Security outfits helping hackers

IBM's latest Internet Security Systems X-Force shows that more attacks are coming within 24 hours after a vulnerability is disclosed.

It means that security flaws are being exploited in Web browsers, computer operating systems and other programs before many people even have had time to learn about them.

Biggish Blue said that web crims are using tools to help them automatically generate attacks based on publicly-available information about vulnerabilities. It used to take them ages finding holes themselves but now they have the tools to do it.

They also stand on the shoulders of the security research community who provides them with the details.

Part of the problem is that insecurity experts release not only details of the vulnerability but also so-called "proof-of-concept" exploit code to show the flaw is legitimate.

This means that criminals get a framework for building their attacks, and that saves them valuable time in doing so.

Web browsers are an area heavily targeted by hackers. Hacking exploits were available within a day after flaws were discovered 94 percent of the time, up from 79 percent in 2007, IBM's report said.

With PC vulnerabilities, over 80 per cent of the exploit code was released the same day or even before the holes were publicly disclosed. That's up from 70 percent last year, according to the IBM study. µ

L'Inq AP