Interesting news coming from the United Kingdom-the UK's government has no plans to switch from using IE6, despite a vulnerability in the browser that was exploited by hackers.
Exploiting vulnerabilities remains one of the top security threats of 2010. Kevin Prince, CTO of Perimeter, wrote:
"Vulnerability exploit is at the heart of hacking and data breaches. Worms, viruses, malware, and a host of other attack types often rely on vulnerability exploit to infect, spread, and perform the actions cyber criminals want. With organizations still not doing what they need to for patch management, vulnerability exploit remains a major problem."https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Bottom line, Prince told me last week, if you patch vulnerabilities, worms and viruses can't exploit them and you don't have problems. "Vulnerabilities are the underpinning of so many breaches."
Vulnerabilities were traditionally found in network and operating systems, but now, Prince explained, the vulnerabilities have moved into browsers and applications, making it even easier to compromise a computer or entire system. Many of these attacks are caused through automatic systems that are constantly checking IP addresses to find vulnerabilities.
"Somebody goes to a compromised website and their computer becomes comprised, and it's all because they were using the wrong version of the browser or didn't have a patch-this can lead to malware infestation and full compromise of the system. Once that system is compromised on the inside of the network, anything that the computer does or has access to is now in the hands of the hackers."
Prince cited a Verizon study that found that, of the breaches they investigated that were caused by vulnerabilities, 90 percent had patches that had been available for at least six months:
"These organization had more than six months to download these patches to prevent breaches that could have saved their companies millions of dollars."