"This updated SANS Top Twenty is actually two Top Ten lists: the ten most commonly exploited vulnerable services in Windows and the ten most commonly exploited vulnerable services in UNIX and Linux. Although there are thousands of security incidents each year affecting these operating systems, the overwhelming majority of successful attacks target one or more of these twenty vulnerable services."
you're missing the point.
They aren't trying to criticize these products. They are letting administrators know what services are being succesfully attacked the most.
If you are a decent admin that isn't totally overworked, you've probably already patched and secured these services if you are running them. That is the point. They don't have the same agenda as many of the butt munches on/.
The point of the lists is not to embarass the makers of operating systems. It is to let administrators (of either operating system) what the most successfully attacked services are, so that they can concentrate their efforts.
I recall a study, perhaps last year, by NASA of all people that, by just addressing the Top 20 list, they were able to reduce security incidents by over 90%.
It doesn't mean you shouldn't secure everything, but you need to prioritize when you are overworked, underpaid and underappreciated
I think we're talking K-12 here.
The purpose of K-12 is to teach kids to think and how to learn - it isn't a job prep school, it's a life-prep school. In the final 2 years of high school, there will be kids who go directly into the job market for whatever reason. A percentage of these will require specific computer skills (many will need to know how to make change). It would be nice for these kids to learn the current standard (MS Office) - but it really isn't the (public) school's responsibility to provide that.
For all the students younger than that, learning a specific product won't help them much, since that product won't be de riguer when they get out of high school. Of course, those that go on to college will be even more removed from the current computing environment.
Teach the kids how to use a computer, how to figure out how to use a product (Contextual menus, help files, interface hints) - they can brush up on specific technologies when they're ready to get a job.
It's like the complaint that schools use Macs, but Autocad isn't available on the Mac, so they need to switch to PCs - How many 6th graders are quitting school to take a job that requires Autocad skills? Is the correct solution to teach them autocad earlier?
Since OS News had this yesterday (as did Arstechnica) I've seen a number of people installed without issue. I've done 2 servers in my lab (both were up to date on all hotfixes already) and they seem fine so far.
I heard rumors (fud? who knows) that some systems that were only at SP2 had problems after upgrading, but I wouldn't think that is a widespread problem right now.
Test, retest then deploy
Ummm,
The version of the book I read had Gandalf opposed to going thor Moria.
Also, it was Glorfindal that loaned Asfaloth to Frodo to get him over the Ford of Bruinen. Legolas didn't show until the council meeting.
Cheers
Agreed - instead of making a filesystem that can search their proprietary formats (.doc,.xls, etc) - why not make the formats more easily searched. Put all you numbers and text (what the heck is email , afterall, but text) into text files, use your resource fork (ok, stream) for all formatting code which doesn't need searching.
Sounds like xml docs with formatting appendages (streams) would be a bit easier.
I guess Bill would lose his Office monopoly tho, if that were the case.
Slashdot Mirror
Are you suggesting that securing Windows is as easy as locking the doors of a car?
Try this bit:
"This updated SANS Top Twenty is actually two Top Ten lists: the ten most commonly exploited vulnerable services in Windows and the ten most commonly exploited vulnerable services in UNIX and Linux. Although there are thousands of security incidents each year affecting these operating systems, the overwhelming majority of successful attacks target one or more of these twenty vulnerable services."
make more sense??
Who missed the point?
Did you read what the list is supposed to signify?
sheesh!
OK So I f-ed up my html tags and made it all bold. 1. Sue me 2. ???? 3. Profit!
you're missing the point. They aren't trying to criticize these products. They are letting administrators know what services are being succesfully attacked the most. If you are a decent admin that isn't totally overworked, you've probably already patched and secured these services if you are running them. That is the point. They don't have the same agenda as many of the butt munches on /.
The point of the lists is not to embarass the makers of operating systems. It is to let administrators (of either operating system) what the most successfully attacked services are, so that they can concentrate their efforts. I recall a study, perhaps last year, by NASA of all people that, by just addressing the Top 20 list, they were able to reduce security incidents by over 90%. It doesn't mean you shouldn't secure everything, but you need to prioritize when you are overworked, underpaid and underappreciated
U5 Clear Text Services Think that covers ftp and telnet
Uhh, I think Priv Sep is only an OpenSSH thing, not OpenSSL. Correct me if I'm wrong, though. It has happened once. No, twice (damn)
I thought the whole idea of XML was that it was self-documenting? So what will be the next big thing to save the world?
More suitable to Linux: Flip Over, Read Directions
Thus Spake Zarathustra
I think we're talking K-12 here. The purpose of K-12 is to teach kids to think and how to learn - it isn't a job prep school, it's a life-prep school. In the final 2 years of high school, there will be kids who go directly into the job market for whatever reason. A percentage of these will require specific computer skills (many will need to know how to make change). It would be nice for these kids to learn the current standard (MS Office) - but it really isn't the (public) school's responsibility to provide that. For all the students younger than that, learning a specific product won't help them much, since that product won't be de riguer when they get out of high school. Of course, those that go on to college will be even more removed from the current computing environment. Teach the kids how to use a computer, how to figure out how to use a product (Contextual menus, help files, interface hints) - they can brush up on specific technologies when they're ready to get a job. It's like the complaint that schools use Macs, but Autocad isn't available on the Mac, so they need to switch to PCs - How many 6th graders are quitting school to take a job that requires Autocad skills? Is the correct solution to teach them autocad earlier?
Since OS News had this yesterday (as did Arstechnica) I've seen a number of people installed without issue. I've done 2 servers in my lab (both were up to date on all hotfixes already) and they seem fine so far. I heard rumors (fud? who knows) that some systems that were only at SP2 had problems after upgrading, but I wouldn't think that is a widespread problem right now. Test, retest then deploy
Frogs on the Run: Ãgalitarisme Ãditione
Last I checked, Wile E Coyote used to chase the Roadrunner.
Dave's not here.
Ummm, The version of the book I read had Gandalf opposed to going thor Moria. Also, it was Glorfindal that loaned Asfaloth to Frodo to get him over the Ford of Bruinen. Legolas didn't show until the council meeting. Cheers
Agreed - instead of making a filesystem that can search their proprietary formats (.doc, .xls, etc) - why not make the formats more easily searched. Put all you numbers and text (what the heck is email , afterall, but text) into text files, use your resource fork (ok, stream) for all formatting code which doesn't need searching.
Sounds like xml docs with formatting appendages (streams) would be a bit easier.
I guess Bill would lose his Office monopoly tho, if that were the case.
Nevermind