Study: Backup software have security loopholes

Released by Internet security research firm SANS Institute, the study found more than 422 Internet security vulnerabilities in the second quarter of 2005, an increase of 10.8 percent from the previous quarter and nearly 20 percent over the second quarter of last year.

The report, the result of a collaboration between SANS and seven key security organizations, listed vulnerabilities from two backup software Computer Associates' BrightStor ARCServe Backup and Veritas Software's Backup Exec, as among the "most critical".

An attack on systems installed with such software could open the door for hackers to gain access into the stored data, some of which could be confidential and sensitive, according to a statement released by SANS Institute.

Said Alan Paller, SANS Institute's director of research, "We're publishing this list as a red flag for individuals as well as IT departments. Too many people are unaware of these vulnerabilities, or mistakenly believe their computers are protected."

Vulnerabilities in open source software such as the Mozilla and Firefox web browsers were also discovered, according to the report.

Rohit Dhamankar, manager of the digital vaccine research team at 3Com's TippingPoint division, noted that there is a trend to exploit not only the Windows system but installed programs from other vendors as well.

Dhamankar, who was one of the seven invited to compile the report, said: "These include backup software, management software, licensing software, and so on. Flaws in these programs put critical resources at risk, as well as have a potential to compromise the entire enterprise."