SANS report flags backup software flaws

Flaws in data back-up products were among the software problems cited as most serious in a quarterly update of the SANS top 20 most critical vulnerabilities released Monday.

Vulnerabilities in Veritas backup software and Computer Associates BrightStor ARCServe Backup are very troubling, according to the SANSInstitute and the team of experts who compiled the update.

"Backup software is typically at the core of critical and important data for any organization," said Gerhard Eschelbeck, CTO at Qualys. "Compromise of a backup infrastructure is equal to compromise of a complete organization."

The update also cites several vulnerabilities in Microsoft products, including Internet Explorer, Oracle, Apple iTunes, and Firefox.

The report, which is an update to the SANS Top 20 list published annually in the fall, was culled from 422 new vulnerabilities discovered in the second quarter of this year. That number represents nearly a 20 percent increase from the number of flaws found in the second quarter of 2004.

"These critical vulnerabilities are widespread and many of them are being exploited right now," said Alan Paller, director of research at the SANS Institute. "We're publishing this list as a red flag for individuals as well as IT departments."

SANS began releasing quarterly updates to its annual list this year. Details are available at

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.