Wednesday, August 19, 2009

ONO! Huge Security Hole on the Web


Trusteer Warns of Huge Security Hole on the Web

80 Percent of Web Users are Vulnerable to Attacks that Exploit Flaw in Adobe Flash and Acrobat Software

NEW YORK-- Trusteer, the customer protection company for online businesses, reported today that two weeks after Adobe released a critical patch for Flash and Acrobat Reader nearly 80 percent of Internet users are still vulnerable to attacks that exploit these vulnerabilities. These findings are based on more than 2.5 million users of the Rapport browser security service. This may be the biggest security hole on the Internet today, since 99 percent of Internet users are using Flash in their browsers (http://www.adobe.com/products/player_census/flashplayer/).

A report released today by Trusteer found that among the 2.5 million Internet banking users in North America and Europe protected by its Rapport security service, 98.8 percent have Flash active in their browser. From this sample, 80 percent were running outdated and unpatched versions of Flash, while 84 percent were running a vulnerable version of Acrobat. The full report is available at http://www.trusteer.com/files/Flash_Security_Hole_Advisory.pdf.

From a security avoidance standpoint Flash and Acrobat are the ultimate platforms for distributing malware. Targeting vulnerabilities in these applications is extremely efficient since it enables criminals to target 99 percent of Internet users. By comparison, targeting vulnerabilities in Internet Explorer only reaches approximately 65 percent of Internet users. While Firefox-based attacks only reach 30 percent.

“Adobe is facing some major security challenges and one of its biggest hurdles is its software update mechanism. For some reason, it is not effective enough in distributing security patches to the field,” said Mickey Boodaei, CEO of Trusteer. “Given the lack of attention this situation has received to date, it appears that few people understand the magnitude of the problem. We recommend that all enterprises and individuals install the latest Flash and Acrobat updates immediately.”

About Rapport

Rapport from Trusteer is a lightweight browser plug-in plus security service that acts like a vault inside the browser and prevents redirection of user information to fraudulent websites. It protects personally identifiable information (PII) and Web pages from unauthorized access and theft while users are accessing sensitive Web sites. Trusteer also offers in-the-cloud reporting services where unauthorized access attempts detected by Rapport are analyzed by fraud experts who provide actionable intelligence to financial institutions.

About Trusteer

Trusteer enables online businesses to secure communications with their customers over the Internet and protect PII from a user's keyboard into the company's Web site. Trusteer's flagship product, Rapport, allows online banks, brokerages, healthcare providers, and retailers to protect their customers from identity theft and financial fraud. Unlike conventional approaches to Web security, Rapport protects users' PII even if their computer is infected with malware including Trojans and keyloggers, or is victimized by pharming or phishing attacks. Trusteer is a privately held corporation led by former executives from Cyota/RSA Security, Imperva, and NetScreen/Juniper. For more information visit www.trusteer.com

Contacts
Marc Gendron PR
Marc Gendron, 781-237-0341
marc@mgpr.net


Reblog this post [with Zemanta]

Disqus for ePayment News