Current lagtime between announcement of vulnerability and widespread distribution of exploit in kits is:
- Unix - 2 weeks
- Windows - 1 week
- VMS, Macs - not appreciable targets
World writable areas
- Allowing world write access to system or user files, outside of authorized and intended areas, through anonymous ftp, nfs export, world wide web, Windows shares, or other means.
- Allowing world read/write access to the same directory, creating a "file drop" for unauthorized users.
- IIS vulnerabilities listed weekly
- leaving example scripts enabled/online.
- Putting passwords in "clear" text in world-readable files
- Allowing arbitrary destinations in forms mail.
Denial of Service (DOS) kits and worms
Fallout of scans causing failures;
- HP printers choking on lprng exploit attack.
- IRIX inetd hangs after ISS classification scans.
- VME controller hangs after port scans