Mid-year Security Report: Websites, Open Source, Social Networking at Risk
IBM, Websense issue semi-annual report findings; SQL injection attacks made their mark.
Blog sites, such as Google blogspot, have become popular spots to post malware, and social-networking sites Facebook, MySpace and YouTube have been tarnished by postings of malicious content as well. This first half of 2008 saw spammers develop tools for beating the CAPTCHA Web security mechanism to prevent automated posting of content, Websense states in its report.
Another disturbing trend, according to IBM ISS, is that exploit code for vulnerable software is being publicly disclosed more frequently than it was in the past.
According to IBM, 95 percent of all browser-related online exploits occurred within 24 hours of official vulnerability disclosure. Though some researchers differ on the matter, IBM ISS says it does not favor publishing exploit code for discovered vulnerabilities because it can accelerate criminal activity.
Perhaps the only good news to be found in security in the first half of this year, according to both IBM and Websense, is that image spam, a huge problem last year, has declined significantly and the size of spam e-mail has gone down.(Compare Messaging Security products.)
"It appears the filters are working," Cross says, noting that about 90 percent of spam is now URL spam, forcing spammers "to go back to basics."
security
Receive the latest security news as it breaks.
