Security Pros Are Focused on the Wrong Threats
Technology - Bits Blog - NYTimes.com.
The is an overview of the recently released biannual report from the SANS Institute, which provides training and support for computer security professionals.
Microsoft is doing a better job in providing patches for Windows, so while this was the major concern in the past, there are two more important security risks emerging: security weaknesses in programs that are not usually updated on a regular basis (Microsoft Office, Adobe's Flash Player & Acrobat, Java apps, and Apple's QuickTime); and, attacks on company Web sites using such techniques as SQL injection and cross-site scripting. For instance, flaws in the code might unknowingly provide admin rights so that malicious script can be run.
In the worst cases, hackers can gain sensitive customer data, or infect users' computers, making them zombies within a larger botnet.