Slashdot Mirror


New SANS/FBI Top 20 List

An anonymous reader submits "The SANS Institute (together with the FBI) published today an updated version of its list of The Twenty Most Critical Internet Security Vulnerabilities. As usual, part of the news is that not too much has changed. The list is split into 10 Unix and 10 Windows vulnerabilities. Leaders are BIND and IIS (last year it was RPC on the Unix side). But some issues (weak passwords) made it into both lists. For last years version, see here. In addition to this list, and a lot of other stuff, the SANS institute is behind DShield and the Internet Storm Center."

1 of 199 comments (clear)

  1. The List by spoonist · · Score: 1, Redundant

    Top Vulnerabilities to Windows Systems

    W1 Internet Information Services (IIS)

    W2 Microsoft SQL Server (MSSQL)

    W3 Windows Authentication

    W4 Internet Explorer (IE)

    W5 Windows Remote Access Services

    W6 Microsoft Data Access Components (MDAC)

    W7 Windows Scripting Host (WSH)

    W8 Microsoft Outlook Outlook Express

    W9 Windows Peer to Peer File Sharing (P2P)

    W10 Simple Network Management Protocol (SNMP)

    Top Vulnerabilities to UNIX Systems

    U1 BIND Domain Name System

    U2 Remote Procedure Calls (RPC)

    U3 Apache Web Server

    U4 General UNIX Authentication Accounts with No Passwords or Weak Passwords

    U5 Clear Text Services

    U6 Sendmail

    U7 Simple Network Management Protocol (SNMP)

    U8 Secure Shell (SSH)

    U9 Misconfiguration of Enterprise Services NIS/NFS

    U10 Open Secure Sockets Layer (SSL)