SANS/FBI Release Top 20 Security Vulnerabilities

theBraindonor writes "SANS Institute and the FBI have compiled a listing of the The Twenty Most Critical Internet Security Vulnerabilities. The list is broken down into two groups: Windows Systems and Unix Systems." The list of Unix vulnerabilities is also a list of the network programs I (and presumably many others) use most. It's a good thing there's BugTraq.

The number one vulnerability for Windows boxen is:

[The+Pi-Guy]

IIS!!

Not any particular 'sploit, but on the page, IIS is THE NUMBER ONE vulnerability for Windows boxen.

Like Mr. Valentine said, "[Microsoft's] products are not engineered for security". Or something like that.

--j

Lather, rinse, repeat

[devphil]

Two years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list, and the expanded Top Twenty, which followed a year later, to prioritize their efforts so they could close the most dangerous holes first.

And if memory serves, the Unix list is exactly the same, with perhaps the exception of Apache. The r* services, sendmail, yep, all still there. Who in their right mind uses r* and sendmail on anything connected to the public internet?

Anyone correct me on whether the others have changed? They all look familiar to me.