New SANS/FBI Top 20 List

Posted by timothy on Wednesday October 8, 2003 @09:14AM from the reverse-pecking-order dept.

An anonymous reader submits "The SANS Institute (together with the FBI) published today an updated version of its list of The Twenty Most Critical Internet Security Vulnerabilities. As usual, part of the news is that not too much has changed. The list is split into 10 Unix and 10 Windows vulnerabilities. Leaders are BIND and IIS (last year it was RPC on the Unix side). But some issues (weak passwords) made it into both lists. For last years version, see here. In addition to this list, and a lot of other stuff, the SANS institute is behind DShield and the Internet Storm Center."

2 of 199 comments (clear)

Min score:

Reason:

Sort:

Some messed up scoring here. by caluml · 2003-10-08 09:23 · Score: 5, Informative

The 3rd highest vulnerability to Unix is Apache?
That's just crazy. OpenSSL and OpenSSH are having lots more problems right now. And Bind? When was the last remotely exploitable problem with that?
Or am I reading a list from 5 years ago?

--
Get your own free personal location tracker
And the #1 vulnerability is... by moltar77 · 2003-10-08 10:07 · Score: 4, Informative

Windows! On a more serious note, the web site listed a very nice link for manually removing Outlook Express. At last I can purge my hard drive of that thing!!