Newsletters   Subscriptions  Forums  Store   Career  Media Kit  About Us  Contact  Search   Home 
two
Volume 2, Number 12 -- March 23, 2005

Attacks on Web Applications Up, Symantec Says in 'Threat Report'


by Alex Woodie

Symantec unveiled its bi-annual "Internet Security Threat Report" this week, and as you might expect, the state of security on the Web weaken during the second-half of 2004. Phishing attacks, attacks against corporate Web applications, and the prevalence of Windows-based viruses and worms grew considerably from July 2004, but somewhat surprisingly, more vulnerabilities were reported for the Mozilla Web browsers than Microsoft's Internet Explorer, widely regarded the bane of online security.

The problem of phishing, or tricking people into entering their confidential information into fraudulent Web page cleverly designed to look like that of their trusted service provider, has been well documented over the past year or so, and Symantec's accounting of the scope of the problem reflects, more or less, what you might expect. The security provider's Brightmail unit reported a 366 percent increase in the number of phishing attempts, from 9 million per week in July 2004 to 33 million by December 2004. This problem will continue to get worse before it gets better.

While social engineering techniques (a hacker's clever manipulation of the natural human tendency to trust) will always work, to some extent, and are impossible to prevent entirely, today's Web-based criminals are also finding success going straight to the source and infiltrating companies' Web applications directly. These Web applications are not protected by the corporate firewall (although hopefully their databases are), and "are a serious security concern because they may allow attackers access to confidential information without having to compromise individual servers," Symantec says.

The Cupertino, California, security software giant is tracking this Web application infiltration problem as a percentage of all reported software vulnerabilities. From the beginning of July to the end of December 2004, about 48 percent of all vulnerabilities reported were Web application vulnerabilities, up considerably from the 39 percent share of the total number of vulnerabilities Web applications had for the previous six-month period, Symantec says.

What's more, attackers are increasingly employing viruses and Trojan horses to help them steal confidential information. Of the top 50 samples of malicious code that Symantec captured between July and December, 54 percent of them were intended to help attackers expose confidential information, a number that risen steadily during the last 18 months. During the January through June 2004 reporting period, this number was 44 percent, while 33 percent of the most circulated nasties from July through December 2003 were of the confidential-information-stealing kind.

These multi-pronged attacks pose a serious threat to both corporations and individuals, says Arthur Wong, a vice president with Symantec's security response and managed security services business. "Attackers are launching increasingly sophisticated attacks in an effort to compromise the integrity of corporate and personal information," he says.

Windows Security: Not All Bad

According to Symantec's report, Microsoft Windows continues to lead all other operating systems in terms of the sheer number of viruses and worms written to infect it. Windows is also the platform of choice for other kinds of attacks. While the news is mostly bad for Windows security, it's not completely bad.

Symantec documented more than 7,360 new Windows 32 virus and worm variants during the six month period that ended in December. This represents an increase of 64 percent over the previous six-month period, and puts the total number of Windows 32 threats and their variants at close to 17,500.

What's more, the "Slammer" attack, more formally known as the Microsoft SQL Server Resolution Service Stack Overflow Attack, continues to be the most common avenue of attack for hackers, with a 22 percent share of this dubious category, Symantec says. The second most common attack was the TCP SYN Flood Denial of Service Attack with a 12 percent share.


About 1,400 new vulnerabilities were discovered across all platforms during Symantec's reporting period, or about 54 per week. And these aren't just small problems that can be exploited by only the most sophisticated hackers. About 97 percent of these vulnerabilities were either moderately or highly severe, and 70 percent of them were considered easy to exploit, Symantec says.

Now the good news for Microsoft: Internet Explorer was not the Web browser with the highest number of new vulnerabilities over the last six months of 2004! While IE is undoubtedly the browser that's been compromised the most (because it owns more than 90 percent of the browser market), Mozilla's Web browsers, which include the Mozilla and Firefox browsers, had the highest number of new vulnerabilities during the last six months of 2004, with 21 vulnerabilities. IE, by contrast, had 13 new vulnerabilities, while Opera Software's Web browser suffered just six.

To read the entire Symantec "Internet Security Threat Report" issued March 21, 2005, click here.

Sponsored By
VISION SOLUTIONS

Contact:
Jennifer Brannon
Vision Solutions, Inc.
(949) 253-6543
jbrannon@visionsolutions.com

FOR IMMEDIATE RELEASE

VISION SOLUTIONS TO ACQUIRE OS SOLUTIONS

Combined Companies Will Expand Technology, Channels and Solution Offerings to include Systems Management and New SMB High Availability

IRVINE, CALIF. - February 28, 2005 - Vision Solutions, the industry standard in eServer High Availability, today announced that an agreement has been reached to acquire the business of UK-based OS Solutions, a leading provider of advanced systems management, disk and data optimization and SMB High Availability for the iSeries market.

This is a strategic acquisition for Vision that adds highly complementary new products based on leading edge technology as well as new channels of distribution for Vision. The combined companies will share more than 2,200 customers and leverage their respective unique technologies and channel partnerships to offer the most complete and cost-effective availability solutions currently in the market. The new solution line up will extend Vision's industry leading ORION™ solution offerings with a new, pure remote journaling based high availability offering as well as market-proven tools and solutions to better manage data and disk resources, optimize system performance and manage archiving and database reorganizations; functionality which is critical to any enterprise. No other vendor can deliver such a complete solution set offering autonomic functionality integrated into high availability.

"The HA market continues to evolve and new requirements have developed to more carefully preserve data, increase performance and maximize system resources while keeping them highly available," said Nicolaas Vlok, CEO of Vision Solutions. "Vision has been building solutions with this specific design in mind and the acquisition of OS Solutions rapidly advances our work and makes possible the integration of systems optimization and data management with high availability. The result will change the way companies think about and manage their high availability environments in an on demand computing world."

The OS Solutions family of products is a highly integrated suite of data and systems management solutions for the IBM iSeries platform and include:

OS Director - a systems optimization and performance tool that provides an extensive range of functionality for monitoring, managing and optimizing an iSeries machine including object management and optimization; automated job and user tracking; complete cross reference including IFS with full forecast action control and action history. The result is greatly improved operations and planning with faster response times and cleaner, quicker disaster recovery.

OSD Data Manager - a data management and archiving tool that allows users to maximize application performance through managing the database and active archives. This function is unique to OS Solutions and had been adopted by leading application users worldwide.

OSD High Availability - a pure remote journaling high availability solution built on IBM technology and the 8 pillars of autonomic computing. This full featured product includes data and object replication utilizing a highly optimized multi-apply process. The product leverages the OS Director tools to optimize the data and objects so replication is streamlined and recovery is far faster than any other solution.

"By implementing the new technologies, customers will experience significant performance gains in disk and application function as well as optimize their core HA solutions to run cleaner, faster and with fewer issues" said Mike Ryan, CEO of OS Solutions. "There is also the benefit of integration with ORION and its multi-platform solution set. Customers now have more options and a clear roadmap for growth from simple data replication through the most advanced high availability solutions in the market; all from one vendor."

About Vision Solutions
Vision Solutions, headquartered in Irvine, CA, is the industry standard in eServer High Availability providing software, services and support solutions for managing a company's mission-critical applications and data. With more than 1,850 customers and 11,000 licenses around the world, the company works closely with a worldwide network of channel partners supporting virtually every industry with its world-class solutions: Visualize™, Vision Suite®, ORION™ and ORION Integrator. Vision Solutions is an IBM Premier Business Partner and an IBM High Availability Business Partner. Vision Solutions is a member of the publicly traded IDION group of companies (JSE: IDI). For more information on Vision Solutions, please visit the company's website at www.visionsolutions.com

About OS Solutions
OS Solutions, based in the United Kingdom, is a leader in Remote Journaling High Availability and advanced Systems and Data Management tools and utilities for the IBM eServer iSeries providing sophisticated software, services and support across industry segments and applications. The Company has more than 370 customers worldwide using its industry leading, highly integrated family of products including OS Director, a systems optimization and data management solution; OSD-Data Manager, an advanced archiving and data management solution and OSD-High Availability, a state of the art, pure remote journaling based solution for iSeries high availability.

OS Solutions is an IBM Business Partner and IBM Partner in Development.

Editor: Alex Woodie
Managing Editor: Shannon Pastore
Contributing Editors: Dan Burger, Joe Hertvik, Shannon O'Donnell,
Timothy Prickett Morgan, Victor Rozek, Kevin Vandever, Hesh Wiener
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

THIS ISSUE
SPONSORED BY:

Hewlett-Packard
Vision Solutions
Stalker Software
Micro Focus
Geekcorps


BACK ISSUES

TABLE OF
CONTENTS
Visual Studio 2005 Delayed Again

Attacks on Web Applications Up, Symantec Says in 'Threat Report'

Symbian Teams with Microsoft for Mobile E-Mail

LANSA Unveils 2005 Version of IDE

But Wait, There's More


The Four Hundred
iSeries Top Brass Commit to the Platform and Growth

Soltis and Friends Give Their Vision for the iSeries

iSeries Users Sound Off, Sometimes with Praise, at COMMON

The Linux Beacon
Mandrakesoft Rejiggers Its Linux Roadmap, Naming Conventions

Linspire Launches Five-0 Desktop Linux

Bernstein Analyst Calls for Sun-Dell Partnership

The Unix Guardian
Fujitsu-Siemens Keeps Rolling on Sparc64, Itanium Roadmaps

Windows-Itanium Still Lags Big Unix on SAP Tests

IDC Says Unix Server Sales Rebounded in Q4 2004


Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc. (formerly Midrange Server), 50 Park Terrace East, Suite 8F, New York, NY 10034
Privacy Statement