The Twenty Most Critical Internet Security Vulnerabilities (Updated)

Discussion in 'other security issues & news' started by gerardwil, Oct 8, 2004.

Thread Status:
Not open for further replies.
  1. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    The SANS Top-20 is a living document. It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. We will update the list and the instructions as more critical threats and more current or convenient methods of protection are identified, and we welcome your input along the way. This is a community consensus document -- your experience in fighting attackers and in eliminating the vulnerabilities can help others who come after you.

    http://www.sans.org/top20/
     
  2. Marja

    Marja Honestly, I'm not a bot!!

    Joined:
    Mar 8, 2004
    Posts:
    4,553
    Location:
    In the Vast Fields of My Mind
    Thanks for the link, Gerard!

    There are a couple of strange things my puter does since SP2. Now, I can have some fun checking these tools out! :D





    Cheers!

    Marja:cool:
     
  3. Firefoxguy

    Firefoxguy Guest

    Nice article about the weaknesses of IE compared to other browsers

    "The problems are six-fold:

    1. Large Number of vulnerabilities over the last few years in comparison to other browsers - 153 IE vulnerabilities since April 2001, according to the Security Focus Archive .
    2. Longer Time to patch known IE vulnerabilities - Users have had to wait in excess of six months from the time the vulnerability is disclosed before Microsoft issues a patch.
    3. Active X and Active Scripting controls themselves have not been found to be open to particular exploitation, but can be used to bypass the security constructs of the browser and potentially impact upon the host system.
    4. Large number of unpatched vulnerabilities - 34, according to http://umbrella.name/originalvuln/msie/
    5. Spyware/Adware vulnerabilities - This affects all browsers and systems that facilitate access and use of web resources.
    6. Integration of IE browser into the Operating System, which makes the OS more vulnerable to exploitation.
    "

    Minor inaccuracy about Firefox not having auto-updating tools though.
     
  4. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    I don 't like this top 20. It's not a top 20 after all, there are dozens of vulnerabilities categorized under 10 Windows and 10 Unix/linux items. That's it. Not even managers can use it. It doesn't state the impact and doesn't compare the risks. Based on this selection you can't say if one or the other os is more secure.

    A complete waste of time :'(
     
  5. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Thanks for the link Gerard
     
Loading...
Thread Status:
Not open for further replies.