Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Most Attacked Server?

Posted by CmdrTaco on from the certainly-more-to-gain dept.

Anonymous guy who can't remember his login sent in a story from the Globe And Mail that says "During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers."

12 of 815 comments (clear)

  1. Canadan Newspaper != The BBC by LostCluster · · Score: 4, Informative

    Okay... do the editors read the links anymore?

    This clearly came from Canada's Globe and Mail newsmapaper, which is clearly has nothing in common with the British Broadcasting Company

  2. Corresponds with Netcraft by clustersnarf · · Score: 4, Informative

    These figures correspond almost directly to netcraft. Seems to me, more linux/apache boxes out on the net means more targets. IIS holds about 24% and apache is about 64%. DUH. Its not hard to see that there will be more attacks if there are more machines. I bet they didnt factor how many OS/2 boxes got attacked.

    Statistics are dumb.

  3. Re:Active or passive attacks? by LostCluster · · Score: 5, Informative

    Numbers without a counting methodogy are usually worthless. We've got a small article that doesn't even name what "british security company" released the data, and a summary that somehow gets the BBC involved even though they're nowhere to be found in the story.

    Uhm... slow /. day?

  4. Re:Yeah... by notsewmit · · Score: 5, Informative

    Exactly.... the report would have been better if they had broken it down like this:

    OS
    % of Total Hacks
    % of Servers running OS Hacked

  5. Re:Staying uptodate costs money... by Kevinv · · Score: 5, Informative

    Both debian and gentoo (and Red Hat) have security mailing lists that list packages/ebuilds that have been updated for security reasons. I know Debian & Red Hat's are cross-posted with Bugtraq, not sure about Gentoo's.

    Finding updated packages isn't a big deal. Harder is finding what software has an announced vulnerability that hasn't been patched by it's respective distribution yet. Red Hat uptodate has the same problem, if Red Hat hasn't patched the vunerability yet you won't know about it.

    Of course in the Open Source world the updates come pretty quick after the annoucement anyway, but if there were some software app that had a real old version with no maintaniner as the default it could present a problem.

  6. mi2g by FrostedWheat · · Score: 5, Informative

    Brought to us by our friends at mi2g. I'd take this with a grain of salt.

  7. Re:Staying uptodate costs money... by lordcorusa · · Score: 4, Informative

    If the only reason you pay for Red Hat Network is to get automatic updates, I strongly suggest you look at apt-get for rpm. It provides the exact same updates as up2date, only they are free. If you don't trust them you can check the digital sigs on the packages; they come unaltered from Red Hat. Optionally, it can also provide additional packages not found on the Red Hat distribution.

    Apt-get doesn't explicitly notify you when updates come in, however it is trivial to write a script to automate the process of checking for updates. For the super-lazy, you can even continue to use the free version of Red Hat's up2date notification icon to alert you when updates come in, and then use apt-get to actually fetch them.

    Of course, there are probably other reasons you pay for RHN, such as technical support, a desire to give back to Red Hat, etc...

    Just thought I'd make sure you know about an excellent free alternative.

    --
    The preceding comments reflect the author's personal opinion and are public domain, unless explicitly stated otherwise.
  8. Re:Staying uptodate costs money... by trickycamel · · Score: 4, Informative

    It's ironic that Microsoft provides that service for free, whereas Linux requires paying money.
    No it doesn't. Tried Debian security advisories?
    --
    Sig? What sig?
  9. mi2g - computer security hysteria specialists by tagishsimon · · Score: 5, Informative
    mi2g - authors of the report being discussed, are the single most dissed security company I know of. They're derided by such a long list of organisations, that one might wonder if there's any point giving their work houseroom. They certainly appear to be PR whores, and, bless' em, good at this part of their job.

    Vmyths appears to summarise the anti-mi2g camps position. Searches for mi2g on NTK and The Register, (when its search engine is working) for mi2g are as enlightening as they are amusing.

  10. Re:Hmm... by SillySlashdotName · · Score: 5, Informative

    Not the BBC, from Globe News - No I hadn't ever heard of them either.

    From a press release from the people at mi2g - google for it, interesting information in the SECOND entry...

    Not funded by MS, this is a security consulting group of dubious integrity.

    Some of my favorite quotes in reference to their press releases -

    "Mathmatical Masturbation" Richard Forno (InfoWarrior.org).

    "Winn Schwartau, author of Pearl Harbor Dot Com, noted that mi2g seems to be relying solely on hacks that have been publicly documented".

    "Their statistics are basically worthless." Marquis Grove, editor of the Security News Portal.

    "mi2g continue to drum up PR about an "Inter-fada," or holy cyber-war, that rages between Palestine & Israel."

    and

    "Fearmongers" Rob Rosenberger, Vmyths editor.

    Read more at Vmyths.com

    --
    Acts of massive stupidity are almost never covered by warranty. --me.
  11. Globe and Mail by Stephen+Samuel · · Score: 4, Informative
    The Globe and Mail is one of Canada's two national newspapers. It's national competition is the The National Post.

    The Globe and Mail is the older and generally more respected newspaper. The National Post is a recent upstart. It is generally considered much more right-wing and a bit downscale.

    --
    Free Software: Like love, it grows best when given away.
  12. Re:Help me with the math here by Anonymous Coward · · Score: 4, Informative

    These results btw really are not statistically significant. The percentage of servers to proportions of attacks are essentially equal. Nothing but FUD for non stochastic minded people.