Slashdot Mirror
Linux Most Attacked Server?
Anonymous guy who can't remember his login sent in a story from the Globe And Mail that says "During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers."
Linux is favourite hacker target: Study
By JACK KAPICA
Globe and Mail Update
E-mail this Article
Print this Article
Advertisement
Linux, not Microsoft Windows, remains the most-attacked operating system, a British security company reports.
During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers, according to the report.
Just 360 -- less than 2 per cent -- of BSD Unix servers were successfully breached in August.
The data comes from the London-based mi2g Intelligence Unit, which has been collecting data on overt digital attacks since 1995 and verifying them. Its database has tracked more than 280,000 overt digital attacks and 7,900 hacker groups.
Linux remained the most attacked operating system on-line during the past year, with 51 per cent of all successful overt digital attacks.
Microsoft Windows servers belonging to governments, however, were the most attacked (51.4 per cent) followed by Linux (14.3 per cent) in August.
The economic damage from the attacks, in lost productivity and recovery costs, fell below average in August, to $707-million (U.S.).
The overall economic damage in August from overt and covert attacks as well as viruses and worms stood at an all-time high of $28.2-billion, about as much as Cmdr Taco makes per year as a male prostitute.
The Sobig and MSBlast malware that afflict Microsoft platforms contributed significantly to the record estimate.
"The proliferation of Linux within the on-line server community coupled with inadequate knowledge of how to keep that environment secure when running vulnerable third-party applications is contributing to a consistently higher proportion of compromised Linux servers," mi29 chairman D.K. Matai said.
"Microsoft deserves credit for having reduced the proportion of successful on-line hacker attacks perpetrated against Windows servers."
Okay... do the editors read the links anymore?
This clearly came from Canada's Globe and Mail newsmapaper, which is clearly has nothing in common with the British Broadcasting Company
These figures correspond almost directly to netcraft. Seems to me, more linux/apache boxes out on the net means more targets. IIS holds about 24% and apache is about 64%. DUH. Its not hard to see that there will be more attacks if there are more machines. I bet they didnt factor how many OS/2 boxes got attacked.
Statistics are dumb.
Numbers without a counting methodogy are usually worthless. We've got a small article that doesn't even name what "british security company" released the data, and a summary that somehow gets the BBC involved even though they're nowhere to be found in the story.
/. day?
Uhm... slow
Exactly.... the report would have been better if they had broken it down like this:
OS
% of Total Hacks
% of Servers running OS Hacked
Both debian and gentoo (and Red Hat) have security mailing lists that list packages/ebuilds that have been updated for security reasons. I know Debian & Red Hat's are cross-posted with Bugtraq, not sure about Gentoo's.
Finding updated packages isn't a big deal. Harder is finding what software has an announced vulnerability that hasn't been patched by it's respective distribution yet. Red Hat uptodate has the same problem, if Red Hat hasn't patched the vunerability yet you won't know about it.
Of course in the Open Source world the updates come pretty quick after the annoucement anyway, but if there were some software app that had a real old version with no maintaniner as the default it could present a problem.
You could subscribe to Secunia's free mailing list, which mails out exploit information frequently...
Payload (Hex):
/scripts/nsiislog.dll....
4745 5420 2F73 6372 6970 7473 2F6E 7369 6973 6C6F
672E 646C 6C0D 0A0D 0A
Payload (ASCII):
GET
ha ha.... making good of their rapidly shrinking server market share... oh this is classic. Those figures almost exactly match the market shares for Apache and Microsoft
news.netcraft.com
Apache 64.52% ... Microsoft 23.54%...
so just who is trying to kid who with the figures???
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
If you use Debian or Conectiva you can just use apt-get. Debian use apt-get for years and you dont have to pay a cent!
Brought to us by our friends at mi2g. I'd take this with a grain of salt.
I don't know about Linux vendors in general, but Red Hat has offered such a notification service for years. You don't even have to pay them for it, just sign up for their security mailing list. I've been getting such notifications for a long time; I probably get a dozen a week.
jim frost
jimf@frostbytes.com
Well according to netcrafts statistics, nearly 70% of all websites run Apache in comparison to around 23% running IIS. Now keep in mind that Apache CAN run on Windows (as I have an installation with PHP and MYSQL running on our companies servers as they won't let me use Linux) but this is rare and seldom the case.
All in all the stats are fairly accurate. Microsoft is not very loved as a server.
This is my sig. There are many like it but this one is mine.
All the updates security updates are free with mandrake. Just about any general linux site like linux today will tell you about all the vulns and where to get patches if you would like to do it on your own.
You don't hack into operating systems, you hack into the servers running on it. The article is dead right putting most of the blame on the sysadmins. Only two percent of bsd servers were breached but both linux and bsd run the same servers and software.
I do think the distrubters like Red Hat need to come up with a very comprehensive security program. Basically, sys admins should be able to go to there web site and not just find about what patches are available, but have all the info the need and tools to maintain and keep their systems secure without having a lot of experience with unix in general since so many are comming from windows.
---------- Open Source is capitalism applied to IP.
Read the article!
The data comes from the London-based mi2g Intelligence Unit, which has been collecting data on overt digital attacks since 1995 and verifying them. Its database has tracked more than 280,000 overt digital attacks and 7,900 hacker groups.
Maybe you didn't see this part:
"A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers."
If the only reason you pay for Red Hat Network is to get automatic updates, I strongly suggest you look at apt-get for rpm. It provides the exact same updates as up2date, only they are free. If you don't trust them you can check the digital sigs on the packages; they come unaltered from Red Hat. Optionally, it can also provide additional packages not found on the Red Hat distribution.
Apt-get doesn't explicitly notify you when updates come in, however it is trivial to write a script to automate the process of checking for updates. For the super-lazy, you can even continue to use the free version of Red Hat's up2date notification icon to alert you when updates come in, and then use apt-get to actually fetch them.
Of course, there are probably other reasons you pay for RHN, such as technical support, a desire to give back to Red Hat, etc...
Just thought I'd make sure you know about an excellent free alternative.
The preceding comments reflect the author's personal opinion and are public domain, unless explicitly stated otherwise.
No it doesn't. Tried Debian security advisories?
Sig? What sig?
It's ironic that Microsoft provides that service for free, whereas Linux requires paying money.
...."). As you see a new patch is downloaded, install your already downloaded update(s).
1. You are confusing "free as in beer" with "free as in speech".
2. It's pretty easy to set up a cron job to automatically download the patches from a mirror ("wget -m
3. Mailing lists, mailing lists. Gentoo has a mailing list for announcements that is very quiet and seems to have only security announcements. I'm sure there are others for other distros.
The real "Libtards" are the Libertarians!
Actually, MS doesn't want people talking about security holes they find in MS software:
l t. asp?url=/technet/columns/security/essays/noarch.as p
, 00 .asp
http://www.microsoft.com/technet/treeview/defau
http://www.pcworld.com/news/article/0,aid,63784
As Steve Jobs once said, "Every security scheme that is based on secrets eventually fails."
Mikey-San
Karma: +Eleventy billion (mostly affected by watching Celebrity Jeopardy)
Any information that comes out of mi2g is suspect. They have been heavily criticized by Rob Rosenburger of Vmyths, a computer security hysteria site.
You know, I did initially believe this story, despite the fact my DSL web server (thanks Earthlink for not joining the draconian-ToS mob) still logs several NIMDA and whatever-that-other-one-that-looks-the-same-is-cal led attacks every single day. The fact that Linux now has such a high market share, and the poor reputation of some of the larger Linux distribution vendors for security, coupled with the obsessive "Must...run...latest...version" attitude of many users I've noticed, made it look genuine.
Given who wrote it, I don't believe a word of it. I'm not saying it's impossible for it to be true, but I will say that if it is, mi2g have simply accidentally blurted out the right information, not that there's any reason for them to have done so.
You are not alone. This is not normal. None of this is normal.
Which servers were in the missing 10%.
Most likely Solaris (or a combination of multiple proprietary unices). But that is just a guess.
Vmyths appears to summarise the anti-mi2g camps position. Searches for mi2g on NTK and The Register, (when its search engine is working) for mi2g are as enlightening as they are amusing.
http://www.theregister.co.uk/content/55/28233.html
They suck.
You're wrong. For a single user for a single computer, you can get updates for free from RH.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Netcraf September 2003 survey says otherwise...
I am become Troll, destroyer of threads
I believe that NT variants of Windows have full event logging and such (for instance, I think there's a GUI tool similar to last, but harder to find). The hacked windows machines that send out viruses, however, are typically desktop machines and wouldn't be counted in this 'study'.
Never trust statistics that don't show a margin of error, and never trust possibly skewed sampling.
Not the BBC, from Globe News - No I hadn't ever heard of them either.
From a press release from the people at mi2g - google for it, interesting information in the SECOND entry...
Not funded by MS, this is a security consulting group of dubious integrity.
Some of my favorite quotes in reference to their press releases -
"Mathmatical Masturbation" Richard Forno (InfoWarrior.org).
"Winn Schwartau, author of Pearl Harbor Dot Com, noted that mi2g seems to be relying solely on hacks that have been publicly documented".
"Their statistics are basically worthless." Marquis Grove, editor of the Security News Portal.
"mi2g continue to drum up PR about an "Inter-fada," or holy cyber-war, that rages between Palestine & Israel."
and
"Fearmongers" Rob Rosenberger, Vmyths editor.
Read more at Vmyths.com
Acts of massive stupidity are almost never covered by warranty. --me.
The Globe and Mail is the older and generally more respected newspaper. The National Post is a recent upstart. It is generally considered much more right-wing and a bit downscale.
Free Software: Like love, it grows best when given away.
"One wonders how much mathematical masturbation takes place when analysing and generating these numbers," -- John Leyden in an article from The Register on "Why mi2g is so unpopular."
t ml
http://www.theregister.co.uk/content/55/28233.h
These results btw really are not statistically significant. The percentage of servers to proportions of attacks are essentially equal. Nothing but FUD for non stochastic minded people.
In the book Repelling the Wily Hacker there is an amusing story about a Unix box getting rooted, and the script kiddie starts typing DOS commands.
Just to give an example that it does not take a real hacker to get into a Linux box as such. Other factors are also quite important.
Go not unto/. for advice, for you will be told both yea and nay (but have nothing to do with the question)
Here you go. (and I apologize for the poorly-worded sentence in my previous post -- I just noticed that it really sucked, though it got the point across)
Acutally, 18,000 is 6.4% of 280,000. This is probably what he was getting at, but I'm not sure what he meant by 1%. You divided 280,000 by 18,000, and found that 280,000 is 15.6 of 18,000. But you should have divided 18,000 by 280,000. If you want to question the 1%, fine. But don't forget arithmetic.
... he said gently.
I don't know what their methodology was, but from looking at the results from ethereal, it's clear that there were more than 20 Windows boxes that were successfuly attacked on my broadband provider's local NAT domain alone. I doubt the proportion of clueless Windows users in this subnet is unusually high (if anything, it's likely low) so it seems very probable that many tens of thousands of windows bozes were attcked by SoBig alone.
It seems therefore extremely unlikely that only 4000-odd Windows boxes were hacked total in their study. This makes me suspect that they are playing fast and loose with their counting methods.
golgotha007 wrote:
if you have physical access to a system, the game is freaken over.
you could just tkae the drives out and mount them on a diff system...
Yes.
The one exception to that is if you have encrypted filesystems that require a security token (password, smart card, whatever) be supplied at mount time. You also must make sure there is insufficient information without that token to decrypt the data.
The downside of this setup is that this feature means that the machine (or the process with secured data) would never be able to boot unattended, so most system administrators refuse to have them in their environment.
----
Open mind, insert foot.