> I wish our press actually knew what they were talking about at times ): Don't we all. Confusion about units of measure abound everywhere. Ask any journo to explain the precise differences and relationships between work, energy, and power. I'll posit that at least 90% of the NZ population haven't the slightest idea.
Anyways, note that the referenced article garners it's 'facts' from a Microsoft security conference, so it would be extraordinary if they didn't poo on Linux under those circumstances. That said, however _all_ server programs will have holes found in them from time to time, so one needs to keep up-to-date. The main problem is that the permission systems provided by operating systems are so frequently over-ridden in order to get the page(s) on the Web with as little hassle as possible. How many people can honestly say they have the htdocs directory mounted on a read-only no-execute partition with the files being read-only and owned by the httpd? On 10/6/07, Steve Holdoway <[EMAIL PROTECTED]> wrote: > On Sat, 06 Oct 2007 20:41:18 +1300 > Maurice Butler <[EMAIL PROTECTED]> wrote: > > > EBAY: PHISHERS GETTING BETTER ORGANISED, USING LINUX > > > > http://s0.tx.co.nz/at/tep34n736205j130069i181588f2c285953a4t9s4z > > > > "The vast majority of the threats we saw were rootkitted Linux boxes, > which > > was rather startling. We expected Microsoft boxes," says CISO > > > > This is, of course, b*ll*x. None of the linux boxes are rootkitted at all. > > The way that they work is to add a subdirectory to the existing url with > their code. The usual way they get in - ftp logins aren't encrypted, so > sniffing will work easily - and of course many people use ftp ( dreamweaver, > etc ) to maintain their sites. The reason that linux is hit hardest: the > equivalent hardware can support orders of magnitude more websites using > linux/apache when compared to windows/iis - so of course they'll be using > linux. It's the mom'n'pop websites that're being targeted by this kind of > scam, and they just can't really be expected to be aware of this kind of > attack. > > I wish our press actually knew what they were talking about at times ): > > Steve > -- Sincerely etc. Christopher Sawtell
