Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Wireless woes exaggerated, says study

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Wireless woes exaggerated, says study
Date: Thu, 17 Nov 2005 01:26:00 -0600 (CST) 
http://www.techworld.com/security/news/index.cfm?NewsID=4801

By John E. Dunn
Techworld
16 November 2005

The number of wireless security vulnerabilities in the real world is
vanishingly small, research from Qualys has suggested.

That was the finding of latest annual Laws of Vulnerabilities report
written by Qualys CTO Gerhard Eschelbeck.

Despite worries about wireless security, only one in 20,000 of the
vulnerabilities uncovered by scans of the company's customer base
related to wireless systems. The figure can be considered significant
because it was drawn from analysis of 32 million live networks scans
and 21 million uncovered instances of vulnerabilities.

The research also showed (PDF) [1] that external network patching
"half-life" has improved from last year's figure of 21 days to this
year's 19 days. The half-life is defined at the time it takes
company's to patch at least 50 percent of their systems, thus reducing
exposure to security threats.

Internal network patching has also come down from 62 days to 48 days
during the same period. In total, 90 percent of such exposure is
caused by only 10 percent of the critical holes.

On a less positive note, the time it takes for exploits to appear for
vulnerabilities is also shrinking. Fully 80 percent of the most
dangerous holes are exploited within the current half-life period. The
overwhelming majority of automated attacks do their damage in the
first 15 days.

"2005 has been the year of improvements for patching and updating
vulnerable systems. This is heavily driven by the fact that vendors
like Microsoft and others are now are issuing regular advisories with
patch updates, which ends up speeding the prioritisation and
remediation efforts within organizations," said Eschelbeck.

As with last year, Microsoft dominates the top ten critical
vulnerabilities, both for internal and external networks. Not
surprisingly given the company's desktop dominance, the report detects
a marked move towards security holes affecting clients rather than
servers, with the former accounting for 60 percent of new
vulnerabilities uncovered.

[1] http://www.qualys.com/docs/laws_of_vulnerabilities.pdf



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Wireless woes exaggerated, says study, InfoSec News <=
Previous by Date:  [ISN] Provo patching security after hackers sack site, InfoSec News
Next by Date:  [ISN] Can you afford to lose your data?, InfoSec News
Previous by Thread:  [ISN] Provo patching security after hackers sack site, InfoSec News
Next by Thread:  [ISN] Can you afford to lose your data?, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]