FBIs Top 20 Security Vulnerabilities Look Familiar | eWeek

FBIs Top 20 Security Vulnerabilities Look Familiar

Écrit par
eWEEK EDITORS
eWEEK EDITORS
Oct 1, 2001
1 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

WASHINGTON — The FBI and the SANS Institute unveiled their assessment of the top 20 Internet security vulnerabilities for 2001. Most of the hacks exploit time-honored security holes.

“All are old vulnerabilities,” said SANS Director Alan Paller. “Theyre being attacked constantly.”

Security experts widely agree that the holes arent being effectively patched because system administrators are stretched too thin.

The security vulnerabilities include: USAPI extension buffer overflows, weak password protection, large number of open ports, common gateway interface programs, weaknesses in the Berkeley Internet Name Daemon program as well as holes in Sendmail, which runs most of the Nets mail systems. A full list and fixes can be found at www.sans.org/top20.htm.

“In the past, system administrators reported that they had not corrected many of these flaws because they simply did not know which vulnerabilities were most dangerous, and they were too busy to correct them all,” said the SANS survey. “Some vulnerability scanners search for 300 or 500 or even 800 vulnerabilities, thus blunting the focus system administrators need to ensure that all systems are protected against the most common attacks.”

The FBI posted a list of seven security tips to reduce break-ins (www.nipc.gov), including better password protection not leaving computers connected to the Net when not in use. As well, SANS announced it would offer a free security scanning service.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.