Research on browser weaknesses triggers attacks
July 30, 2008IBM's X-Force says cyber-criminals are using public research on Web browser weaknesses to launch attacks before most users are even aware of their vulnerability. The mid-year report from the security group indicates that organized criminals are adopting new automated techniques and strategies that allow them to exploit vulnerabilities much faster than ever before.
According to the X-Force report, 94 percent of all browser-related online exploits occurred within 24 hours of a vulnerability being officially disclosed. These attacks, known-as "zero-day" exploits, are on the Internet before people even know they have a vulnerability that needs to be patched in their systems.
Many security researchers have routinely posted the code needed to exploit a weakness as part of a security advisory. According to the X-Force report, these disclosed vulnerabilities are twice as likely to trigger zero-day exploits.
"The two major themes in the first half of 2008 were acceleration and proliferation," said X-Force Operations Manager Kris Lamb. "We see a considerable acceleration in the time a vulnerability is disclosed to when it is exploited, with an accompanying proliferation of vulnerabilities overall. Without a unified process for disclosing vulnerabilities, the research industry runs the risk of actually fueling online criminal activity. There's a reason why X-Force doesn't publish exploit code for the vulnerabilities we have found, and perhaps it is time for others in our field to reconsider this practice."
The latest X-Force report also found that browser plug-ins are the newest target-of-choice. In the first six months of 2008, roughly 78 percent of web browser exploits targeted browser plug-ins.
For more security trends and predictions from IBM, including graphical representations of security statistics, please access the full report at: http://www.ibm.com … idyearreport
Provided by IBM
-
Engineers build first sub-10-nm carbon nanotube transistor
Feb 01, 2012 |
4.9 / 5 (33) |
30
-
Something old, something new: Evolution and the structural divergence of duplicate genes
Jan 31, 2012 |
4.6 / 5 (7) |
1
-
The hidden nanoworld of ice crystals: Revealing the dynamic behavior of quasi-liquid layers
Jan 30, 2012 |
5 / 5 (5) |
1
-
Stock market network reveals investor clustering
Jan 27, 2012 |
3.9 / 5 (23) |
8
-
Of microchemistry and molecules: Electronic microfluidic device synthesizes biocompatible probes
Jan 26, 2012 |
5 / 5 (2) |
0
-
How to tilt a object
8 hours ago
-
How to calculate total compressibility in liquid porous solid system
14 hours ago
-
Need help reading 3-D
Feb 11, 2012
-
A way to send and receive wireless data
Feb 11, 2012
-
Calling function with no input argument
Feb 10, 2012
-
Force free body diagram problem on gym equipment
Feb 10, 2012
- More from Physics Forums - General Engineering
More news stories
Hacker claims porn site users compromised
A hacker claims to have compromised the personal information of more than 350,000 users after breaking into a disused website operated by pornography provider Brazzers.
16 minutes ago |
not rated yet |
0
AT&T customers surprised by 'unlimited data' limit
(AP) -- Mike Trang likes to use his iPhone 4 as a GPS device, helping him get around in his job. Now and then, his younger cousins get ahold of it, and play some YouTube videos and games.
1 hour ago |
5 / 5 (1) |
0
Japan's Fukushima reactor may be reheating: operator
Temperature readings at one of the crippled Fukushima nuclear reactors have risen above Japan's stringent new safety standard but there was no immediate danger, its operator said Sunday.
Technology / Energy & Green Tech
1 hour ago |
3 / 5 (2) |
0
Google might launch Drive for cloud storage soon
(PhysOrg.com) -- Google's next big move, according to the Wall Street Journal, is a cloud storage service called Drive. Hardly first to the plate, Google is simply catching up to introducing its cloud reposi ...
22 hours ago |
4.2 / 5 (6) |
5
|
Iran blocks email, restricts net access: reports
Iran has further restricted access to the Internet and blocked popular email services for the past few days, in a move a top lawmaker said could "cost the regime dearly," media reports said on Sunday.
15 hours ago |
5 / 5 (3) |
5
Rapunzel, Leonardo and the physics of the ponytail
(PhysOrg.com) -- New research provides the first mathematical understanding of the shape of a ponytail and could have implications for the textile industry, computer animation and personal care products.
Cognitive impairment in older adults often unrecognized in the primary care setting
A new study published in the Journal of the American Geriatrics Society reveals that brief cognitive screenings combined with offering further evaluation increased new diagnoses of cognitive impairment in older veterans two to ...
Climate change causes harmful algal blooms in North Atlantic: study
Warming oceans and increases in windiness could be causing of an abundance of harmful algal blooms in the North Atlantic Ocean and North Sea, according to new research.
Primary care program helps obese teen girls manage weight, improve body image and behavior
Teenage girls gained less weight, improved their body image, ate less fast food, and had more family meals after participating in a 6- month program that involved weekly peer meetings, consultations with primary care providers ...
Scientists discover molecular secrets of 2,000-year-old Chinese herbal remedy
For roughly two thousand years, Chinese herbalists have treated Malaria using a root extract, commonly known as Chang Shan, from a type of hydrangea that grows in Tibet and Nepal. More recent studies suggest that halofuginone, ...
Integrated pest management recommendations for the southern pine beetle
The southern pine beetle, Dendroctonus frontalis Zimmermann, is a chronic insect pest within pine forests in the southeastern United States. Under favorable environmental and host conditions, it is an agg ...
