Hackers Count On Unpatched Problems -- How Patched Are Yours?

The lesson of the mass-hack that tagged 70,000 Web pages over the past week is be careful what you ask for on your Web site -- and be even more careful that you're completely patched before you ask.The evidently Chinese-launched attack targeted SQL database-driven catalog and other pages that request visitor information such as user-names.

The attack found entry through a couple of old vulnerabilities, one of them a Windows hole that's been known and patchable since September, 2006. Another entry-point was a RealPlayer vulnerability from a few months ago, also fixable with a patch. (Look here for news of a newer RealPlayer flaw.)

And therein lies the lesson -- whether your small or midsize business manages its own Web site and pages or hires their management out, insistence upon the strictest adherence to patch policies and their implementation is as essential to your business security as antivirus, firewall and other updates.

No way around this -- because the hackers clearly know their way around this.