SANS, short for SysAdmin, Audit, Network, Security Institute, released their Top 20 hacks list about a week ago.
Why did I wait a week to tell you about this?
Well, I am curious about something the noted by the Red Herring in their article about the SANS list. If, according to Symantec, it truly takes roughly “six days between the time a vulnerability is discovered and the moment when hackers develop viruses and worms to exploit it,” then are any of the listed vulnerabilities being exploited as we speak?
Personally, I suspect vulnerabilities are exploited at a faster pace, sometimes even before the “good guys” have discovered them, and Symantec is just trying to hedge.
If anyone knows of an exploit in progress related to the SANS list, whether by virus, spying, a website hack, or some other malicious method, please let me know (including the whens and wheres).