A Yuletide Apocalypse

As a friend of my Dad’s said, “I guess we’re not in Kansas anymore.”
(italics are mine)

SANS Top 20 Vulnerabilities - The Experts Consensus:

WASHINGTON, DC. — The SANS Institute today announced updates to the Top 20 Internet Security Vulnerabilities. The 2006 Spring Update enables cyber security professionals to tune their defensive systems to reflect the most important new vulnerabilities that attackers are exploiting to take over computers and steal sensitive or valuable information.

Eight major trends are listed in the update:

1. Rapid growth in critical vulnerabilities being discovered in Mac OS/X including a zero-day vulnerability (OS/X still remains safer than Windows, but its reputation for offering a bullet-proof alternative to Windows is in tatters.)
2. Substantial decline in the number of critical vulnerabilities in Windows Services, offset by flaws in client-side software, including the WMF vulnerability and Internet Explorer flaws, listed in Trend #3.
3. Continuing discovery of multiple zero-day vulnerabilities in Internet Explorer.
4. Rapid growth in critical Firefox and Mozilla vulnerabilities.
5. Surge in commodity zero-day attacks used to infiltrate systems for profit motives.
6. Rapid growth in three types of critical vulnerabilities allowing direct access to databases, data warehouses, and backup data (Oracle, Veritas Back-Up and SQL Injection attacks).
7. A continuing surge in file-based attacks, especially using media and image files, Microsoft Excel files, and more.
8. A rapidly spreading scourge of successful spear-phishing attacks, especially among defense and nuclear energy sites.