08 December 2005

Hackers turn on security systems says Sans

Sarah Hilley

Hackers are attacking security applications instead of operating systems revealed a report on the top 20 vulnerabilities this year.

The Sans top 20 report showed hackers are targeting vendor programs installed on large numbers of systems instead of Windows and UNIX.

Rohit Dhamankar, lead security architect at 3Com’s TippingPoint division said that backup software, anti-virus software, database programs and media players are the new focus.

Jerry Dixon, Director of the US-Cert said: the organisation “received reports that important system compromises using vulnerabilities in backup products” took place before the software flaws were even disclosed.

The SANs Top 20 most critical Internet security vulnerabilities:

Windows Systems:

W1. Windows Services
W2. Internet Explorer
W3. Windows Libraries
W4. Windows Office and Outlook Express
W5. File Sharing Applications
W6. Windows Configuration Weaknesses

Top Vulnerabilities in Cross-Platform Applications

C1. Backup Software
C2. Anti-virus Software
C3. PHP-based Applications
C4. Database Software
C5. DNS Software
C6. Media Players
C7. Instant Messaging Applications
C8. Web Browsers
C9. Other Cross-platform Applications

Top Vulnerabilities in UNIX Systems

U1. UNIX Configuration Weaknesses
U2. Mac OS X

Top Vulnerabilities in Networking Products

N1. Cisco IOS-based Products
N2. Cisco non-IOS Products
N3. Cisco Devices Configuration Weaknesses

Back to news index