Country Sites | Professional Products | Careers | About Reuters
HOME NEWS MARKETS QUOTES
SEARCH Symbol Company Keyword
Top News
World
Business
Internet
Technology
Science
Sports
Entertainment
Oddly Enough
Politics
Health
 
Click Here To View
Reuters Technology
Photo Gallery
MSFT.O
MICROSOFT CP
Last Change
43.77 -0.94
 
Feds Release 'Top 20' Cybersecurity Holes
October 02, 2002 03:47 PM ET
Email this article Printer friendly version Purchase for Reprint
 

By Andy Sullivan

WASHINGTON (Reuters) - In a bid to plug its leaky computer systems, the U.S. government released a list of top cybersecurity holes on Wednesday and unveiled a system to help government techies find and patch them.

Two weeks after the White House released its much-criticized plan to boost computer security, cybersecurity czar Richard Clarke urged federal administrators to fortify their computer systems against online attacks before they took place.

"Look at your systems the way an attacker would look at them," Clarke said.

To that end, three government agencies and the private SANS Institute released a list of the 20 most common security vulnerabilities, divided evenly between Microsoft Corp's MSFT.O Windows operating system and Unix, the operating system which underpins many powerful network computers.

Some of the listed security holes, such as a default setting in Microsoft's SQL Server database software that leaves passwords blank, are new to the list.

Many others have been known for years, but remain hacker favorites because system administrators do not keep up with software fixes, or "patches," from the manufacturer, said SANS Institute's Allan Paller.

The General Services Administration, which provides support to other government agencies, soon will provide a service that will allow administrators to scan their systems for vulnerabilities and determine what patches are needed, a GSA official said.

Clarke's comprehensive cybersecurity plan, released for public comment two weeks ago, calls on Internet users and private businesses to voluntarily improve their cyberdefenses.

Security experts have criticized the plan because it imposes no requirements on the private sector, even as they praised Clarke's determination to improve the federal government's inconsistent cyberdefenses.

A congressional cybersecurity report last year gave failing grades to two-thirds of all federal agencies, including the Defense, Justice, Commerce and Treasury departments.

But improvement is possible, Paller said. NASA was able to reduce the number of successful intrusions from one out of ten to roughly one out of 200 over a two-year period by encouraging friendly competition among network administrators, he said.

"The federal government is going to do better in security," Clarke said. "We are going to walk the talk."


Email this article Printer friendly version Purchase for Reprint
Today's Technology News
Game Console Makers Look to Software This Season Tech Wreck Fails to Dull Nasdaq Long-Term Glitter
Consumers Challenge Spread of Biotech Food Internet, Music Firms Face Off in Court
Greenville, S.C. Tops Cell Phone Survey Great 3G Telecoms Wait Looks Set to Continue
Battered Network Gear Makers Seen Facing New Slump FCC Staff Opposed to Echostar-DirecTV Deal -Sources
Lawmakers Tout Digital-Media Consumer Rights Afghanistan Licenses Second GSM Network
Additional Articles >
Disclaimer | Copyright | Privacy | Contact Us | Corrections