Top 20 de vulnerabilidades em 2006

Interessante como sempre:


http://www.sans.org/top20/
http://files.sans.org/top20/top20_2006.pdf


Também muito interessante é a press release que acompanhou a divulgação da última versão. Dois excertos:

"This announcement comes in the midst of an explosion in cyber crime, driven in part by a surge in the number of online criminals in Asian countries along with continuing growth in attacks from Eastern European countries. The surge is so great that several banks have reported 400 to 500 percent increases in losses to cyber fraud from 2005 to 2006."

"Six major trends in attack patterns can be seen in the update:
1. Surge in zero-day vulnerabilities and attacks that go beyond Internet Explorer to target other Microsoft software.
2. Rapid growth in attacks exploiting vulnerabilities in ubiquitous Microsoft Office products such as PowerPoint and Excel.
3. Continuing growth in targeted attacks.
4. Evidence of much greater penetration of military and government contractor sites using spear-phishing attacks; likely heralding a spread to target other types of organizations.
5. VOIP (Voice over Internet Protocol) attacks used now to make money by reselling minutes and potentially for injection of misleading messages and even for creating massive outages in the old phone network.
6. Massive and still increasing exploits of vulnerabilities in web applications."