- MEMBERS RECEIVE ACCESS TO:
- CIO Leadership Group
  CIO Leadership Task Force provides a unique forum for Chief Information Officers from the largest cities and counties in the U.S. to privately interact, both through an online collaboration site and in regular face-to-face meetings. It offers these leaders an on-going opportunity to share information and experiences, and to discussing IT challenges facing larger community jurisdictions.
- Digital Infrastructure
  Task Force
  The Digital Infrastructure Task Force is a collaborative networking group for government IT professionals. Through timely exchange of information and experiences, both online and through regular face to face meetings, municipal and regional government members help each other to make smarter technology decisions for their communities.
- Law Enforcement
  IT Task Force
  The Law Enforcement Task Force is a collaborative networking group for local law enforcement officials from across the nation. In online and regular face to face meetings, both sworn and civilian law enforcement officials come here to discuss technology trends, collaboration and information sharing opportunities within the local law enforcement community.
- Private Events
  and Webinars
- Exclusive White Papers
- JOIN:
- Public Sector
- Private Sector
Digital Communities Home
Introduction
Feature Articles
Local Government Events
Contact
Digital Communities Blogs
Digital Citizen Pulse
Broadband Nation
Web 2.0 Convergence
In the Trenches
International Beat
Notes from a City CIO
Intelligent Communities
MuniGov 2.0
Surveys and Awards
Digital Cities Survey
Digital Counties Survey
DGAA Awards
Best of the Web Awards
Reference and
Resource Library
White Papers
Exclusives
Webinars
Best Practices
Digital Communities
Special Focus
Current Issue
Past Issues
Subscribe

Digital Communities
Industry Members

Click sponsor logos for whitepapers, case studies, and best practices.

The Dirty Dozen -- 2008's Most Popular Applications with Critical Security Vulnerabilities

December 17, 2008 By News Report

Bit9 unveiled its annual ranking of popular consumer applications with known security vulnerabilities. Often running outside of the IT department's knowledge or control, these applications can be difficult to detect; they create data leakage risk in endpoints that are otherwise secure; and cause compliance breaches that can result in costly fines. The list, published in a research brief entitled "2008's Popular Applications with Critical Vulnerabilities," is designed to highlight the need for greater visibility and control over organizations' endpoints, including laptops, PCs, servers and Point-of-Sale systems.

The list this year expanded to include 12 applications, up from 10 last year, due to the increase in vulnerabilities and the popularity of applications such as Skype and Yahoo! Assistant that are often used by employees within an enterprise.

Five of the top 12 applications with known vulnerabilities include:

Mozilla Firefox, versions 2.x and 3.x
Adobe Acrobat, versions 8.1.2 and 8.1.1
Microsoft Windows Live (MSN) Messenger, versions 4.7 and 5.1
Apple iTunes, versions 3.2 and 3.1.2
Skype, version 3.5.0.248

Each application on the list has the following characteristics:

Runs on Microsoft Windows.
Is well-known in the consumer space and frequently downloaded by individuals.
Is not classified as malicious by enterprise IT organizations or security vendors.
Contains at least one critical vulnerability that was first reported in January 2008 or after and is registered in the U.S. National Institute of Standards and Technology's (NIST) official vulnerability database and given a severity rating of high (between 7.0-10.0) on the Common Vulnerability Scoring System (CVSS).
Relies on the end user, rather than a central IT administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.
The application cannot be automatically and centrally updated via Enterprise tools such as Microsoft SMS & WSUS.

"Year after year, we see a growing number of applications within the enterprise creating security vulnerabilities that are easily prevented through better visibility across endpoints, and a more centralized patch-management process," said Harry Sverdlove, CTO, Bit9. "2008 has been no exception. This year, along with the widely reported huge increase in malware, the number of well-known applications causing security problems for companies has also increased. Our annual ranking now covers 12 applications, up from 10 last year.

| More

Alabama Awards Security Services Contract

Add Your Comment

Name *

Comment *

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies

Living in a Smart City: Chattanooga, TN: The only one Gigabit broadband service in the United States for residential and business customers is now available citywide in Chattanooga, Tennessee. Let's meet people who live and work in one of the smartest city: what services do they embrace today, what is their vision for the future, and what kind of culture do they think makes this all possible and what's their definition of a smart city.
Creating Your Smart Grid: A How-To Guide: The smart grid promises to bring unprecedented opportunities for both utilities and consumers, improving safety, reliability, efficiency and security. The latest communications technologies will greatly improve awareness of grid conditions – in real time – for better control, management and decision-making.
WHITEPAPER: D Block Spectrum Act and the FirstNet Broadband Network. What does it all mean?: On Feb 22, 2012, the Middle Class Tax Relief and Job Creation Act of 2012 was enacted into law. This law will ensure the establishment of a nationwide, interoperable public safety broadband network in every state and territory in the U.S. Learn about the new law and what you can do to prepare for it now.

Latest From Digital Communities Features

Follow @dcommunities

Law Enforcement Digital Infrastructure

Digital Communities members get access to our collaboration task forces

427 Members

77 Discussions

84 Files

Latest members Become a member

Digital Communities members get access to our collaboration task forces

669 Members

145 Discussions

150 Files

Latest members Become a member

Featured White Papers & Reports

The Future of the Desktop in Government

Until recently, there was no alternative to the familiar desktop computer, and its expensive upgrades and maintenance requirements. For cash-strapped local governments, the desktop computer is quickly becoming an unsustainable option for future progress. Now, a technology known as virtual desktop infrastructure (VDI) offers an alternative. It can be significantly more affordable than buying individual computers for every employee, and it provides similar capability. This paper shows how VDI is the future of the desktop and is a game-changer for local governments.

View Full Library

Events

GTC East

Don't miss this opportunity to see the latest in digital government solutions, keep abreast of current policy issues and network with key government executives, technologists and industry specialists.

View All Events