« ABC Internet TV Beta Trial | Main | How copyright produces crap »
March 23, 2008
Cenzic - Top 10 Vulnerabilities Q4 2007
This for obvious reasons caught my eye this morning in my RSS reader via Dave Northey so I jumped over to look at the entire Cenzic - Top 10 Vulnerabilities of Q4, 2007 (PDF) report . The details contained in the report show that web browsers only made up 5% of the total for web technology vulnerabilities with web servers and web applications making up the balance at 10% & 85% respectively and the report does state 'Unlike previous quarters, less vulnerabilities were reported in Internet Explorer than in Opera, Firefox or Safari'.
The overall 'Q4 2007 Top 10 Vulnerabilities'.
- OpenSSL (Execute Arbitrary Code)
- Java (Remote Read/Write File Access)
- Adobe Acrobat (Execute Arbitrary Code)
- IBM Lotus Notes (Execute Arbitrary Code)
- RealPlayer (Execute Arbitrary Code)
- IBM WebSphere (Cross-Site Scripting)
- IBM WebSphere (Script Injection)
- PHP (Elevated Privileges)
- Apache (Cross-Site Scripting)
- Adobe Flash (Cross-Site Scripting)
The 'Top 5 Vulnerability Trends for 2007'
- Javascript Trickery: Hiding, Anti-Pinning and Mutating
- Universal Cross-Site Scripting in Adobe Acrobat Reader
- Mass-SQL Injection Worm
- Google Gadgets and Gmail Hacks
- Google Orkut Cross-Site Scripting Worm
With 67% of attacks reported 'for the purpose of financial gain' the days are long gone when people just did it for '15 minutes of fame'. These days it is big business and you can even pick up some extra cash 'Breaking Google Capchas' and you need to ensure that you don't become complacent with your online privacy either.
Whatever operating system and software combinations you use ensure that you regularly check that you have the latest security updates and patches and take care when giving out personal data.
Posted by Stephen at March 23, 2008 01:54 PM
Trackback Pings
TrackBack URL for this entry:
http://bleedingedge.com.au/cgi-bin/mt/mt-tb.cgi/1442