Linux Getting Harder To Crack

AlanS2002 points out today's article from Iain Thomson on vnu.net, which says that "Linux systems are getting tougher for hackers to crack, security experts have reported today," summarizing "A study conducted by the Honeynet Project has found that it takes about 3 months before a unpatched Linux machine will be owned, compared with about 72 hours in the past. According to a report on the study default installations are now more secure with less services enabled by default, added to this is newer versions of software such as OpenSSH being more secure. Interestingly Solaris 8 and 9 did not fare so well."

They aren't after your data - just your connection

[khasim]

These reports are mostly moot, however, because a router will deter all but hackers with a reason to pwn your box, and there is little reason to do so to a home computer.

What do you mean by "router"? There are probably several routers between your computer and any other computer on the Internet.

And most of the spam I see is from home machines that have been cracked (zombies).

Not to mention the DDoS zombies out there.

They'd be happy to get your credit card info off of your home machine, but they attack to turn you into a zombie with bandwidth.

Re:As a Linux User...

[gid13]

His point was that nobody's going to bother going through a router to do that when there are innumerable completely unprotected boxes out there.

Unpatched?

[Brandybuck]

Why even bother testing unpatched Solaris when Sun specifically tells you to patch your boxes? It's like never changing your car's oil and then complaining that it breaks down too often. It's almost, but not quite, as stupid as complaining your burrito is frozen because you didn't read the microwave directions.

Re:interesting

[NanoGator]

"The patch is installing Linux."

Tell the millions of gamers out there about it.

Half Truth

[aoptik]

Gene Spafford was interviewed by linuxplanet couple of years ago. He says why linux isn't completely secure, even though it is a outdated interview, I will like to say most of his ideas do make sense even today.

Even if those honeypots are harder to penetrate that does not mean drivers, or individual applications that many people use are designed with security in mind first. Hackers are always going to be around all this means is that script kiddies are going to be able to do less and less to break into a linux but but more sophisticated hackers are going to want to try harder and within time. You will have the same problems just like in real life a ADT system can make your home safer does not mean you still will not get broken into. Plus, within this article you should be asking who are the security experts?

All in all I would hope people read this article in hopes that linux is their solution too security out of the box. In other words if you believe in security do not rely on the distro. to be 80% secure even if you locked the system up tight like your suppose too you still have a good chance of getting hacked. This article is just showing business people in the IT world that they can setup linux and not need a administartor with good experise to be hired instead of that person they can pay half as much with little experence to manage the network because linux is so secure. See where I am going with this article?

Re:Not even remotely scientific

[ComputerSlicer23]

I'd venture to say that no science experiment ever conducted has ever been under "the same conditions". It's merely a matter of how close the conditions are, and why everything else doesn't matter. You figure that out by starting by making measurements and when you can't explain something, guess why, and form a model. Then try and setup a situation to measure if you guess is correct. Any number of "Scientific" measurements aren't repeatable (the analysis of any number of astronomical events are unique to our lifetimes and are irrepeatable in the sense you are using).

You can only draw those conclusions about water because someone has done all the scientific measurements before you.

We didn't figure out gravity all at once. Some guy started dropping balls and measuring time. Some guys started measuring the time it took to roll down planks. Eventually they made lots of measurements that were "big boiling pot of useless variables", and figured out that air resistance makes a difference. That if you measure incredibly accurately, that the latitude and longitude (more specifically your distance from the center of the earth) matter. Even more accurately, what time of year does matter (our distance from the sun changes). They sorted out the patterns in the data. What they are doing is called "basic science". It isn't sexy, and it isn't useful right away. However to start something that a is a "science", you have to start by making measurements and then explaining them. Explain to me roughly speaking, how one makes "Scientific" measurements on the internet where you have control groups? How precisely does one setup a second world wide interent that is identical in all ways except one has an extra Linux machine on it? Maybe if they continue to make such measurements, they might figure what the variables are.

That's precisely what they are doing. I'd have to read the actual statement they made to see how well they are lying with statistics. My guess is the statement they made was accurate and accurately captured what it was they measured.

Also, I'm going to guess they used the same RedHat distributions (or at least had all of the old ones, and some new ones), and they used all the same old IP's (or at least used all the old ranges, and some new ranges). So I'd further venture to guess that your "boiling water" analogy is incorrect. I've read about these guys quite often. They are fairly "scientific" about what they do, and how they do it. The biggest problem they have is man power to setup and analyze the machines and attacks. Which is really a function of their other big problem, a serious lack of financial resources. What they are doing on a large scale would result in really useful measurements. Sure what they are doing is on the level of "Grade School Science Projects" in terms of the scale and quality of science. However, that doesn't make it any less "scientific".

As to this:

get an experiment that is so wildly useless that you can't honestly call it scientific

Useful science, is called "Engineering". Useless science is all over the place. Science is about forming a hypothesis, setting up a way of measuring your hypothesis, then analyzing the data after the fact. This sure seems to fit the bill. Useless Science, is how all science started. Next you'll tell me Linux isn't at all like Unix, because it started out life as a useless terminal program.

Kirby

Re:A router routes packets.

[mabinogi]

Before you post another word on this topic, please demonstrate that you have the slightest idea what your talking about by defining the following words for us:

1. Hub
2. Switch
3. Router
4. Firewall
5. NAT
6. Proxy
7. Modem

Next, explain to us how packets from computer A with ISP X on one side of the world, can possibly attack computer B with ISP Y on the other side of the world without going through at least two routers.

Re:Not even remotely scientific

[ComputerSlicer23]

For example, if someone got root using some local exploit no-one had seen before we could reverse engineer the script they used and fix the bug. But this has never happened

You really should read up on the honeynet project sometime before saying silly things like this.

For starters, they have in fact found previously unknown exploits (at least one, but possibly several). I forget the exact details off hand, but in "Honeypots" (A pretty decent book), it is covered. They cover it in the section about different types of honeypots and what they are good for. They discovered a hole in a network service that was previously unknown on Linux machines several years ago when the project first started. I can cite it tomorrow if you really don't believe me (the book is at home, I'm not). A lot of blackhats give out zero days as a way of gaining credibility. While it wans't a zero day, a honeypot was one of the first things to figure out how one of the Major worms worked (Code Red I think, but it might have been one of the others).

Also, black hats need a platform to mount their attack from that they can easily own without worry. So they attach home networks knowing that they can complete own a box and wipe the logs. Meanwhile, they can mount attacks from those machines onto others that are important. They need the intermediate machines to be anonymous. They might want to attack "American Express", or "Amazon.com". Anyone with any brains doesn't attack those from the IP's known to be in their basement. They find other machines that will have no logging, or logging that can be completely compromised to use as a base of attack. Then the trail to find them dies at these random machines on the interent.

Besides that, any one wanting to implement a "Andy Worhal Worm", needs to find a set of machines that have an exploit available. In order to find those, one has to start attacking random machines on the internet. The honeypot project could accomplish that (I don't know that they have, but it would be a very good use of it).

Finally, I don't have any important machines, so information about random machines on the internet fits me to a "T". I am more interested in what the script kiddies are doing, and what sorts of attacks they are making. The honeynet project does provide details about what JRandom guy with an IP on the internet can expect to be hit with.

Kirby

Re:interesting

[slobbargoat]

no, tell the game developers out there about it.