Could I ask, from the perspective of an internal systems administrator, the
so called â??good guyâ?, do you hackers / pen testers see any major trends in
the IT security industry that people with malicious intent are now targeting
or exploiting these days, as opposed to say, 5 years ago? Has any of the
main focus of primary attack shifted in the last few years?
I have always looked at the pen testing / hacking industry with great
interest and in many ways, amazement, but some of it seems such an
underground industry nobody ever really knows â??whatâ??s coming nextâ?, so we
struggle to stay current with where we need to invest next and step up our
own guard and procedures to stop the next few years wave of â??new exploitsâ?.
Iâ??ve seen some of you post that server side vulnerabilities are becoming a
less favourable and fruitful exploit â?? any particular reason why, and you
tell us the majority of exploits now targeted by the bad guys are â??client
sideâ?, which I suspect you mean unpatched client apps like Adobe Reader etc?
Any reason for the switch from focusing primarily on the server side, and
now focusing on client side exploits more?
I wondered if youâ??d be willing to say â??in 2010 these are the main threats
that criminals/hackers are commonly trying to exploit these days, as opposed
to these vulnerabilities and exploits which were the main number 1 target
focus 5 years backâ?. You always stay ahead of the game in finding new areas
of â??low hanging fruitâ? every few years, so I canâ??t see any issue in at least
asking the question on main areas of focus now from the pen testing /
hacking community.
It always seems to evolve, in that you will target certain â??familiesâ? or
vulnerabilities for a few years, and then the suppliers will offer tools and
automated patch solutions to hamper you, so then you move on to other low
hanging fruit that hadnâ??t been considered or targeted as much before.
Any input or feedback most welcome. Thanks for taking the time to read my
post.
--
View this message in context: http://old.nabble.com/Evolution-of-security-threats-and-exploits...-tp30
348296p30348296.html
Sent from the Penetration Testing mailing list archive at Nabble.com.
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
Could I ask, from the perspective of an internal systems administrator, the
so called â??good guyâ?, do you hackers / pen testers see any major trends in
the IT security industry that people with malicious intent are now targeting
or exploiting these days, as opposed to say, 5 years ago? Has any of the
main focus of primary attack shifted in the last few years?
I have always looked at the pen testing / hacking industry with great
interest and in many ways, amazement, but some of it seems such an
underground industry nobody ever really knows â??whatâ??s coming nextâ?, so we
struggle to stay current with where we need to invest next and step up our
own guard and procedures to stop the next few years wave of â??new exploitsâ?.
Iâ??ve seen some of you post that server side vulnerabilities are becoming a
less favourable and fruitful exploit â?? any particular reason why, and you
tell us the majority of exploits now targeted by the bad guys are â??client
sideâ?, which I suspect you mean unpatched client apps like Adobe Reader etc?
Any reason for the switch from focusing primarily on the server side, and
now focusing on client side exploits more?
I wondered if youâ??d be willing to say â??in 2010 these are the main threats
that criminals/hackers are commonly trying to exploit these days, as opposed
to these vulnerabilities and exploits which were the main number 1 target
focus 5 years backâ?. You always stay ahead of the game in finding new areas
of â??low hanging fruitâ? every few years, so I canâ??t see any issue in at least
asking the question on main areas of focus now from the pen testing /
hacking community.
It always seems to evolve, in that you will target certain â??familiesâ? or
vulnerabilities for a few years, and then the suppliers will offer tools and
automated patch solutions to hamper you, so then you move on to other low
hanging fruit that hadnâ??t been considered or targeted as much before.
Any input or feedback most welcome. Thanks for taking the time to read my
post.
--
View this message in context: http://old.nabble.com/Evolution-of-security-threats-and-exploits...-tp30
348296p30348296.html
Sent from the Penetration Testing mailing list archive at Nabble.com.
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]