May 02, 2005
SANS Institute updates top vulnerability list, includes Apple, CA, Symantec, Oracle

Kicking off the month of May, SANS Institute this morning issued a quarterly update to its Top 20 Internet Security Vulnerabilities list, and added more than 600 new threats found in the first quarter of 2005.

Microsoft, naturally, was a popular target. SANS also found flaws in products sold by Computer Associates, Oracle and even Apple. From CA, SANS said products running the company's License Manager are subject to a buffer overflow. Oracle's database, app server, e-business and collaboration suites all have vulnerabilities through which a hacker could gain control of databases and access information.

RealPlayer, WinAMP and iTunes also have holes. Apparently the fans lining up outside Apple stores on Friday night to buy the Tiger release of MAC OS X, as my colleague Jack McCarthy blogged about on Saturday, are not the only ones interested in Apple's products. Users of these apps could be infected by visiting a site someone packed with malicious code, SANS said.

Another place where security is likely to be a hot topic is the re-christened NetWorld+Interop conference, now known simply as Interop. Con artist Frank Abagnale offers up 14 tips to help avoid identity theft.