Re: [SLE] 20 Most Critical Internet Security Vulnerabilities

alan_at_ibgames.com
Date: 10/10/04

  • Next message: Johan Nielsen: "Re: [SLE] Locking Down NIC Speed" 
    To: SuSE-Discussion <suse-linux-e@suse.com>
Date: Sun, 10 Oct 2004 09:26:38 +0100

    On 9 Oct 2004 at 17:15, doc wrote:

    Date sent: Sat, 09 Oct 2004 17:15:47 -0400
    From: doc <kd4e@verizon.net>
    Send reply to: kd4e@verizon.net
    To: SuSE-Discussion <suse-linux-e@suse.com>
    Subject: [SLE] 20 Most Critical Internet Security Vulnerabilities

    > The new 20 Most Critical Internet Security Vulnerabilities updated
    > list just came out: http://www.sans.org/top20/
    >
    > I was shocked to read the following on another list:
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    > "Big suprise that BIND is at the top of the UNIX list :P They even
    > mentioned it by name unlike the horrible sendmail which they just lumped
    > in with the other buggy mail programs. This proves once again that
    > absolutely ANY DNS server is better than BIND. Even Microsoft's."
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    >
    > Are Sendmail and BIND as bad as he implies or do I take this
    > as the grumblings of an uninformed person?
    >
    > Or is it just a matter of vulnerability only if one does not
    > take proper care in the configuration phase?
    >
    > I find it hard to believe that anything MS produces may be
    > secured to a superior level of a UNix/Linux app.

    Note that these are the top ten security vulnerablilities for -each- of
    Windows and Unix. Presenting it this way makes it look like their
    equal, but if the presentation was a single list of the top 20 then I
    suspect some of the Unix ones wouldn't be in the list at all, and also
    that most of the ones still in it would be in the lower half.

    Also, I suspect there is a problem in that mis-confiugation and program
    bugs are mixed in together. While the results may be the same, the
    causes and solutions to each problem are vastly different.

    Alan Lenton 

    -- 
http://www.ibgames.net/alan
Registered Linux user #6822  http://counter.li.org
Winding Down - Weekly Tech Newsletter - subscribe at
http://www.ibgames.net/alan/winding/mailing.html
-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
  • Next message: Johan Nielsen: "Re: [SLE] Locking Down NIC Speed"

    Relevant Pages

    • Re: Newb questions
      ... >> you must also realize that BIND and sendmail are very old. ... Bill Vermillion - bv @ wjv. ...
      (comp.unix.bsd.freebsd.misc)
    • Re: About DNS (BIND) with Database
      ... YEP, and it is VERY OLD HISTORY, but it goes back 3 years. ... So what's your gripe about security vulnerabilities in BIND since early 2001? ...
      (freebsd-isp)
    • [Full-Disclosure] Fw: Bind 8 bug experience
      ... The ISC site is pretty messed up too: ... BIND 8.3.3 is the latest version of ISC BIND 8. ... that you upgrade to BIND 9.2.1 or, if that is not immediately possible, ... to BIND 8.3.2 due to certain security vulnerabilities in previous ...
      (Full-Disclosure)
    • Re: "Security Scans"
      ... > security vulnerabilities. ... I would suspect most of these places also sell ... They all say I need to get a firewall ... What ever happened to hacking ...
      (comp.security.firewalls)
    • Re: Crashing Unix
      ... > I am a newcomer to Unix and only have very limited knowledge and experience ... > I am being taught Unix at University and during one lecture, ... Don't like going to school where you do, and are looking to change schools ... go out of their way to share security vulnerabilities in this situation, ...
      (comp.security.unix)