According to a report by SANS.org, OS vulnerabilities are patched more quickly than client-side vulnerabilities on average. In addition, some client-side software remains unpatched or is not updated throughout it’s lifespan. As a result, hackers have found exploiting popular client-side applications such as Adobe PDF Reader, QuickTime, Adobe Flash, and Microsoft Office to be quite lucrative.
Attacks against popular web applications such as these constitute more than 60% of all attacks on the internet, and some of the exploits don’t even require a user to open the downloaded document or file. Victims’ computers may be compromised by simply visiting an infected website masked with the perception of being a trustworthy, big, software brand.
Client-side vulnerabilities are so powerful because they give hackers a mask behind which to carry out exploits. Users feel confident downloading files from trusted sources or using tools and applications such as Microsoft SQL, FTP, and SSH that are perceived to be safe because of popularity and industry-wide user-acceptance.
Did you know that:
- websites are most often compromised by SQL injection, Cross-site Scripting (XSS), and PHP File Include attacks.
- web servers are primarily exploited and compromised by brute force password guessing attacks and web application attacks.
It’s scary, but true; there are a number of automated tools designed to make it easier for even novice hackers and script kiddies to carry out such attacks. Once deployed, these attack methods give cyber criminals the ability to quickly discover and infect thousands of websites or computers at once in such a way that will propagate infections across other computers and servers around the globe.
Most importantly however, client-side vulnerabilities provide an open doorway through which many hackers can achieve their ultimate goal – stealing sensitive data for financial gain.
This entry was posted on Friday, September 18th, 2009 at 9:00 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
