In 2004, malicious hackers will continue to take advantage of security weaknesses in popular communications protocols such as Remote Procedure Call (RPC), while improvements in hacker tools will shorten the time that technology vendors and their customers have to respond to new vulnerabilities, according to comments by leading security researchers and corporate security experts at the InfoSecurity 2003 Conference and Exhibition in New York City Wednesday.
The experts, including chief security officers from eBay Inc. and Siebel Systems Inc., took part in a panel discussion of security vulnerabilities and so-called "zero-day" exploits -- vulnerabilities that are exploited by attackers before software patches have been issued.
Attacks that take advantage of holes in RPC will continue next year, according to Gerhard Eschelbeck of security company Qualys Inc. RPC vulnerabilities in Microsoft Corp.'s products were behind recent worms such as Blaster and Welchia, which spread worldwide in August.
While many of those attacks will target Microsoft operating systems, malicious hackers may also look for ways to exploit RPC security holes in Unix and Linux, he said.
