--- Lan Barnes <[EMAIL PROTECTED]> wrote:
> On Tue, Feb 01, 2005 at 09:53:36PM -0800, John Rigg
> wrote:
> >
> > How do you address the zone-h site?
> >
> > www.zone-h.org
> >
> > ZONE-H TODAYS VERIFIED ATTACKS
> >
> > 251 single IP
> > 292 mass defacements
> >
> > Linux (81.4%)
> > Win 2000 (10.3%)
> > Win 2003 (4.8%)
> > FreeBSD (1.3%)
> > Unknown (0.7%)
> > Win NT9x (0.6%)
> > MacOSX (0.2%)
> > ... (0.7%)
> >
>
> I can only parrot what I've read elsewhere, but it's
> my understanding
> that such statistics ignore the severity of the
> attacks. Most owned
> machines are M$ because it both has holes and has
> deep holes.
As far as severity, more SSL sites run on IIS
(Netcraft) which suggests more ecommerce and
mission-critical apps, and a better likelihood that
valuable data lies behind these apps. A significant
number of sites running Apache are static,
hobbyist-level sites. What does an attacker gain by
attacking such a site?
Regardless of the relative number of IIS servers vs.
Apache servers, attacking a Microsoft product will
*always* get the bigger news/PR pop, simply because of
MS market position overall. How many major media
outlets report on anything that's happening in Apache,
security or otherwise. I see frequent reports in the
Post on Microsoft security issues, and not just
Windows. But I have never seen a report that discusses
*any* open source flaw or issue, whether Linux,
apache, or other. But we all know that there are many
flaws in various distros...
I am not saying that Windows is more secure. I just
find that we are suffering from ostrich syndrome.
Pointing the finger and laughing at Windows doesn't
help us and we could find ourselves in the rear-view
windows if the MS marketing machine catches up.
Let me post today's stats from www.zone-h.org
TODAYS VERIFIED ATTACKS
103 single IP
742 mass defacements
Linux (66.3%)
Win 2000 (28.8%)
FreeBSD (3.0%)
Win 2003 (1.3%)
Unknown (0.5%)
SolarisSunOS (0.1%)
Win NT9x (0.1%)
=====
__________________________________
Do you Yahoo!?
Yahoo! Mail - Easier than ever with enhanced search. Learn more.
http://info.mail.yahoo.com/mail_250
--
KPLUG-List mailing list
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
