http://www.sans.org/top20.htm

A little over a year ago, the System Administration, Networking, and Security (SANS) Institute released a document summarizing the 10 most critical internet security vulnerabilities. Thousands of organizations used that list to prioritize their efforts so they could close the most dangerous holes first. The institute’s new list, released Oct. 1, has been expanded to include the top 20 vulnerabilities, each segmented into three categories: General Vulnerabilities, Windows Vulnerabilities, and Unix Vulnerabilities. “The challenge right now is that [more novice computer users] either go to a vendor, or they go to a site that’s too techie for them, so they give up,” said Alan Paller, research director at the SANS Institute. The list, compiled with the help of the FBI and more than 50 computer security experts, addresses software bugs in Unix and Microsoft Windows operating systems, as well as many common mistakes. These include using simple passwords and not backing up critical data. All-purpose fixes are available to help counter the thousands of hacking tools that scan through the internet looking for vulnerable computers. Both the list and the fixes can be found on this web site. The Top 20 scanners can be obtained for free by sending an eMail to the Center for Internet Security, using instructions found on the SANS Institute site.