its kinda like saying that red cars have more accidents just because there are more red cars than any other color. It might have a small factual basis even though it has nothing to do with reality
Printable View
its kinda like saying that red cars have more accidents just because there are more red cars than any other color. It might have a small factual basis even though it has nothing to do with reality
[offtopic]Quote:
Originally posted here by ZomBieMann77
its kinda like saying that red cars have more accidents just because there are more red cars than any other color.
actually this has also been researched :D ;
http://bmj.bmjjournals.com/cgi/conte...327&issue=7429
[/offtopic]
I find this to be a high possibility. Along with the others you mentioned. While windows machines are sometimes boring targets, they are a very different playground for kiddies than *nix is.Quote:
- Perhaps there are more "skript-kiddie" style exploits which exist for Linux vulnerabilies, hence the "kiddies" who crack most boxes find it easier to get into a badly maintained Linux box than Windows
0.02 cents.
Be safe and stay free
perhaps the default configurations on all boxes should be scaled back, removing services and users so that admins have to physically start them. I know that about half the services on my box wouldn't be there if I had to turn them on...
Note, they left systems compromised by worms of viri off the list so that they could get favorable numbers.
Everyone should look for the thread that we had about one of these reports from last year. It has all of the answers people are looking for.
The term attack refers to a successful web breakin. In the report they gave out last year they used web site defacements as the trigger for a successful attack. They used a defacement tracking website like alldas.org for the statistics. So it is not actually attacked servers, but rather defaced websites.
Incident surveys like this are just nonsensical and should never be used to compare system security. System security should only be evaluated against a predefined criteria (eg. DOD-STD-5200.28 or ISO 15408).
The same is true for the number of exploit issues surveys...
What should really give you warm fuzzies about a study like this one, is the fact that pretty much by definition, all the good attacks go unreported. These list are just admins being lazy and kiddies being bored.
catch
Here's a finny aside.. a friend of mine called mi2g claiming he was a lawyer representing a class action suit against an ISP that failed to take steps to secure its services. (he did this after they refused any communication under his actual credentials). They opened up much more readily with information, but mainly tried to sell their reports and research; understandable, they are in business to do that. But the funny part is - they quoted higher prices to him than were published on their website.
Sketchy sketchy.
l00p
Ain't social engineering great?!