By Andy Sullivan
Flawed backup software has emerged as the latest target for hackers looking for corporate secrets, according to a survey released on Monday.
The survey by the nonprofit SANS Institute found new holes in widely used software products, even as computer users are getting better at patching some favorite hacker targets.
Attackers are now focusing on desktop software, like Web browsers and media players, that might not get fixed as frequently as Microsoft Corp.'s Windows operating system and other software widely used by business, the cybersecurity research organization found.
More than 422 significant new Internet security vulnerabilities emerged in the second quarter of 2005, the cybersecurity research organization found, an increase of 11 percent from the first three months of the year.
Particularly troubling are holes in backup software made by Computer Associates International Inc. and Veritas Software Corp., which together account for nearly one-third of the backup-software market, said Ed Skoudis, founder of the security company Intelguardians.
"If you think about it, people back up information that is their most important information, otherwise they wouldn't back it up at all, right?" Skoudis said on a conference call.
"By exploiting one of these vulnerabilities, an attacker can get in there and exploit some of the most sensitive information for some of the most sensitive organizations."
Fixes are available for all the problems outlined in the SANS report, but many of the new flaws aren't fixed as quickly as older ones.
Administrators take an average of 62 days to fix backup software and other software inside their firewall, compared to an average of 21 days for e-mail servers and other products that deal directly with the Internet, said Gerhard Eschelbeck, chief technical officer of business-software maker Qualsys.
Home users typically take even longer to fix problems, said SANS chief executive Allan Paller.
Many of the new flaws were found on products popular with home users.
Flaws in media players like Apple Computer Inc.'s iTunes and RealNetworks Inc.'s RealPlayer could enable a hacker to get into a user's computer through a poisoned MP3 file.
Users of Microsoft's Internet Explorer Web browser could be compromised simply by visiting a malicious Web site, SANS said.
Even the open-source Mozilla and Firefox Web browsers, which has gained in popularity thanks to security concerns, had flaws as well, Paller said.
Copyright 2005 Reuters Limited.
NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at