Adobe Flash To Be Top Hacker Target In 2010 180
An anonymous reader writes "Adobe Systems' Flash and Acrobat Reader products will become the preferred targets for criminal hackers (PDF) in 2010, surpassing Microsoft Office applications, a security vendor predicted this week. 'Cybercriminals have long picked on Microsoft products due to their popularity. In 2010, we anticipate Adobe software, especially Acrobat Reader and Flash, will take the top spot,' security vendor McAfee said in its '2010 Threat Predictions' report. 'We have absolutely seen an increase in the number of attacks, around Reader in particular and also Flash Player to some extent,' CTO Kevin Lynch told reporters at the Adobe Max conference in October. 'We're working to decrease the amount of time between when we know about a problem and when we release a fix. That used to be a couple of months; now it's within two weeks for critical issues.'"
Yuh huh (Score:3, Insightful)
This is about finding a common infection point (Score:4, Insightful)
With the recent popularity of Apple products and other internet surfing enabled devices, this is all about infecting the most machines possible. Previously that was easily accomplished by targeting the most popular devices - Windows PCs. But now there are even more targets available and most of them run Adobe Reader and Flash.
What happens to all the folks (us?) who have been gloating over the security of our Macs, Linux, smartphones etc. when these apps get broken? Time to eat crow?
Re:This is about finding a common infection point (Score:2, Insightful)
There is already a solution (Score:2, Insightful)
Re:Yuh huh (Score:5, Insightful)
At work we had a Windows Server 2008 hacked. It was killing the whole network sending spam and trying to infect other machines on our AD. Our boss was already blaming Bill Gate's mother ... On a closer inspection, the problem was discovered. The system was running a quite old version of WebBoard (a system for collaboration, which was developed originally by O'Reilly). The firewall has the port 8080 open to allow users to connect. Some people discovered the open port, found out that WebBoard was running, and took advantage of the vulnerability to upload and run malicious code on the server. Because WebBoard is a service, running as the System account, you can imagine what happened there. Did our IT manager know about this vulnerability. Not at all, even if it was fixed on a posterior build.... How many "forgotten" programs, and non-OS related services do people have running in their machines, unpatched and unattended? Think about this...
Re:This is about finding a common infection point (Score:3, Insightful)
What happens to all the folks (us?) who have been gloating over the security of our Macs, Linux, smartphones etc. when these apps get broken? Time to eat crow?
I can't speak for Macs or smartphones (who gloats over the security of smartphones? Things like the amount of iphone jailbreaking going on or the Tmobile sidekick crash make it pretty clear smartphones have issues...), but Linux is still more secure the Windows in this respect. There's numerous ways to isolate the damage that could be done from a hole in flash. MAC like SELinux or AppArmor are perfect for this, and Windows still doesn't have a competent MAC implementation (MIC is insufficient). There's ways to sandbox firefox without MAC, too, such as setting everything up to sudo to another user every time firefox is called. There's a LOT of ways to deal with this.
Now, all of these take some work on the user's part. Stupid/lazy Windows users can be pwned just as badly as stupid/lazy Linux people. But it's not as though a competent individual is just as badly off on both platforms... Linux has solutions for dealing with untrusted things like flash where Windows does not. If you actually and actively care about security, you can continue to gloat about Linux's superiority in this respect. If you're too lazy to take security seriously, you can be pwned on both counts.
Re:This is about finding a common infection point (Score:3, Insightful)