Sunday, October 22, 2017
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
DVDFab Debuts 4K Ultra HD Copy Software
Razer Unveils New Broadcasting Camera and Microphone
Microsoft's Cortana Gets Into Smart Speakers Market With Harman Kardon Invoke
Samsung, LG Electronics are Lagging in Autonomous Car Race
TSMC Raises Forecasts for 2017 Due to 10nm Demand, Outlines 7 and 5nm Roadmap
Samsung Said to Have Placed Huge EUV Equipment Order From ASML
Samsung Launches the Ruggedized Galaxy Tab Active2 for Business
Intel Capital Announces $60 million of New Investments in Data-Focused Startups
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Top 20 ...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, October 11, 2004
Top 20 computer threats unveiled


The yearly hit parade of hackers' favourite security vulnerabilities has been published.

Issued by the respected Sans Institute, the Top 20 list helps organisations find out if they are closing the most commonly exploited loopholes.

With more than 2,500 software vulnerabilities found every year many organisations need help to know which ones to tackle first.

The list includes loopholes found in both Windows and Unix/Linux software.

Big hitter
"It's a first things first list," said Alan Paller, head of the Sans Institute, a non-profit group which trains and certifies computer security professionals.

"It can be very helpful for people that are trying to fix their vulnerabilities."

He told BBC News Online that it was the list of the vulnerabilities hackers were attacking now.

Each entry in the Top 20 mentions a category of software and the accompanying report fleshes out individual vulnerabilities and what organisations can do to close these holes.

Almost 60% of the loopholes listed this year were in the 2003 Top 20 list. Mr Paller said this was because only half of all organisations bother to patch their systems.

"These vulnerabilities are like little diseases that you cannot wipe out if 50% of people do not have the vaccine," he said.

Mr Paller said we will only see significant changes in the Top 20 when organisations get to the point of finding and fixing vulnerabilities automatically.

Shrinking holes
Gerhard Eschelbeck who studies vulnerabilities for online security firm Qualys said: "It gives people a benchmark to measure themselves against."

He said that better information about vulnerabilities popular with the virus writing and hacking communities can help organisations protect themselves.

"The underground knows this data very well," he said. "We want to level the playing field here between the guys that have the data and the bad intentions and the people that need to know about this so they can do their job effectively."

Mr Eschelbeck's work on vulnerabilities shows that every 21 days, on average, the number of web-facing systems vulnerable to a particular loophole shrinks by 50% as people patch machines.

For internal machines, such as the PCs on workers' desktops, the number shrinks 50% every 62 days.

This difference, said Mr Eschelbeck, comes about because of the sheer number of PCs have on desktops and the time it takes to scan them and see which vulnerabilities they are hosting.

TOP 10 WINDOWS TOP 10 UNIX/LINUX
  1. Web servers & services
  2. Workstation service
  3. Windows remote access services
  4. Microsoft SQL server
  5. Windows authentication
  6. Web browsers
  7. File-sharing applications
  8. LSAS
  9. E-mail programs
  10. Instant messaging
  1. Bind domain name system
  2. Web server
  3. Authentication
  4. Version control systems
  5. Mail transport services
  6. Simple Network Management Protocol (SNMP)
  7. Open secure sockets layer (SSL)
  8. Misconfiguration of enterprise services
  9. Databases
  10. Kernel

From BBC News



Previous
Next
Half-Life 2 goes on sale online        All News        16X Writers Roundup with Verbatim 16X DVD+R media, updated...
Hollywood takes P2P case to Supreme Court     General Computing News      BenQ Joybee 125, Convenient access to data

Source Link Get RSS feed Easy Print E-Mail this Message

Related News
Free CCleaner Software Compromised to Open Back-door to Million of PCs
Millions Time Warner Cable Records Exposed, Instagram Security Bug Fixed
HBO Offered $250,000 to Hackers
Hackers Attacked U.K. Parliament
WikiLeaks Says 'Athena' CIA Spying Program Targets All Versions of Windows
Hackers Demonstrate VM Escapes In Pwn2Own 2017 Hacking Contest
U.S.Navy Disclosed Security Breach In Its Systems
Hackers Probed Voting Systems, U.S. Says
Hackers Accesssed Customer Credit Card Data From Acer Store
Mark Zuckerberg's Social Media Accounts Were Hacked
Hackers Steal, Sell Verizon Enterprise Customer Data
U.S IRS Discovers More Data Had Leaked In Last Year's Cyberattack

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2017 - All rights reserved -
Privacy policy - Contact Us .