[EDIT] I just realized this was covered in the weeks' security news by xmaddness, but a lot of people may have missed it like I did. Apologies to xmaddness for reposting.

The SANS institute and the GSA have released their top 20 computer security vulnerabilities again this year. The envelope please.......

Windows
* Internet Information Services (IIS)
* Microsoft Data Access Components (MDAC) -- Remote Data Services
* Microsoft SQL Server
* NETBIOS -- Unprotected Windows Networking Shares
* Anonymous Logon -- Null Sessions
* LAN Manager Authentication -- Weak LM Hashing
* General Windows Authentication -- Accounts
* Internet Explorer
* Remote Registry Access
* Windows Scripting Host

*nix
* Remote Procedure Calls (RPC)
* Apache Web Server
* Secure Shell (SSH)
* Simple Network Management Protocol (SNMP)
* File Transfer Protocol (FTP)
* R-Services -- Trust Relationships
* Line Printer Daemon (LPD)
* Sendmail
* BIND/DNS
* Accounts with No Passwords or Weak Passwords

Analysis is at http://www.infoworld.com/articles/hn...st.xml?s=IDGNS
The list is at http://www.sans.org/top20/