Linux Most Attacked Server?

← Back to Stories (view on slashdot.org)

Posted by CmdrTaco on Thursday September 11, 2003 @08:07AM from the certainly-more-to-gain dept.

Anonymous guy who can't remember his login sent in a story from the Globe And Mail that says "During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers."

6 of 815 comments (clear)

Min score:

Reason:

Sort:

Re:Active or passive attacks? by LostCluster · 2003-09-11 08:13 · Score: 5, Informative

Numbers without a counting methodogy are usually worthless. We've got a small article that doesn't even name what "british security company" released the data, and a summary that somehow gets the BBC involved even though they're nowhere to be found in the story.

Uhm... slow /. day?
Re:Yeah... by notsewmit · 2003-09-11 08:14 · Score: 5, Informative

Exactly.... the report would have been better if they had broken it down like this:

OS
% of Total Hacks
% of Servers running OS Hacked
Re:Staying uptodate costs money... by Kevinv · 2003-09-11 08:18 · Score: 5, Informative

Both debian and gentoo (and Red Hat) have security mailing lists that list packages/ebuilds that have been updated for security reasons. I know Debian & Red Hat's are cross-posted with Bugtraq, not sure about Gentoo's.

Finding updated packages isn't a big deal. Harder is finding what software has an announced vulnerability that hasn't been patched by it's respective distribution yet. Red Hat uptodate has the same problem, if Red Hat hasn't patched the vunerability yet you won't know about it.

Of course in the Open Source world the updates come pretty quick after the annoucement anyway, but if there were some software app that had a real old version with no maintaniner as the default it could present a problem.
mi2g by FrostedWheat · 2003-09-11 08:20 · Score: 5, Informative

Brought to us by our friends at mi2g. I'd take this with a grain of salt.
mi2g - computer security hysteria specialists by tagishsimon · 2003-09-11 08:45 · Score: 5, Informative

mi2g - authors of the report being discussed, are the single most dissed security company I know of. They're derided by such a long list of organisations, that one might wonder if there's any point giving their work houseroom. They certainly appear to be PR whores, and, bless' em, good at this part of their job.
Vmyths appears to summarise the anti-mi2g camps position. Searches for mi2g on NTK and The Register, (when its search engine is working) for mi2g are as enlightening as they are amusing.
Re:Hmm... by SillySlashdotName · 2003-09-11 09:06 · Score: 5, Informative

Not the BBC, from Globe News - No I hadn't ever heard of them either.

From a press release from the people at mi2g - google for it, interesting information in the SECOND entry...

Not funded by MS, this is a security consulting group of dubious integrity.

Some of my favorite quotes in reference to their press releases -

"Mathmatical Masturbation" Richard Forno (InfoWarrior.org).

"Winn Schwartau, author of Pearl Harbor Dot Com, noted that mi2g seems to be relying solely on hacks that have been publicly documented".

"Their statistics are basically worthless." Marquis Grove, editor of the Security News Portal.

"mi2g continue to drum up PR about an "Inter-fada," or holy cyber-war, that rages between Palestine & Israel."

and

"Fearmongers" Rob Rosenberger, Vmyths editor.

Read more at Vmyths.com

--
Acts of massive stupidity are almost never covered by warranty. --me.