The only good news in last week's report from security vendor Symantec Corp. is that the rate at which Internet vulnerabilities were being found leveled off at seven per day in the last six months of 2003. The bad news is that now those flaws are being exploited much more quickly.
A concern of security pros is the time from when a vulnerability is disclosed publicly--often by software makers, who publish patches at the same time--and when writers of worms or viruses write malicious code to exploit it. "We looked at the life cycle from vulnerability to attack, and we could see that the speed is consistently getting faster and faster," says Vincent Weafer, senior director of Symantec Security Response. Weafer compares the three weeks it took for the Blaster worm to emerge last August to the three days that elapsed between the recent leak of Microsoft source code and an attack based on that code. The compressed time leaves businesses increasingly vulnerable, since days or months can pass before typical companies deploy patches.
Compounding the problem is the fact that blended threats, such as viruses that install backdoors for hackers after successful infections, are on the rise. They tend to be more sophisticated and damaging. Blended threats make up more than half of the top 10 malicious-code submissions Symantec received in the latter half of 2003. Of the top 50 submissions, backdoor-capable code increased 123%.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.