IBM predicts rise in security threats in 2007

Expect more than temperatures to spike this year. A newly released

report by IBM experts predicts that software loophole exploitation of

popular programs such as Windows Vista operating system are expected to multiply. According to IBM’s Internet Security System’s X Force Team report there were on average twenty new software vulnerabilities created each day, 88 percent of which could be exploited remotely and over 50 percent of which allowed the hacker access. Considering all this, it is frustrating to realize that, as our Uncle Julius says, things can always get worse.

Most of last year’s exploits came from Internet-based malware programs

that employ what are known as “fuzzer” attack methods. No, this does not require stuffing a teddy bear into a disk drive. Rather, a fuzzer is when random data is input into a system to test its security capabilities. This method is commonly used by programmers as an easy way to test a system before release, yet ever more complex forms of fuzzers are now being employed by hackers to search for vulnerabilities. “The script kiddies of old went off to university and learned how to build and use fuzzing programs, and they’re taking that experience and applying it to uncover vulnerabilities in content-level applications,” said IBM’s Gunther Ollmann. One of the more famous fuzzers, known colloquialy as “stabface” (who names these things?), utilized Google to search for exploits in .gov and .mil web addresses.

In the next year, expect the use of fuzzers to increase, especially with the recently-released Vista coming on line. Hackers seem to take particular pleasure in abusing Microsoft products (one good reason to “make the switch” to Mac), and the complex nature of the new operating systems means that there are likely to be many opportunities for the black hats to identify points of vulnerability. Other third party programs for Vista could be similarly exploited.

-read more in Matt Hines’s EWeek report