HP Reports 8,000 New Vulnerabilities This Year
Earlier today at the RSA Conference 2013, HP reported that they had seen 8,000 new software vulnerabilities surface in 2012, close to a 20 percent increase over the previous year.
In their Cyber Risk Report, which has been seen by industry professionals as one of the most comprehensive evaluations of network security to look forward to annually, reports this is the highest number of backdoors that administrators have dealt with since 2006, and the the most common found so far have been cross-site scripting vulnerabilities in between major websites. This is a process wherein users are asked to use one login in order to verify another, and when properly hijacked it can give hackers full access to email accounts, Facebook, and many other secure servers simply by lifting your information as it passes between the two domains.
A perfect example of this is when you use Facebook to login to Spotify, even if it’s just to verify you aren’t trying to receive a second free trial. Phishing schemes drop in on the interactions the two servers are having through malware installed on the user’s computer, which then allow it to record any and all data transmissions that pass between each. The report estimates that up to 45 percent of all the security flaws found were of the cross-site scripting variety.
HP chief technology officer of enterprise security Jacob West told V3.co.uk that adapting to these threats is essential for the enterprise industry if they hope to stay one foot ahead of the competition this year.
“Even when armed with the right security intelligence, organisations must still focus on understanding and controlling risk rather than ‘winning’ the battle against attackers.” Focusing on a more defeatist perception of preservation rather than eradication, he continued.
“Threats are a given, managing their impact to acceptable levels is the challenge enterprises must address.”
With SQL injection, denial of service, buffer overflow, and remote file vulnerabilities rounding out the rest of the list, it’s easy to see that security firms still have a long way to go before we reach a point where any device or software can truly be considered “secure” in the mobile marketplace.