Web Technologies and Windows XP More Vulnerable Than Ever: Survey

According to a survey conducted by Symantec (News - Alert) on Black Hat attendees, Web technologies and Web services will pose greater security threats next year.

 

The survey, commissioned by Applied Research, analyzes Black Hat attendees’ views on vulnerability research and the challenges and opportunities they anticipate they will face over the next twelve months, said Symantec on Friday.

 

The Black Hat technical security conference was attended mostly by IT managers and independent researchers, especially in the high tech industry within North America. The initial data collected reflects responses from 500 attendees, said Symantec.

 

According to the survey, 18 percent of Black Hat attendees came from countries outside North America.

 

Of the 500 attendees, 46 percent believe Web services and Web 2.0 technologies as the technologies that contain greater security issues next year. About 35 percent of them believed virtualization as the top security concern, Symantec said.

 

Web technologies are the greatest concern from a vulnerability perspective among IT managers. This year, Windows XP platform is the operating system of greatest concern to IT managers. In 2007, they were more concerned of Vista vulnerabilities, said the survey.

 

Insufficient access controls are the main sources of data theft, said 26 percent of the respondents, according to Symantec. About 23 percent of people surveyed said lost/stolen laptops are the main source of data theft. Other main reasons identified for data theft are data sent to third parties (21 percent) and improper posting of data to the Internet, intranet and extranet (20 percent). 

 

Symantec survey showed that more than one third of the respondents are currently implementing whitelisting within their organization. The survey said all enterprise systems are considered to be quite critical in protecting with whitelisting, with servers surpassing other enterprise systems slightly.

 

For 52 percent of the respondents, job function was the motivation behind researching an application or a technology, while for 44 percent of them curiosity is the motivating factor.

 

Symantec survey found 55 percent of the respondents have not created any piece of malcode in the name of research or education.  However, 17 percent of them responded they would create malware if they thought it would help in research or education.

 

About half of the respondents plan to pursue research on infrastructure networking technology next year whereas 34 percent of them wish to pursue research on Web technologies.