The US Department of Justice, the FBI and leading US think-tank the System Administration, Networking and Security Institute, have released a list of the top 10 critical Internet security threats and how to deal with them.
"A few software vulnerabilities account for the majority of successful attacks as the attackers are opportunistic," the report said. "They count on organisations not fixing the problem, and they often attack indiscriminately by scanning the Internet for vulnerable systems."
The institute pans system administrators for claiming to be too busy to correct simple vulnerabilities.
The list "represents an unprecedented example of active co-operation among industry, government and academia," according to the document. It listed holes in Unix, Linux, and Microsoft systems as well as with domain name software, and offered clear advice about fixing problems.
The institute has also listed the top-five security blunders committed by the average computer user. Top of the list is opening unsolicited e-mail attachments, followed by the failure to install security patches, installing screen savers and games, not making and testing back-ups and using a modem while connected to a local area network.