

We Are Toast: Latest Malware report - iamelgringo
http://blogs.gartner.com/neil_macdonald/2009/03/16/we-are-toast/

======
CWuestefeld
Interesting conclusion that we should think about: bad guys are moving "up the
stack", targeting businesses themselves rather than users.

However, the path that the Gartner article takes to get there is garbage. The
graph at the top should tip you off to "lies, damned lies, and statistics":
when there are no labels for the axes, what do they expect you to think?

Showing an increasing number of vulnerabilities _in web apps_ really just
shows that the number of web apps is increasing. This "revelation" doesn't
necessarily show that any particular user is more vulnerable; if they're using
the same set (or same number) of services, then we have no data showing an
increased risk _per service_. And for any particular service, we don't even
have any _suggestion_ of increased exposure.

Personally, I'm relieved to see reports like "SQL injection attacks increased
by 30x within the last six months". This kind of vulnerability is so trivially
avoided that I'm glad to hear that the bad guys are wasting their time on it.

~~~
stcredzero
Provable security could still be a major selling point for a web framework.
(If it were implemented in a way that didn't compromise other functionality.)

------
jgrahamc
Two issues are interesting here:

1\. The overall trend in malware variants as putting the signature based
scanning mechanisms of old in risk because of the total volume.

2\. Spam is getting simpler (as predicted by PG long ago).

------
stcredzero
Thank you, PHP!

