Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
SAN FRANCISCO: Hackers are hitting pay dirt in their search for browser bugs.
According to Symantec's biannual Internet Security Threat Report, hackers found 47 bugs in Mozilla's open-source browsers and 38 bugs in Internet Explorer (IE) during the first six months of this year. That's up significantly from the 17 Mozilla and 25 IE bugs found in the previous six months.
Even Apple's Safari browser saw its bugs double, jumping from six in the last half of 2005 to 12 in the first half of 2006. Opera was the only browser tracked by Symantec that saw the number of vulnerabilities decline, but not by much. Opera bugs dropped from nine to seven during the period.
And while Internet Explorer remained the most popular choice of attackers, no one is invulnerable. According to the report, 31 per cent of attacks during the period targeted more than one browser, and 20 per cent took aim at Mozilla's Firefox.
"There is no safe browser," senior director with Symantec Security Response, Vincent Weafer, said. "If you've got a browser, make sure you're configuring it correctly," he added. "That's a far better strategy than running some browser just because you haven't heard of it."
Part of the rise is due to the growing market for vulnerabilities, Weafer said. Legitimate companies such as 3Com's Tipping Point and Verisign's iDefense pay for this information, and there is also a growing black market for exploits.
"People are encouraged and getting money for finding vulnerabilities, so now you have more people looking," Weafer said.
Browser bugs were also relatively easy to find and exploit, eEye Digital Security CTO, Marc Maiffret, said.
"Everyone has realised that targeting the applications on the desktop is a better way to break into businesses and consumers and steal things than server flaws," he said.
Businesses and consumers may both be targets, but home users are the victims in about 86 per cent of all attacks, according to Symantec.
And the US was the biggest source of online attacks, thanks to its large number of compromised machines with broadband connections, Weafer said.
About 37 per cent of all online attacks originated in the US, he said.
While there may have been more bugs in Mozilla than in IE, Symantec gave the open-source project high marks for its bug-fixing. On average, it patched bugs within one day of their public disclosure - the fastest turnaround of all measured browsers. Opera came in second, averaging two days. Safari was next, with a five-day window, followed by Microsoft, which averaged nine days per patch.
Microsoft may lag as a browser patcher, but when it comes to operating systems, the company leads the pack, according to Symantec. The slowest? Sun Microsystems.
Computerworld Member Login
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Carbonite Australia launches local website - www.carbonite.com.au 2008-10-08 15:54:00+10
Mid-Comp’s Odyssey supply chain solution allows Sydney University students to do their home work 2008-10-08 15:11:00+10
AIIA Challenges the ICT Industry to Reduce Australia's Carbon Footprint 2008-10-08 12:16:00+10
Australian SMBs Love of Mobile Phones and Increased Data Speeds Will Drive Mobile Spending Higher, Finds IDC 2008-10-08 10:21:00+10
VeCommerce Launches Top Ten List of Personal Security Breaches In Lead Up to National ID Fraud Awareness Week 2008-10-07 15:10:00+10
Web Security SaaS: The Next Generation of Web Security
Discover the latest web security SaaS solutions. Learn how to increase overall security effectiveness and reduce the burden on your IT department. Uncover the security challenges facing SMB environments today and identify the critical elements that can provide you with lower-cost and easier-to-manage web security solutions.
