Do you like our spider?  Nature photography by Drake Environmental

Sunday, June 25, 2017
  Login
  Our sponsors
  Top Forum Posts
Bogus Electronic Greeting Cards by DavidGray
What Is It? For almost a year, we ...
Router password vulnerability on most routers by LeeDrake
What it is Happy 2008!  And t...
Critical RealPlayer Update Available by DavidGray
What Is It? A remote code executio...
A Word of Caution About Social Networking Web Sites by DavidGray
What Is It? Social networking Web ...
Microsoft Releases Critical Updates for Office 2000 and Office 2004 for the Apple Macintosh by DavidGray
What Is It? Just as all the kids a...
Critical Vulnerabilities in Adobe (Macromedia ) Flash Player by DavidGray
What Is It? Adobe, which now owns ...
Trojan disguises itself as greeting card by LeeDrake
What it is You may have noticed gr...
Critical Updates for Apple Macintosh OS X by DavidGray
What Is It? Apple Computer, Inc.&n...
Critical Update for Animated Cursor Vulnerability in Microsoft Windows by DavidGray
What Is It? There is an unchecked...
DST Adjustments for All Windows Computers by DavidGray
DST Adjustments for All Windows Com...
Click here to visit OS-Cubed, Inc.
Viruswarn banner
  The new improved Viruswarn.com

Welcome to the new, improved viruswarn.com.  While we're just starting to get the site back up and running, we have some exciting new capabilities.  For the first time the forums for Viruswarn will be integrated directly into the website, rather than hosted at www.leedrake.com.  You will be able to interact with the authors and participate in online discussions.

In addition, we plan to syndicate our blogs, and all our forum content so that you can easily reproduce it on your own site, or add it to your site's main web page.  This syndication capability will make us your source for virus and security warning info.

Once you've registered and logged in you'll have access to exclusive members-only content.

  Infected? Dance the tango!
Dance the Security Tango
  Register or Login


Forgot Password ?
  Recent Viruswarn posts
  Sign up for Viruswarning   

If you don't already receive the viruswarning emails you may login and register for the site and send us a request.  Once you login you'll see the request form here on the home page.  You must register for the site (which gives you full access to the forums) AND also register for the viruswarn mailing list.  If you sign up for the site without signing up for the mailing list - you will not receive the viruswarning notices in your email.

You may always unsubscribe, or change your email from this page as well.

  CERT Alerts
  Top 20 vulnerabilities updated
Location: BlogsLee's Blog    
Posted by: Lee Drake 11/17/2006

SANS released their list of the top 20 security vulnerabilies this month.  There are a few items of note on it:

  • The list has been broken up into these broad categories:
    • Operating systems
    • Cross-platform applications
    • Network Devices
    • Security Policy and personnel
    • Special Section on Zero day attacks and prevention
  • Under OS Microsoft lead the way with the first 5 categories (Internet explorer, windows libraries, MS Office, Windows Services, and Windows configuration weaknesses).  Max and Unix also had a category each.
  • Under cross platform apps SNAS listed web apps, databases, file sharing, instant messaging, media players, dns servers, backup software and security enterprise and directory servers.
  • Under Network devices VOIP phones got their own category, as well as a "general net devices" subtopic for routers, firewalls and security appliances.
  • Under security policies they listed Excessive user rights, unauthorized devices, and Phishing.
  • The zero day attack section was specifically about attacks that happen the same day the vulnerability is revealed - giving vendors and security personnel little or no time to respond.

The conclusions we can draw here are pretty wide - however to summarize a bit:

  • Every application, operating system, browser, service and appliance on your network could potentially be exploited - you need to keep them all patched up to date.
  • Although windows attack surfaces are the broadest due to installed base - there are vulnerabilities in every vendor's product across the board - don't get complacent about security.
  • "fooling the user" tactics such as phishing have become much more prevalently used to attack people's machines and information.
  • There is some great advice within the SANS article for each of these vulnerabilities and how to reduce your attack surface and avoid an attack directed at one of these targets.  It's well worth your time to read the recommendations at the end of each section and ask yourself if you're currently following those recommendations.

 

Copyright ©2006 Lee Drake
Permalink |  Trackback

Your name:
Title:
Comment:
Add Comment   Cancel 
Copyright 2006 by OS-Cubed, Inc.   Terms Of Use  Privacy Statement