Hot on HuffPost Tech:

See More Stories
AOL Tech

New Cyber Threat Study Delivers Surprising Results

The SANS Institute, an IT security education and research group, has released a study of computer and network vulnerabilities that can only be described as massive. Involving some 15,000 organizations, the study is one of the first to offer hard data about the the number and severity of digital threats across the entire computing landscape.

According to the data collected by SANS, the biggest threats out there right now don't stem from exploited operating systems, but rather the vulnerabilities of applications and the server-based software that powers the Internet. For all of its faults, Windows isn't the problem. By the same token, Apple isn't the solution. Most attacks on today's computers focus on vulnerabilities in Web browsers, Flash, Acrobat Reader, Microsoft Office. Alternatively, they go right to the source and weasel their way onto legitimate sites.

The vast majority of security holes in Microsoft's operating systems are fixed within days of their discovery. On the other hand, the report states, "vulnerabilities found in applications receive less attention and get patched on a much slower timeline." Often vulnerabilities remain unpatched for at least 30 days, and some applications, like Flash, have zero-day exploits unplugged since as early as 2007.

Often, if they're not hijacking applications, hackers use Web server technologies like SQL, FTP, and PHP to embed malicious code directly in trusted Web sites. Hackers can then use the code to steal sensitive data directly from the site, or to search your PC for other vulnerabilities and potentially turn it into part of a botnet. Surprisingly, the United States is not only the biggest target of such attacks, but -- more often than not -- the source.

It seems like the biggest flaws on home PCs lie with Flash, Acrobat Reader, Java, QuickTime, and Microsoft Office. It's important to make sure these applications and plug-ins are all updated to their latest versions and that older versions are uninstalled. This trend may be a sign of a time when, at least in matters pertaining to security, the choice between OS X and Windows makes little difference. [From: SANS, via Business Week]

Tags: acrobat, adobe, flash, hack, hacker, microsoft office, MicrosoftOffice, quicktime, security, top, vulnerability



Add your comments

Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.

When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.

To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.