Linux Most Attacked Server? 815
Anonymous guy who can't remember his login sent in a story from the Globe And Mail that says "During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers."
Server already slow, here is the text (Score:0, Informative)
By JACK KAPICA
Globe and Mail Update
E-mail this Article
Print this Article
Advertisement
Linux, not Microsoft Windows, remains the most-attacked operating system, a British security company reports.
During August, 67 per cent of all successful and verifiable digital attacks against on-line servers targeted Linux, followed by Microsoft Windows at 23.2 per cent. A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers, according to the report.
Just 360 -- less than 2 per cent -- of BSD Unix servers were successfully breached in August.
The data comes from the London-based mi2g Intelligence Unit, which has been collecting data on overt digital attacks since 1995 and verifying them. Its database has tracked more than 280,000 overt digital attacks and 7,900 hacker groups.
Linux remained the most attacked operating system on-line during the past year, with 51 per cent of all successful overt digital attacks.
Microsoft Windows servers belonging to governments, however, were the most attacked (51.4 per cent) followed by Linux (14.3 per cent) in August.
The economic damage from the attacks, in lost productivity and recovery costs, fell below average in August, to $707-million (U.S.).
The overall economic damage in August from overt and covert attacks as well as viruses and worms stood at an all-time high of $28.2-billion, about as much as Cmdr Taco makes per year as a male prostitute.
The Sobig and MSBlast malware that afflict Microsoft platforms contributed significantly to the record estimate.
"The proliferation of Linux within the on-line server community coupled with inadequate knowledge of how to keep that environment secure when running vulnerable third-party applications is contributing to a consistently higher proportion of compromised Linux servers," mi29 chairman D.K. Matai said.
"Microsoft deserves credit for having reduced the proportion of successful on-line hacker attacks perpetrated against Windows servers."
Canadan Newspaper != The BBC (Score:5, Informative)
This clearly came from Canada's Globe and Mail newsmapaper, which is clearly has nothing in common with the British Broadcasting Company
Corresponds with Netcraft (Score:4, Informative)
Statistics are dumb.
Re:Active or passive attacks? (Score:5, Informative)
Uhm... slow
Re:Yeah... (Score:5, Informative)
OS
% of Total Hacks
% of Servers running OS Hacked
Re:Staying uptodate costs money... (Score:5, Informative)
Finding updated packages isn't a big deal. Harder is finding what software has an announced vulnerability that hasn't been patched by it's respective distribution yet. Red Hat uptodate has the same problem, if Red Hat hasn't patched the vunerability yet you won't know about it.
Of course in the Open Source world the updates come pretty quick after the annoucement anyway, but if there were some software app that had a real old version with no maintaniner as the default it could present a problem.
Re:Staying uptodate costs money... (Score:1, Informative)
Don't forget WEB-IIS nsiislog.dll access (Score:2, Informative)
4745 5420 2F73 6372 6970 7473 2F6E 7369 6973 6C6F
672E 646C 6C0D 0A0D 0A
Payload (ASCII):
GET
Re:Article Text (Score:3, Informative)
ha ha.... making good of their rapidly shrinking server market share... oh this is classic. Those figures almost exactly match the market shares for Apache and Microsoft
news.netcraft.com [netcraft.com]
Apache 64.52% ... Microsoft 23.54%...
so just who is trying to kid who with the figures???
Re:Staying uptodate costs money... (Score:1, Informative)
mi2g (Score:5, Informative)
Re:Staying uptodate costs money... (Score:4, Informative)
I don't know about Linux vendors in general, but Red Hat has offered such a notification service for years. You don't even have to pay them for it, just sign up for their security mailing list. I've been getting such notifications for a long time; I probably get a dozen a week.
Re:Yeah... (Score:3, Informative)
All in all the stats are fairly accurate. Microsoft is not very loved as a server.
Re:Staying uptodate costs money... (Score:2, Informative)
You don't hack into operating systems, you hack into the servers running on it. The article is dead right putting most of the blame on the sysadmins. Only two percent of bsd servers were breached but both linux and bsd run the same servers and software.
I do think the distrubters like Red Hat need to come up with a very comprehensive security program. Basically, sys admins should be able to go to there web site and not just find about what patches are available, but have all the info the need and tools to maintain and keep their systems secure without having a lot of experience with unix in general since so many are comming from windows.
Re:Active or passive attacks? (Score:2, Informative)
The data comes from the London-based mi2g Intelligence Unit, which has been collecting data on overt digital attacks since 1995 and verifying them. Its database has tracked more than 280,000 overt digital attacks and 7,900 hacker groups.
Re:"Linux Most Attacked Server?" (Score:3, Informative)
"A total of 12,892 Linux on-line servers running e-business and information sites were successfully breached in that month, followed by 4,626 Windows servers."
Re:Staying uptodate costs money... (Score:5, Informative)
Apt-get doesn't explicitly notify you when updates come in, however it is trivial to write a script to automate the process of checking for updates. For the super-lazy, you can even continue to use the free version of Red Hat's up2date notification icon to alert you when updates come in, and then use apt-get to actually fetch them.
Of course, there are probably other reasons you pay for RHN, such as technical support, a desire to give back to Red Hat, etc...
Just thought I'd make sure you know about an excellent free alternative.
Re:Staying uptodate costs money... (Score:4, Informative)
No it doesn't. Tried Debian security advisories [debian.org]?
Re:Staying uptodate costs money... (Score:3, Informative)
1. You are confusing "free as in beer" with "free as in speech".
2. It's pretty easy to set up a cron job to automatically download the patches from a mirror ("wget -m
3. Mailing lists, mailing lists. Gentoo has a mailing list for announcements that is very quiet and seems to have only security announcements. I'm sure there are others for other distros.
Re:Staying uptodate costs money... (Score:4, Informative)
http://www.microsoft.com/technet/treeview/defau
http://www.pcworld.com/news/article/0,aid,63784
As Steve Jobs once said, "Every security scheme that is based on secrets eventually fails."
mi2g Intelligence Unit (Score:3, Informative)
Comment removed (Score:3, Informative)
Re:67% and 23% of How many in the Data Set ? (Score:1, Informative)
Most likely Solaris (or a combination of multiple proprietary unices). But that is just a guess.
mi2g - computer security hysteria specialists (Score:5, Informative)
Vmyths [vmyths.com] appears to summarise the anti-mi2g camps position. Searches for mi2g on NTK [ntk.net] and The Register, [theregister.co.uk] (when its search engine is working) for mi2g are as enlightening as they are amusing.
This is from mi2g (Score:3, Informative)
They suck.
Re:Staying uptodate costs money... (Score:2, Informative)
Um, check your facts sport... (Score:4, Informative)
Re:Yeah... (Score:3, Informative)
Never trust statistics that don't show a margin of error, and never trust possibly skewed sampling.
Re:Hmm... (Score:5, Informative)
From a press release from the people at mi2g - google for it, interesting information in the SECOND entry...
Not funded by MS, this is a security consulting group of dubious integrity.
Some of my favorite quotes in reference to their press releases -
"Mathmatical Masturbation" Richard Forno (InfoWarrior.org).
"Winn Schwartau, author of Pearl Harbor Dot Com, noted that mi2g seems to be relying solely on hacks that have been publicly documented".
"Their statistics are basically worthless." Marquis Grove, editor of the Security News Portal.
"mi2g continue to drum up PR about an "Inter-fada," or holy cyber-war, that rages between Palestine & Israel."
and
"Fearmongers" Rob Rosenberger, Vmyths editor.
Read more at Vmyths.com [vmyths.com]
Globe and Mail (Score:5, Informative)
The Globe and Mail is the older and generally more respected newspaper. The National Post is a recent upstart. It is generally considered much more right-wing and a bit downscale.
Re:Help me with the math here (Score:2, Informative)
http://www.theregister.co.uk/content/55/28233.h
Re:Help me with the math here (Score:4, Informative)
Re:No Challenge to Breaching Windows Security (Score:4, Informative)
In the book Repelling the Wily Hacker there is an amusing story about a Unix box getting rooted, and the script kiddie starts typing DOS commands.
Just to give an example that it does not take a real hacker to get into a Linux box as such. Other factors are also quite important.
Re:Yeah... (Score:3, Informative)
Re:Yeah... (Score:2, Informative)
Here [microsoft.com] you [microsoft.com] go [microsoft.com]. (and I apologize for the poorly-worded sentence in my previous post -- I just noticed that it really sucked, though it got the point across)
Re:Um, check your facts sport... (Score:3, Informative)
Re:Help me with the math here (Score:2, Informative)
This is nonsense (Score:3, Informative)
I don't know what their methodology was, but from looking at the results from ethereal, it's clear that there were more than 20 Windows boxes that were successfuly attacked on my broadband provider's local NAT domain alone. I doubt the proportion of clueless Windows users in this subnet is unusually high (if anything, it's likely low) so it seems very probable that many tens of thousands of windows bozes were attcked by SoBig alone.
It seems therefore extremely unlikely that only 4000-odd Windows boxes were hacked total in their study. This makes me suspect that they are playing fast and loose with their counting methods.
Re:Globe and Mail (Score:3, Informative)
That is a big problem under the best of circumstances. With any marketing games going on, the numbers can be expected to be, if not wrong, highly misleading. The statistics tend to be like "A bank was robbed. 1300 pieces of paper were taken." The unanswered key question is what was attacked. Why would also be worthwhile knowing. Actually, this one seems more informative than most.
Speaking of damage, from the article:
What I find interesting is that Linux attacks are up and damage due to Linux attacks are down.
Preferably before the bad guys mix something like Sobig or slammer with something that does actual damage, potentially hardware damage.
Yep, although I would expect any such to not really live up to expectations. Linux (and moreso the BSDs) in many subtle ways encourage people to be aware of what is going on. What is required for containment is rapid response, not by the best and brightest, but by the poor saps who happen to be on the firing line at the time. Prediction: (he who lives by the crystal ball shall learn to enjoy ground glass) The reaction will resemble the Keystone Kops, but the damage will be less than one should expect.
Re:Interpretations... (Score:3, Informative)
if you have physical access to a system, the game is freaken over.
you could just tkae the drives out and mount them on a diff system...
Yes.
The one exception to that is if you have encrypted filesystems that require a security token (password, smart card, whatever) be supplied at mount time. You also must make sure there is insufficient information without that token to decrypt the data.
The downside of this setup is that this feature means that the machine (or the process with secured data) would never be able to boot unattended, so most system administrators refuse to have them in their environment.