- CNET NETWORKS UK BUSINESS SITES:
- atlarge.com
- BNET UK
- silicon.com
- SmartPlanet.com
- ZDNet.co.uk
"Web-ified" apps put corporate IT at risk…
By Tim Ferguson
Published: 9 April 2008 11:14 BST
'Pass the hash' and metasploit are two of a new breed of emerging security threats facing corporate IT departments.
The key security threats facing businesses range from mutations of established methods - such as malware or phishing - to less well-known ones, such as metasploit releases and 'pass the hash' attacks.
The most dangerous new security threats were revealed by experts at the RSA security conference in San Francisco this week.
Security A to Z
From antivirus to zero-day, click here for silicon.com's alphabetical guide to security. 
Hacking expert at the Sans Institute, Ed Skoudis, said most security threats stem from the fact so many applications are now linked to the internet.
He said: "We've web-ified all applications."
Among the less familiar new threats are metasploit releases, which target networks by simultaneously attacking a number of vulnerabilities (up to 200) on a different platforms including Windows, Linux and the iPhone.
'Pass the hash' attacks, which use stolen password hashes to access other systems in a targeted network - avoiding more time-consuming password cracking - were also singled out.
Although this approach has been around for some time, it is only now that it's becoming prevalent. Skoudis said: "These attacks have been around for years but now the tools are out there."
Website attacks, which plant browser exploits to compromise users, are also becoming more a problem as they are able to target well known, high-traffic sites.
A major threat is browser scripting attacks, which use web browsers to get through corporate firewalls, allowing access to confidential information.
While not new, the development of botnets remains a big security concern because the "fast flux" approach used by attackers to protect their robotic networks is making the life of botnet investigators difficult.
The security experts also warned about the threat from malware being spread through embedded devices, such as memory sticks, which is now one of the main ways harmful code is brought into businesses.
This role will be well suited to a security practitioner with strong skills in information security and business continuity risk and ...
Responsibilities: - Deliver security assessment services including network scanning, vulnerability testing, penetration testing, search engine ...
Current experience in browser compatibility, web accessibility, data accuracy or FMEA and FTA? We work with the best experts to ensure that the ...
CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.
Staffing Service Coordinates Sales Activities, Utilizes Business Intelligence With...
Teachers Association Turns to Centralized Data Repository to Improve Member Service
Financial-Software Leader Credits Productivity Boost, Reduced IT Costs to 2007 Software
United States Coast Guard Explores Potential to Enhance Training With Digital Note-Taking...
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
RSS Feeds
silicon.com Dear silicon.com... XP lives, the femtocell 'truth', BlackBerry bashing… Reader Comments of the Week
Martin Brampton The Brampton Factor: Open source 'brotherhood' closed to co-operation Where's the real sharing?