Guest LilBambi Posted October 10, 2003 Share Posted October 10, 2003 Security Group, Governments Name Top Windows, Linux VulnerabilitiesA security organization, in conjunction with the Department of Homeland Security and security agencies from both the Canadian and British governments, on Wednesday published its fourth annual list of the most commonly exploited Internet vulnerabilities.The SysAdmin Audit Security Network (SANS) Institute, which first rolled out a list four years ago with the FBI's National Infrastructure Protection Center (NIPC), unveiled a pair of Top 10 lists, one noting vulnerabilities within Windows software, the other tagging the top flaws in Linux and Unix programs. “The list is a consensus of the knowledge of people around the world who are on the front lines in the battle against cybercrime,†said Alan Paller, the director of research at the SANS Institute. Representatives from various federal agencies, security experts from the governments of the U.K. and Singapore, academics, and security professionals from the commercial sector compiled the list and voted on the most egregious vulnerabilities. The two lists are meant to steer system administrators toward the most widely exploited vulnerabilities, and include details on how they can mitigate risks associated with the vulnerable software.Some interesting, but not surprising items on the list for both Windows and Linux. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted October 10, 2003 Share Posted October 10, 2003 Here's a cut to the chase list from SANS Top 20 List: Top Vulnerabilities to Windows SystemsW1 Internet Information Services (IIS) W2 Microsoft SQL Server (MSSQL) W3 Windows Authentication W4 Internet Explorer (IE) W5 Windows Remote Access Services W6 Microsoft Data Access Components (MDAC) W7 Windows Scripting Host (WSH) W8 Microsoft Outlook Outlook Express W9 Windows Peer to Peer File Sharing (P2P) W10 Simple Network Management Protocol (SNMP) Top Vulnerabilities to UNIX SystemsU1 BIND Domain Name System U2 Remote Procedure Calls (RPC) U3 Apache Web Server U4 General UNIX Authentication Accounts with No Passwords or Weak Passwords U5 Clear Text Services U6 Sendmail U7 Simple Network Management Protocol (SNMP) U8 Secure Shell (SSH) U9 Misconfiguration of Enterprise Services NIS/NFS U10 Open Secure Sockets Layer (SSL)Links to each are on the SANS site with reasons for being on the list. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.