SANS Top 10/10 2004 is out. Get reading!
by Anton Chuvakin
Related link: http://www.sans.org/top20/
Today is a good day to peruse SANS Institute list of "The Twenty Most Critical Internet Security Vulnerabilities" (just released). Some fun things in this Top 10/10 (Windows/UNIX-Linux) are:
- FTP and plain text passwords are gone from the UNIX list. Has people finally stopped using them? I sure hope so...
- Kernel is on the UNIX list. Are there any kernel remote exploits? Not to the best of my knowledge, but locals in kernel are a popular means of escalating to root.
- Just about every Windows component and application are a threat. Surprising, isn't it (not)?