Old Threats Still a Problem
Security is hard to get right, and even with the improved awareness of Information Security weaknesses and how to avoid them, many recent, significant attacks have made use of well-known and studied attack vectors to achieve success. Targeted attacks that make use of numerous 0-day vulnerabilities, such as demonstrated by the Stuxnet worm, might be covered in the media, but for most companies it just isn't a reality that they will be targeted as such. Instead, most of the threat continues to come from general malware, SQL injections, malicious email attachments, and other 'generic'-type threat vectors.
As reported via threatpost, noted Security researcher, Mihcal Zalewski makes the observation that it should only take a "moderately skilled attacker" to compromise any large institution.
What impact has the last ten years of information security spending had if issues like this continue to cause problems for companies and end users alike? Has there been so much snake oil sold that it has diluted the effect of the viable solutions, or is it indicative of the initial point of this article, that security is difficult to get right?
2 March 2011
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.
Subscribe to our feed.