Security Basics mailing list archives
Re: Ten least secure programs
From: "Chris Berry" <compjma () hotmail com>
Date: Mon, 30 Jun 2003 15:58:30 -0700
From: John Horn <jhorn1 () security ci tucson az us> Hmmm... Well, I think you should re-arrange the list in order of severity with the most unsecure programs at the top. Done this way, the top few would be some arrangement of MS-Word, MS-Excel, ActiveX, Outlook (various versions), MS-IE, IIS and SQL-Server. Telnet, Sendmail, FTP and their ilk would have to come further down the list.
I've since added rsh and activeX. MS word and excel are vulnerable to macro viruses but that's pretty much taken care of by using a decent virus scanner nowadays, so I didn't feel they qualified for top ten. IE didn't seem to be that much worse than any of the other browsers (except opera), and is pretty easy to secure by locking down the settings. The only big SQL-Server one I've heard of is Slammer, which is supposedly fixed now.
Chris Berry compjma () hotmail com Systems Administrator JM Associates "Encrypt everything, and ask questions later." _________________________________________________________________STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
--------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Current thread:
- Re: Ten least secure programs Patrick Boucher (Jul 02)
- <Possible follow-ups>
- RE: Ten least secure programs Paul Kurczaba (Jul 02)
- Re: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Roger A. Grimes (Jul 02)
- Re: Ten least secure programs compguruman (Jul 02)
- Re: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Richard Bennett (Jul 02)
- Re: Ten least secure programs Mitch Pirtle (Jul 02)
- Re: Ten least secure programs vh (Jul 02)
- RE: Ten least secure programs Depp, Dennis M. (Jul 02)
- RE: Ten least secure programs Chris Alliey (Jul 02)
- RE: Ten least secure programs Graham, Randy (RAW) (Jul 02)
- RE: Ten least secure programs Chris Berry (Jul 02)
- Re: Ten least secure programs Dan Duplito (Jul 02)
- Re: Ten least secure programs Vic Parat (NSS) (Jul 02)
(Thread continues...)