@;Lw?wRh\*I;wǽUFnңwWm)h,S$DU zv{.]uM+_1jF[Wy &F[˳̆UZ*$gr09g֎V&|&Z2c N_ lv/&