ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

Security flaws found for free, claims Qualys

Dan Ilet ZDNet.co.uk

Published: 03 May 2005 16:30 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Security vendor Qualys is offering a free scanning service for the 20 most serious vulnerabilities recognised by SANS, a global non-profit security training organisation.

SANS members from within government and business found more than 600 vulnerabilities within their networks in the first quarter of 2005. The 20 vulnerabilities which Qualys will look for were chosen to help companies close the most critical holes in their networks.

However, ZDNet UK has found that the service also allows users to carry out vulnerability scans on other people's computers. Although Qualys said it has put a number of preventative measures in place to stop this, it hinted that this was possible.

"There are a number of precautions we have taken to avoid abuse, such as the email registration process, the click-through (you confirm that have permission to scan the device), and the audit trail," said Gerhard Eschelbeck, vice-president of engineering at Qualys. "Nevertheless the Internet has an open architecture, and there are many free tools on the Internet for download allowing anybody to perform a scan on the Internet completely stealthily without any of these precautions."

The vulnerability scan is available here.

Research from SANS found that online criminals have turned their attention to antivirus software, media players, rather than just the operating system or browser, in order to take control of people's computers. Hackers are also continuing to find holes in Microsoft Windows and other operating systems, however.

"These critical vulnerabilities are widespread and many of them are being exploited right now," said Alan Paller, director of research for the SANS Institute. "We’re publishing this list as a red flag for individuals and IT departments who may be unaware of these vulnerabilities, or mistakenly believe their computers are protected."

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
72 out of 116 people found this useful


Full Talkback thread

0 comments


Company/Topic Alerts

Create a new alert from the list below:




Sentry Posts Blog

Nasa and the virus

Yesterday the BBC ran a story about a computer virus making it into orbit, which I read with incredulity. OK, it's a nice silly season story on the surface, but what really got me was... More

3 comments

Customer data found on eBay server hig...

The recent news about customer details being retrieved from a server sold on eBay is yet another story about the sorry state of information security in the electronic age (see: http://news.zdnet.co.uk/...m).... More

Post a comment

Does it matter if you are an aardvark...

In spam terms, apparently it does. According to Cambridge University security expert Richard Clayton, if your email address is aardvark at animal.net, you are more likely to receive... More

5 comments