Sign in / up

back to article ONE in A HUNDRED reported bugs exploited, says Cisco

Cisco's latest annual security report has found a mix of the usual things and emerging trends: people are still naive, there's too much unpatched software out there, and there are new threat types emerging as attackers respond to defences. The report, here, notes that attackers are learning to tread more carefully. For example …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Holmes

    Doesn't surprise me that one in 100 vulnerabilities are exploited...

    But that's like saying that you will leave a random door or window unlocked at your office each night. Sure, you will get away with for a long time, but ultimately your going to come in the next morning and find your office has been ransacked.

    4 0 Reply
  2. Jonbays

    This is a bit misleading so how many breaches are caused by exploits of unpatched known vulnerabilities? It cuts both ways. Patching is the simplest and most effective way of mitigating being breached or compromised and it can be easily automated and managed for a majority of systems for lower cost than anti virus which isn't working anyway. Don't believe me than ask the Australian Signals Directorate. Their 'Top 4 Mitigation Strategies' which are:

    1.Application Whitelisting;

    2.Patch Applications;

    3.Patch Operating System;

    4.Minimise Administrative Privileges.

    0 0 Reply
  3. batfastad

    My Annual Report on Cisco

    Well my annual report on Cisco goes something like this... Sell kit that's always full of bugs, so you keep paying for support to get software updates to fix the things that supposedly should have worked in the first place. It's the same report as last year, and the last 10 years before that.

    Not that I'm bitter at having wasted most of this week dealing with an interoperability issue between minor release versions of iOS.

    0 0 Reply
  4. phuzz Silver badge
    Facepalm

    And when that one-in-a-hundred bug is exploited and your company has everything spread all over the internet, what's the chance that your boss won't sack you? One in a hundred?

    0 0 Reply
  5. yoganmahew

    Super, which one?

    Once I've patched that one, I can relax, right?

    2 0 Reply
  6. CaptainBanjax

    I often

    Have to use unpatched browsers and old java versions to work on Cisco kit because it doesnt work otherwise.

    Who remembers the Cisco PIX requiring a very specific version of Java? Any older? Wont load. Any newer? Wont work properly.

    Its still the same now for some of their kit.

    I know I know I should use a console cable...but I cant always go to the datacentre.

    The same applies to other companies mind you...im not just picking on Cisco.

    0 0 Reply
  7. Mike 137 Silver badge

    "So in 90 per cent of IE transactions, there would be some level of insecurity"

    The (obviously) prevalent idea that patched=secure is spherical and plural, and always has been. It makes no more sense than "what you don't know can't hurt you" - indeed it's grounded in that false premise.

    It's about time we stopped relying on reactive fixes based on blacklisting and got round to creating some real resilience - starting with the ability to write software that isn't littered with exploitable bugs.

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like