'Less than zero-day' threats too often overlooked, analysts warn
Results 1 to 2 of 2

Thread: 'Less than zero-day' threats too often overlooked, analysts warn

  1. #1
    Senior Member
    Join Date
    Feb 2003
    Posts
    462

    'Less than zero-day' threats too often overlooked, analysts warn

    Attacks that target publicly unknown vulnerabilities continue to pose a silent and growing problem for companies. But the response to those threats has been largely misguided because of certain misconceptions about them, analysts said.

    Zero-day exploits these days are generally defined as attacks that target publicly known but still-unpatched vulnerabilities. Examples of such threats include an object tag flaw in Microsoft Corp.'s Internet Explorer Web browser made public in April and the more recent the Vector Markup Language (VML) vulnerability in IE. Both were considered zero-day threats because they were publicly disclosed, and exploited, before Microsoft had a chance to issue patches.

    "According to accepted wisdom, organizations face the greatest danger when an attack or exploit targeting [such vulnerabilities] is verified in the wild," said Alan Shimel, chief strategy officer at StillSecure in Superior, Colo.

    While that danger is obvious, it is equally important that companies remain on guard for undisclosed vulnerabilities or "less than zero-day" flaws that are unknown to anybody but attackers, Shimel said. Typically, such flaws are discovered only after they have been successfully exploited in an attack and are much harder to detect and stop using most standard antimalware tools, he said.

    read the full story here:
    http://www.computerworld.com/action/...icleId=9004477

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Good point!

    Security is NOT about computers and computer systems...............it is a company/institution wide thing............

    Like if you can access my bank account, can you actually get any money?

    There are pencils, paper and people as well as dumb machines?

    To be brutally frank, I haven't yet seen a CEO that I couldn't replace with a 286 .

    Hah! let the flames come on
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides