Flawed backup software has emerged as the latest target for hackers looking for corporate secrets, according to a survey released yesterday.
The survey by the non-profit SANS Institute found new holes in widely used software products, even as computer users are getting better at patching some favourite hacker targets.
Attackers are now focusing on desktop software, like Web browsers and media players, that might not get fixed as frequently as Microsoft`s Windows operating system and other software widely used by business, the cybersecurity research organisation found.
More than 422 significant new Internet security vulnerabilities emerged in the second quarter of 2005, the cybersecurity research organisation found, an 11% increase from the first three months of the year.
Particularly troubling are holes in backup software made by Computer Associates International and Veritas Software, which together account for nearly one-third of the backup-software market, said Ed Skoudis, founder of the security company Intelguardians.
"If you think about it, people back up information that is their most important information, otherwise they wouldn`t back it up at all, right?" Skoudis said on a conference call.
"By exploiting one of these vulnerabilities, an attacker can get in there and exploit some of the most sensitive information for some of the most sensitive organisations."
Fixes are available for all the problems outlined in the SANS report, but many of the new flaws aren`t fixed as quickly as older ones.
Administrators take an average of 62 days to fix backup software and other software inside their firewall, compared to an average of 21 days for e-mail servers and other products that deal directly with the Internet, said Gerhard Eschelbeck, chief technical officer of business-software maker Qualsys.
Home users typically take even longer to fix problems, said SANS chief executive Allan Paller.
Many of the new flaws were found on products popular with home users.
Flaws in media players like Apple Computer`s iTunes and RealNetworks` RealPlayer could enable a hacker to get into a user`s computer through a poisoned MP3 file.
Users of Microsoft`s Internet Explorer Web browser could be compromised simply by visiting a malicious Web site, SANS said.
Even the open source Mozilla and Firefox Web browsers, which have gained in popularity thanks to security concerns, had flaws as well, Paller said.