SANS Top 10/10 2004 is out. Get reading!

by Anton Chuvakin

Related link: http://www.sans.org/top20/



Today is a good day to peruse SANS Institute list of "The Twenty Most Critical Internet Security Vulnerabilities" (just released). Some fun things in this Top 10/10 (Windows/UNIX-Linux) are:


  • FTP and plain text passwords are gone from the UNIX list. Has people finally stopped using them? I sure hope so...

  • Kernel is on the UNIX list. Are there any kernel remote exploits? Not to the best of my knowledge, but locals in kernel are a popular means of escalating to root.

  • Just about every Windows component and application are a threat. Surprising, isn't it (not)?