NY Times picked this up with the headline that "Security Pros Are Focused on the Wrong Threats" ( By Riva Richmond )
Not really alarmist, considering the facts.
SANS:
Summary:
Point 1. PATCH!!!!!! What are you waiting for ?!?!?!?
because
Point 2. 60% of attacks are against legit websites, many of which are open to being sql-injected. This means unpatched users hitting those sites can easily be exploited while doing legitimate browsing. Point 2 was really FIX YOUR WEBSITES!, but the dual message is because so many sites are broken, patch your clients!
Websense:
Highlights:
• Websense Security Labs identified a 233 percent growth in the number of malicious Web sites in the last six months and a 671 percent growth during the last year.
• 77 percent of Web sites with malicious code are legitimate sites that have been compromised. This remains unchanged from the last six-month period.
• 87.7 percent of email messages were spam. This represents a three percent increase over the last six months.
• 37 percent of malicious Web/HTTP attacks included data-stealing code. This remains unchanged from the last six-month period.
• 57 percent of data-stealing attacks are conducted over the Web. This number has stayed consistent over the six-month period.
No comments:
Post a Comment