SANS names top hacker targets

Microsoft's IE and Office, Apple's Mac OS X and people themselves are among the Internet's weak links, the security group says.

Microsoft's Internet Explorer has been named one of the Internet's top 20 hacker targets by a leading security organization.

The SANS Institute also said Wednesday that Microsoft Office and Windows Libraries and Services are some of the most vulnerable applications available on computers today.

But Microsoft was not alone in the annual list, released Wednesday. Apple Computer's Mac OS X was also cataloged, along with "configuration weaknesses" in Unix.

The 2006 list is of the Top 20 Attack Targets, whereas previously it was named the Top 20 Internet Security Vulnerabilities. Written by members of the SANS Institute and security experts from the technology industry and government bodies, it indicates which network features could leave a company vulnerable to attack.

Rohit Dhamankar, the chief scientist at TippingPoint and a SANS member, explained some current security threat trends.

"We've seen a lot of zero-day vulnerabilities this year. The next big thing is the number of attacks on Web applications. There's also continued growth in 'spear-phishing' attacks from Asia and Eastern Europe." In spear-phishing, the attacker creates an e-mail that appears to be a corporate internal message and sends it to a specific group of people in that company, who may be lulled into opening its malicious payload.

SANS also named Web applications, peer-to-peer (P2P) file-sharing software, media players, VoIP (voice over Internet Protocol) phones and people themselves as some of the easiest targets for hackers.

Dan Ilett of reported from London.