Slashdot Mirror

← Back to Stories (view on slashdot.org)

New SANS/FBI Top 20 List

Posted by timothy on from the reverse-pecking-order dept.

An anonymous reader submits "The SANS Institute (together with the FBI) published today an updated version of its list of The Twenty Most Critical Internet Security Vulnerabilities. As usual, part of the news is that not too much has changed. The list is split into 10 Unix and 10 Windows vulnerabilities. Leaders are BIND and IIS (last year it was RPC on the Unix side). But some issues (weak passwords) made it into both lists. For last years version, see here. In addition to this list, and a lot of other stuff, the SANS institute is behind DShield and the Internet Storm Center."

3 of 199 comments (clear)

  1. What would be the top 10 by dnotj · · Score: 5, Interesting
    If the windows and UNIX ones where mixed?

    Would billy and his band of thugs be the leader of the pack?

    What about the second 10 for m$? where would they be with the UNIX top 10? top 20?

    --
    No more Micro$oft bashing from me. Its like bashing at the special olympics.
  2. Some messed up scoring here. by caluml · · Score: 5, Informative
    The 3rd highest vulnerability to Unix is Apache?
    That's just crazy. OpenSSL and OpenSSH are having lots more problems right now. And Bind? When was the last remotely exploitable problem with that?

    Or am I reading a list from 5 years ago?

    --
    Get your own free personal location tracker
  3. Re:hurdy gurdy wurdy furdy by woozlewuzzle · · Score: 5, Insightful

    you're missing the point. They aren't trying to criticize these products. They are letting administrators know what services are being succesfully attacked the most. If you are a decent admin that isn't totally overworked, you've probably already patched and secured these services if you are running them. That is the point. They don't have the same agenda as many of the butt munches on /.