NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0343 Hackers Target Unwary Users and Custom Apps:
Cyber criminals have shifted their target focus to users and custom-built applications,
according to a SANS Institute list of the top twenty internet security risks of 2007.
SANS has found that attackers have been forced to look for alternative ways to evade
firewalls, antivirus and intrusion detection tools, such as preying on unsecured, web-
based applications and unwary users whose PCs are not securiely configured before they
are connected to the internet. Alan Paller, director of research at SANS, said Web
application insecurity is particularly troublesome because so many developers are
writing and deploying web applications without ever demonstrating that they can be
secured. He also said large organizations using web applications to provide access to
back-end databases handling sensitive information were likely to be most at risk and
that work was needed to ensure defenses would hold against such attacks. The rest of the
SANS top twenty list dealt with more familiar hacking tactics like targeting critical
software vulnerabilities.
(www.itpro.co.uk 28NOV07)