Security flaws found for free, claims Qualys
Published: 03 May 2005 16:30 BST
Security vendor Qualys is offering a free scanning service for the 20 most serious vulnerabilities recognised by SANS, a global non-profit security training organisation.
SANS members from within government and business found more than 600 vulnerabilities within their networks in the first quarter of 2005. The 20 vulnerabilities which Qualys will look for were chosen to help companies close the most critical holes in their networks.
However, ZDNet UK has found that the service also allows users to carry out vulnerability scans on other people's computers. Although Qualys said it has put a number of preventative measures in place to stop this, it hinted that this was possible.
"There are a number of precautions we have taken to avoid abuse, such as the email registration process, the click-through (you confirm that have permission to scan the device), and the audit trail," said Gerhard Eschelbeck, vice-president of engineering at Qualys. "Nevertheless the Internet has an open architecture, and there are many free tools on the Internet for download allowing anybody to perform a scan on the Internet completely stealthily without any of these precautions."
The vulnerability scan is available here.
Research from SANS found that online criminals have turned their attention to antivirus software, media players, rather than just the operating system or browser, in order to take control of people's computers. Hackers are also continuing to find holes in Microsoft Windows and other operating systems, however.
"These critical vulnerabilities are widespread and many of them are being exploited right now," said Alan Paller, director of research for the SANS Institute. "We’re publishing this list as a red flag for individuals and IT departments who may be unaware of these vulnerabilities, or mistakenly believe their computers are protected."
Did you find this article useful?
72 out of 116 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
