04.26.09
Windows Vulnerable, Billions in Damages, and Other Security News
Microsoft
• Windows Bugs Never Truly Squashed
Hackers can successfully attack Windows PCs months — even years — after Microsoft Corp. fixes a flaw, a security expert said, because there’s always a pool of unpatched systems.
According to data that Qualys Inc. culled from scans of more than 80 million machines, between 5% and 20% of all systems are never patched for any vulnerabilities, including those disclosed by Microsoft in its monthly security updates.
• Rigged Word docs exploit 2008 bug, say researchers
Attackers, probably based in China, are exploiting a December bug in Microsoft Word to hijack Windows PCs, Vietnamese security researchers warned today.
• The Microsoft Tax: Conficker’s estimated economic cost: $9.1 billion
“The Cyber Secure Institute claims that based on their previous studies into the average cost of such malware attacks, the economic loss due to the Conficker worm could be as high as $9.1 billion,” Dancho Danchev reports for ZDNet.
Others
• After Five Years, Apparently The Mobile Virus Flood Is Really Coming This Time
For about five years, there’s been an effort to whip up hype around the supposed threat of mobile viruses and malware. Pretty much all of that hype’s come from anti-virus vendors, so it’s been pretty suspect, particularly as this threat they’ve been hyping for so long has failed to materialize.
• International hackers, many from China, are attacking NYPD computers
A network of mystery hackers, most based in China, have been making 70,000 attempts a day to break into the NYPD’s computer system, the city’s top cop revealed Wednesday.
• K.gov cautious on EU cyberwar effort
Security chiefs are considering joining an EU wargame to help guard critical internet infrastructure against attacks from enemy states or criminals, but Whitehall officials are concerned other members of the bloc are not ready.
• The Great Brazilian Sat-Hack Crackdown
“This had been happening for more than five years,” says Celso Campos, of the Brazilian Federal Police. “Since the communication channel was open, not encrypted, lots of people used it to talk to each other.”
The New York Times called it an “unthinkable disaster”, the television news show 60 Minutes said it could “disrupt the entire internet” and we at the Guardian warned that it might be a “deadly threat”. Naysayers were few, and drowned out.