RE: Ten least secure programs

["Mark McConnell" <mmcconnell () ctiusa com>]

Leave out the OS? Windows (any rev) is easily number 1 ;)

How about Internet Explorer?  Easily number 2 or 3.

-----Original Message-----
From: Chris Berry [mailto:compjma () hotmail com] 
Sent: Saturday, June 28, 2003 6:09 PM
To: oclug () oclug org; windows2000 () freelists org; security-basics () securityfocus com
Subject: Ten least secure programs

I'm putting together a list of what seem to be the ten least secure computer 
items in use today with the idea of having a set of things to recommend 
AGAINST people using, probably to be posted on the IT room door with a note 
like "NO, you cannot use the following!!".  Here is what I have so far, I'm 
looking for additions and comments.  The list is in order from with the 
worst offender being number one.  These should be products whose inheirent 
design is flawed, not that are just difficult to secure.  I expect vigorous 
discussion. *putting on flame retardent garments*  Oh, and leave Operating 
systems out of this one.

1) Microsoft Outlook
2) Telnet
3) Sendmail
4) IIS Server
5) Wireless networking
6) PHP
7) ?
8) ?
9) ?
10) ?

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Within every man beats a heart of darkness." --The Shadow

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.493 / Virus Database: 292 - Release Date: 6/25/2003
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.493 / Virus Database: 292 - Release Date: 6/25/2003
 

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------