New SANS/FBI Top 20 List
An anonymous reader submits "The SANS Institute (together with the FBI) published today an updated version of its list of
The Twenty Most Critical Internet Security Vulnerabilities.
As usual, part of the news is that not too much has changed. The list is split into 10 Unix and 10 Windows vulnerabilities. Leaders are BIND and IIS (last year it was RPC on the Unix side). But some issues (weak passwords) made it into both lists.
For last years version, see here. In addition to this list, and a lot of other stuff, the SANS institute is behind DShield and the Internet Storm Center."
Top Vulnerabilities to Windows Systems
W1 Internet Information Services (IIS)
W2 Microsoft SQL Server (MSSQL)
W3 Windows Authentication
W4 Internet Explorer (IE)
W5 Windows Remote Access Services
W6 Microsoft Data Access Components (MDAC)
W7 Windows Scripting Host (WSH)
W8 Microsoft Outlook Outlook Express
W9 Windows Peer to Peer File Sharing (P2P)
W10 Simple Network Management Protocol (SNMP)
Top Vulnerabilities to UNIX Systems
U1 BIND Domain Name System
U2 Remote Procedure Calls (RPC)
U3 Apache Web Server
U4 General UNIX Authentication Accounts with No Passwords or Weak Passwords
U5 Clear Text Services
U6 Sendmail
U7 Simple Network Management Protocol (SNMP)
U8 Secure Shell (SSH)
U9 Misconfiguration of Enterprise Services NIS/NFS
U10 Open Secure Sockets Layer (SSL)