Microsoft Not the Only Technology with Holes
Critics love to beat up on Microsoft for its security. But in its defense, Redmond
is clearly the biggest and most fun hacker target. It also has a ton of products.
So it makes sense that holes will be found and attacks mounted.
Microsoft, at least once a month, discloses (and closes) these holes in
a very public way. Meanwhile, the Web has no Patch Tuesday, and consequently
its holes can stay open for a long, long time.
In fact, according to security concern Cenzic, some 70 percent of the Web apps
it looked at lacked
secure communications. Two-thirds of these apps were deemed "easily
exploitable." In many cases, there's no system in place or real plan to
improve Web security and plug holes. The two biggest vulnerabilities, Cenzic
reported, are SQL injections and cross-site scripting.
Posted by Doug Barney on 05/14/2008 at 1:15 PM