By John Leyden
29th July 2008
Cybercrooks are becoming faster at utilising newly-discovered browser
exploits. More than nine in ten of all browser-related exploits occurred
within 24 hours of an official vulnerability disclosure, according to a
survey by IBM's X-Force security division.
The cyber-threat survey, which looked closely at information security
events that happened during the first half of 2008, also revealed that
attacks targeting flaws in browser plug-ins are increasing in
prevalence. In the first half of 2008, around 78 percent of web browser
exploits targeted browser plug-in bugs.
X-Force operations manager Kris Lamb said that the "acceleration and
proliferation" of bugs were key themes for the first half of 2008.
The IBM division reckons the increasing use of automated tools allows
hackers to become faster off the mark in exploiting vulnerabilities. It
criticised the practice of releasing "exploit code along with a security
advisory" as playing into the hands of hackers. According to the study,
vulnerabilities disclosed by researchers are twice as likely to have
zero-day exploit code published.
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com