[ Thanks to George
Mitchell for this link. ]
“The majority of successful attacks on computer systems via
the Internet can be traced to exploitation of one of a small number
of security flaws. Most of the systems compromised in the
Solar Sunrise Pentagon hacking incident were attacked through a
single vulnerability. A related flaw was exploited to break into
many of the computers later used in massive distributed denial of
service attacks. Recent compromises of Windows NT-based web servers
are typically traced to entry via a well-known vulnerability.
Another vulnerability is widely thought to be the means used to
compromise more than 30,000 Linux systems.”
“System administrators report that they have not corrected
these flaws because they simply do not know which of over 500
potential problems are the ones that are most dangerous, and they
are too busy to correct them all.”
“The information security community is meeting this problem head
on by identifying the most critical Internet security problem areas
– the clusters of vulnerabilities that system administrators need
to eliminate immediately. This consensus Top Ten list represents an
unprecedented example of active cooperation among industry,
government, and academia. The participants came together from the
most security-conscious federal agencies, from the leading security
software vendors and consulting firms, from the top
university-based security programs, and from CERT/CC and the SANS
Institute. A complete list of participants may be found at the end
of this article. Here is the experts’ list of the Ten Most Often
Exploited Internet Security Flaws along with the actions needed to
rid your systems of these vulnerabilities.”