Hackers Exploiting Security Software Vulnerabilities
BETHESDA, Md., According to network security experts, computer hackers are now targeting security applications, including Symantec Corp., McAfee Inc., Computer Associates Int’l Inc. and Trend Micro Inc.
The SANS Institute of Bethesda’s Top 20 Vulnerabilities Report says hackers have shifted their focus toward exploiting flaws in popular security products designed to keep data secure and prevent the spread of network attacks.
The shift worries SANS officials who say business and government users generally look for problems in operating systems, Internet browsers and E-mail, which are the traditional points of attack for hackers. Businesses and government agencies are not conditioned to look for problems in network security products.
Additionally, not all providers of security software products have systems in place to automatically issue patches. The time between when a vulnerability is identified and a patch is issued can be days, and hackers can take advantage of the delay.
For more information, go to http://www.sans.org/top20/2005/press_release.pdf.