Israeli company Beyond Security yesterday published its summary on information security for 2003. Beyond Security maps attacks and documents breaches in enterprise products and networks. The report depicts a dismal picture: 1,187 breaches in various products were documented in 2003. 37% of the problems were related to obvious Windows products, in other words, there were breaches in products running on various Windows platforms; 35% were breaches in UNIX/Linux platforms; and 28% of the break-ins were into products that run on both Windows and UNIX/Linux platforms.
Among the other prominent global software companies, Cisco Systems (Nasdaq:CSCO) had the most breaches (23); Oracle (Nasdaq:ORCL) had 14; and Symantec (Nasdaq:SYMC) had five. Breaches were also discovered in browsers: Windows Explorer had 30, compared with 15 for Opera and just one for Mozilla.
Beyond Security CEO Aviram Jenik predicts that a new worm will attack Explorer soon. Beyond Security examined various technologies and rated their computer languages. 113 breaches were found in PHP, mostly used for web servers. Particularly troublesome was PHPNuke, mainly used to manage web content, with six breaches; Java had 84 breaches, while PERL had 38. 16 breaches were documented in 2003 into the new Wi-Fi technology networks, compared with five in 2002.
Jenik made the following prediction for 2004: "The increasingly popularity of Linux will led to more joint breaches in Windows and Linux. These breaches will be a serious problem for joint networks that use both Windows and Linux computers. We already know about a new worm that will exploit one of breach in the Explorer browser. The worm's weak version is already on the network. Happily, its spread is limited, but experience shows that its attacks are unpleasant, and the worm will certainly be improved."
Published by Globes [online] - www.globes.co.il - on January 8, 2004