*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*
{ Sila lawat Laman Hizbi-Net - http://www.hizbi.net }
{ Hantarkan mesej anda ke: [EMAIL PROTECTED] }
{ Iklan barangan? Hantarkan ke [EMAIL PROTECTED] }
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*
PAS : KE ARAH PEMERINTAHAN ISLAM YANG ADIL
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Assalamualaikum,
Senarai 10 masalah keselamatan internet.
Mungkin agak teknikal, bagi Haris
semua orang berhak tahu dan belajar.
http://www.sans.org/topten.htm
http://www.sans.org/topten.htm
http://www.sans.org/topten.htm
Wassalam.
: )
-------- Original Message --------
Subject: FWD: ZDNet: News: Hackers' favorite security holes revealed
Date: Fri, 2 Jun 2000 10:07:27 -0400 (EDT)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
This message was forwarded to you from ZDNet (http://www.zdnet.com) by
[EMAIL PROTECTED]
Comment from sender:
It's the 10 Most Wanted of cybersecurity.
On Thursday, the System Administration, Networking and Security (SANS)
Institute published a list of exploits most often used to gain illegal
access to network servers.
The group hopes its "Ten Most Critical Internet Security Threats" list
will help system administrators close the door on easy access to their
servers by the Internet's equivalent of petty thieves and vandals.
(See: Infographic -- Net's most wanted.)
"Many of the vulnerabilities on that list are well-known
vulnerabilities that everyone knows about," said Sean Hernan, team
leader for vulnerability handling at the Computer Emergency Response
Team (CERT) Coordination Center at Carnegie Mellon University and one
of more than 40 contributors to the report.
By closing those holes, he said, companies "are
protecting themselves against the largest number of intruders on the
Internet, but also the least sophisticated -- what we call
ankle-biters."
The SANS Institute started soliciting input from security experts in
February, following the distributed denial-of-service attacks that
downed more than eight major Web sites in a week. (See: Special report
-- Web under attack.)
The entries on the list are the results of a consensus between almost
50 experts from companies, universities, and such government agencies
as the National Security Agency and the Department of Defense. It is
intended to give system administrators looking to secure their systems
a place to start.
"There are a lot of system administrators out there that are aware
that security holes exist in their systems," said Jim Magadych,
security research manager with Network Associates (Nasdaq: NETA) and a
contributor to the report, "but they see the alerts coming out daily
and are overwhelmed by sheer numbers."
The Top-10 list gives administrators a set of priorities, said Alan
Paller, director of research for the SANS Institute.
"This is probably 70 percent of the attacks occurring on the
Internet," he said. "Even though (the list represents) 10 out of a
large number of exploits, it's the majority of attacks." Each exploit
on the list is followed by a description about how to close the
security hole.
Once a system administrator has fixed these 10, however, the job is
not over, continued Paller. "As soon as the first large organization
has fixed the first 10, we will release the next 10," he said.
BIND is No. 1
Taking the No. 1 spot, a popular Internet service known as the
Berkeley Internet Name Domain, or BIND, service is believed to have
vulnerabilities that affect more than half of its installations.
Common gateway interface, or CGI, scripts designed to add
interactivity to Web sites took the No. 2 position. In many Web
servers, default installation of example CGI scripts leave servers
open to exploitation.
The third most popular exploit takes advantage of functions called
remote procedure calls, which allow one computer to execute programs
on a second computer. The successful attack on U.S. military systems
during the Solar Sunrise incident exploited the RPC vulnerabilities on
hundreds of military servers. Security flaws in mail services,
Microsoft's (Nasdaq: MSFT) Web software, and several others --
including administrators who forget to change their password or pick
easily cracked passwords -- rounded out the top 10 list.
The list may become even more important in the future, said SANS's
Paller, who believes that it may become a standard yardstick to
measure whether a company is taking security seriously.
One example: Insurance rates may be set by whether a company has
closed all the holes in the list.
"The insurance industry may use this list as a foundation for whether
the company can be insured," he said.
Such economic impact could move security from being an afterthought to
a high priority.
--
Senarai kumpulan sokongan komputer dan internet.
Hantarkan email kosong kepada [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
http://www.portalsinc.com/hafnie
( Iklan - Email percuma di http://ikhlas.com )
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
( Melanggan ? To : [EMAIL PROTECTED] pada body : SUBSCRIBE HIZB)
( Berhenti ? To : [EMAIL PROTECTED] pada body: UNSUBSCRIBE HIZB)
( Segala pendapat yang dikemukakan tidak menggambarkan )
( pandangan rasmi & bukan tanggungjawab HIZBI-Net )
( Bermasalah? Sila hubungi [EMAIL PROTECTED] )
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pengirim: "Harisfazillah Jamel" <[EMAIL PROTECTED]>
