AfterDawn: News

High profile hacks targeted common software bugs

Report says high profile attacks could have been avoided easily.

Mitre, a US federal contract research laboratory, released a security analysis on Monday that addressed some of the high profile Data Breach incidents over the past year. It says that the attacks were carried out using mostly well-known software flaws, and could have been prevented with adequate testing.



It pointed to the attack on Sony Pictures as an example of an SQL-injection attack. It called SQL-injections the most dangerous flaw for web services, as it can allow outsiders to gain access to possible sensitive information or resources on servers.

The sixth most dangerous flaw it identified as "missing authorization," and pointed to the theft of records of credit card users from Citigroup in May. Identifying and fixing the flaws has a "low to medium cost", according to the report.

Complaints about flawed programming and architecture have gotten noisier in recent times. Programmers are generally not blamed for bugs in their software, and the process of reviewing their work is "uneven", according to Alan Paller, Sans director of research.

Mitre and Sans provide lists of the top 25 flaws regularly. Security firms use the flaws on that list to certify that programs they review are without any of the top 25 flaws.

Written by: James Delahunty @ 28 Jun 2011 0:22

• Previous article

• MPA seeks injunction to block Newzbin in UK

• Next article

• Microsoft Xbox VP doubts Sony's PlayStation Vita

• 3 comments

• KillerBug

  DDDDDUUUUUUHHHHHHH!!!!
  
  The hackers that did most of the high profile attacks would immediately post that they used some known exploit from 10 years ago or whatever. Mitre really earned their money...I wonder how many million dollars they charged to rewrite the blog of Lulzsec.
  

  http://killerbug666.wordpress.com/

  28.6.2011 04:05 #1

• LordRuss

  And the BP oil disaster could have been avoided had they used common sense safety devices... Once again, fix what needs fixing the first time, correctly & then you don't waste time having to do it again & again & again... Except they didn't even do it the first time.
  
  They're like sniveling children that don't want to clean their rooms. So they cram everything under their beds, into their closets and cosmetically straiten the shelves to make it look like everything is in order so they can out to play... But then you open the door to put clean clothes in & BOOM!!! Somebody gets hurt when the stuff comes sailing out.
  
  People complain that there are too many governing bodies in place at the moment. If that's the case, why is this kind of loose canon disrespect for the consumer & willful negligence being allowed to go on? If it isn't allowed, then someone wasn't there to catch them. This is punishable folks, plain and simple.
  

  http://onlyinrussellsworld.blogspot.com

  28.6.2011 10:52 #2

• smiler123

  Doh!
  

  Everything I have written is a lie and a product of my imagination.

  28.6.2011 11:33 #3