Re: The Critical Investing Workshop
Have you read this?
The Top 10 Computer Security Flaws
An Alphabet Soup of Back Doors for Hackers
By David Noack
The SANS Institute, a cooperative of computer security experts, believe that most hackers use a small number of weaknesses to probe, enter and damage computers and systems.
A report released Thursday details the 10 security weaknesses experts believe are most commonly used.
They are:
1. BIND weaknesses: The Berkeley Internet Name Domain package is the most widely used implementation of Domain Name Service (DNS) -- the critical means by which we all locate systems on the Internet by name without having to know specific IP addresses -- and this makes it a favorite target for attack.
2. Vulnerable CGI: Common Gateway Interface programs and application extensions installed on Web servers provide interactivity between Web pages, such as data collection and verification. Many Web servers come with sample CGI programs installed by default. Unfortunately, many CGI programmers fail to consider ways in which their programs may be misused or subverted to execute malicious commands.
3. RPC: Remote Procedure Call weaknesses allow immediate root compromises. RPCs allow programs on one computer to execute programs on a second computer. They are widely used to access network services such as shared files.
4. RDS security hole: The Remote Data Services in the Microsoft Internet Information Server (IIS) -- the Web server software found on most Web sites deployed on Microsoft Windows NT and Windows 2000 servers -- has programming flaws. The flaws in IIS' RDS are being employed by malicious users to run remote commands with administrator privileges.
5. Sendmail buffer overflow: Sendmail is the program that sends, receives, and forwards most e-mail processed on UNIX and Linux computers. Weaknesses in its buffer overflow allow immediate root compromise, and Sendmail's widespread use on the Internet makes it a prime target of attackers. Several flaws have been found over the years.
6. Sadmind and mountd: Sadmind allows remote administration access to Solaris computer systems, providing graphical access to system administration functions. Mountd controls and arbitrates access to Network File System (NFS) mounts on UNIX hosts. Buffer overflows in these applications can be exploited, allowing attackers to gain control with root access.
7. File, information sharing: Services that allow file sharing over networks, when improperly configured, can expose critical system files or give full-file system access to any hostile party connected to the network. Cited is global file sharing and inappropriate information sharing via NFS and Windows NT ports 135 to 139 (445 in Windows2000) or UNIX NFS exports on port 2049. Also listed is Appletalk over IP with Macintosh file sharing enabled.
8. User IDs: These can be a problem, especially if root/administrator with no passwords or weak passwords. Some systems come with "demo" or "guest" accounts with no passwords or with widely known default passwords. Service workers often leave maintenance accounts with no passwords, and some database management systems install administration accounts with default passwords. In addition, busy system administrators often select system passwords that are easily guessable ("love," "money," "wizard" are common) or just use a blank password. Default passwords provide effortless access for attackers.
9. IMAP and POP buffer overflow: Vulnerabilities or incorrect configuration in these protocols makes them a target for exploitation. IMAP and POP are popular remote access mail protocols, allowing users to access their e-mail accounts from internal and external networks. The "open access" nature of these services makes them especially vulnerable because openings are frequently left in firewalls to allow for external e-mail access.
10. Default SNMP community strings: Simple Network Management Protocol is widely used by network administrators to monitor and administer all types of network-connected devices ranging from routers to printers to computers. SNMP uses an unencrypted "community string" as its only authentication mechanism -- and the vast majority of SNMP devices use "public" as the default community string. A few "clever" network equipment vendors have changed the string to "private."
I think the above list will provide some interesting possibilities in the near future. |
