Security Flaws Put Millions Of Internet Users Across The World At Risk Of Being Compromised

By Author: EC-COUNCIL
Total Articles: 68
Comment this article

Massive security flaws have put millions of Internet users across the world at risk of being hacked. More than half of Web applications have some kind of serious security flaw after development, according to Veracode’s State of Software Security report, released just recently. The report suggests that software developers need to improve their security coding skills.
Veracode analyzed 4,835 applications that were submitted to its cloud-based application testing service for a security audit over a space of 18 months. About 58 percent of Web applications generally fail a security audit the first time around. Even more worrying, 66 percent of applications developed by the software industry, as opposed to other sectors, were initially found to have an unacceptable level of security quality. Software organizations are turning out more insecure applications than other companies, the study found. Of the applications from the software companies, 72 percent of security products and 82 percent of customer-focused applications submitted to Veracode were deemed unacceptable, security wise.
According to a Microsoft announcement, ...
... Internet Explorer has put 900 million people across the globe at risk of being hacked. The flaw, which affects all versions of the popular web browser, will require an interim patch update while Microsoft prepares a long term solution. Although company maintains that no attacks have yet been reported, the tech giant highlighted scripting vulnerabilities that affected all versions of its Windows operating system. The vulnerability would allow a would be attacker to plant code that triggers malicious scripts to run which could collect private information such as e-mails and passwords, while sending the user to fake sites without their knowledge.
Recently Adobe also posted a security flaw warning Flash users of a newly discovered vulnerability that can be found within its Flash Player. This vulnerability exists within Flash Player as well as earlier versions for Windows, Mac, Linux and Solaris operating systems. It also appears in Adobe Flash Player and earlier versions for Google’s Android mobile OS, and the Authplay.dll component of Adobe Reader and Acrobat X as well as earlier 10.x and 9.x versions of Reader and Acrobat for Windows and Mac.
The critical issue could result in the OS crashing and potentially enables a hacker to cease control of the affected system. According to the company there have been reports that this security flaw is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment. Adobe stated that it is busy finalizing a fix for this issue and expects to make it available via an update for Flash Player 10.x and earlier versions for Windows, Mac, Linux, Solaris and Android.
Facebook, probably the world’s most popular social network fixes a vulnerability that would let hackers steal private data. A pair of researchers from the Indiana University found a flaw in the Facebook platform code that enables a malicious site to impersonate other Websites and obtain the same access permissions those sites receives. Facebook patched the flaw shortly after it was reported to it, and said it is not aware of the issue having been exploited.
While security flaws remained a big problem, training is also another area of concern. More than 50 percent of developers received a grade of C or lower on the application security fundamentals exam administered by Veracode as part of the study. More than 30 percent scored a D or lower. Researchers suggested that a secure development program be instituted to review code. Employees also need to be trained to improve their secure coding skills, since computer security training is not generally included in professional development opportunities in most companies, according to the report.
The number of online attacks is only going to increase if organizations fail to pay attention on the vulnerabilities and flaws of their network security. Organizations need to implement robust Internet security initiatives to protect their network and their customer’s information, including hiring highly trained information security experts in order to avoid security breaches. Information security professionals can increase their information security knowledge and skills by embarking on highly technical and advanced training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of highly technically skilled information security professionals.
CAST will provide advanced technical security training covering topics such as Advanced Penetration Testing, Digital Mobile Forensics training, Application Security, Advanced Network Defense, and Cryptography. These highly technical and advanced information security training will be offered at all EC-Council hosted conferences and events, and through specially selected EC-Council Authorized Training Centers.
About EC-Council
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other information security training programs offered in over 84 countries around the globe. EC-Council has trained over 90,000 individuals in technical security training and certified more than 40,000 security professionals. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency in the lack of highly technically skilled information security professionals.