Quantcast
Article Index |Advertise | Mobile | RSS | Wireless | Newsletter | Archive | Corrections | Syndication | Contact us | About Us| Services
 
  Breaking News :    
Advertisement
Inquirer Mobile
Radio on Inquirer.net

INQUIRER ALERT
Get the free INQUIRER newsletter
Enter your email address:

 
Infotech Type Size: (+) (-)
You are here: Home > Technology > Infotech

  ARTICLE SERVICES      
     Reprint this article     Print this article  
    Send Feedback  
    Post a comment   Share  





imns



IBM warns ‘zero-day’ hacker exploits growing

By Lawrence Casiraya
INQUIRER.net
First Posted 17:43:00 08/26/2008

Filed Under: Technology (general), Internet, Hacking

MANILA, Philippines -- Hackers are exploiting users' inability to comply promptly against announced vulnerabilities, according to an IBM security report. Ironically, IBM said security advisories seem to worsen the problem.

According to IBM's X-Force midyear report, more than 90 percent of browser-related exploits detected during the first six months of this year have occurred within 24 hours after these vulnerabilities were disclosed.

More significantly, IBM noted hackers are adopting new techniques and strategies in order to better exploit "zero-day" vulnerabilities, or simply before users are even aware they need to install patches or updates.

Also, "exploit codes" being made public further compromise IT systems. The practice of disclosing exploit code along with a security advisory has been the accepted practice for many security researchers, the report said.

"We see a considerable acceleration in the time a vulnerability is disclosed to when it is exploited, with an accompanying proliferation of vulnerabilities overall," said Kris Lamb, IBM X-Force operations manager.

"Without a unified process for disclosing vulnerabilities, the research industry runs the risk of actually fueling online criminal activity," Lamb noted.

He added: "There's a reason why X-Force doesn't publish exploit codes for the vulnerabilities we have found, and perhaps it is time for others in our field to reconsider this practice."

IBM's report also discovered that browser plug-ins are the newest target-of-choice for hackers, marking a shift from the operating system to Internet browsers.

In the first six months of 2008, nearly 80 percent of Web browser exploits are targeted browser plug-ins, the report said.



Copyright 2014 INQUIRER.net. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.



Share


OTHER STORIES:

COLUMNS:


  ^ Back to top

© Copyright 2001-2014 INQUIRER.net, An INQUIRER Company

The INQUIRER Network: HOME | NEWS | SPORTS | SHOWBIZ & STYLE | TECHNOLOGY | BUSINESS | OPINION | GLOBAL NATION | Site Map
Services: Advertise | Buy Content | Wireless | Newsletter | Low Graphics | Search / Archive | Article Index | Contact us
The INQUIRER Company: About the Inquirer | User Agreement | Link Policy | Privacy Policy

Advertisement
Inquirer Mobile
Property Guide
DZIQ 990
Jobmarket Online
Inquirer VDO