[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ossig] Johor State Goverment Site defaced

To: ossig@xxxxxxxxxxx
Subject: Re: [ossig] Johor State Goverment Site defaced
From: Nan Phin <nplee@xxxxxxxxx>
Date: Tue, 24 Feb 2004 10:32:16 +0800
Organization: info one
References: <15811006.20040224080002@mysql.cc> <403B1A8C.24024.5405D9@localhost>
Reply-To: ossig@xxxxxxxxxxx
Sender: owner-ossig@xxxxxxxxxxx

Linux Attacks On the Rise, Says Report - But It's Not As Simple As That
(February 23, 2004) - A pair of security flaws reported in some Linux
kernels, coming at the same time as a UK study that found Linux to be the
most hacked server operating system in government, is helping to focus
renewed attention on the whole issue of Linux security. The Linux
community has been quick to respond that the UK study seems to be flawed
in its methodology.
http://www.linuxworld.com/story/43760.htm



Nah Soo Hoe wrote:

> On 24 Feb 2004 at 8:55, Imran William Smith wrote:
>
> > "The site www.johordt.gov.my  is running Apache/1.3.28 (Win32) PHP/4.3.3 on Windows 2000"
> >
> > Hasn't been rebooted since sometime in December.  I feel fairly
> > sure there's been some Win2k critical updates since then.
>
> Looking thru defacement archives on sites like Zone-H (http://www.zone-
> h.org/en/defacements) it appears there are a large number of Linux servers
> (even after discounting the fact that many of these are mass defacements)
> there (even more than Windows).  This seems to be consistent with the
> recent study done by by UK-based security consultancy mi2g which found
> that online servers running Linux fell victim to overt digital attacks -
> excluding viruses and worms - far more often in January 2004 than servers
> running Windows OS (http://news.zdnet.co.uk/0,39020330,39146776,00.htm).
> This points to the growing popularity of using Linux as a server as
> compared with Windows and as suggested by mi2g, may also reflect a lack of
> training and deployment expertise in securing Linux.
>
> Another reason for this I believe is the fact that Windows being now
> commonly perceived as not secure compared with Linux, many people
> _take_the_trouble_ to patch up their Windows systems, install additional
> security protection and follow recommended security practices on it
> whereas those who deploy Linux just install them out of the box and then
> leave them as such without making too much effort in trying to maintain up-
> to-date patches or put in additional security tools etc.   Also, while
> many sysadmins go for training etc. on securing Windows less do so for
> Linux and hence lack the required skills to secure these Linux servers
> properly.
>
> Also I suspect some of these people switch to Linux from Windows thinking
> that they can somehow be "magically protected" without following the usual
> security practices and "inconveniences".  I think some education and
> awareness of this is in order otherwise Linux (and OSS) will ultimately
> get a bad reputation.
>
> --
> Soo Hoe
>
> ---------------------------------------------------------
> To unsubscribe: send mail to ossig-request@mncc.com.my
> with "unsubscribe ossig" in the body of the message



--

best wishes.
/nan phin

Simplicity is the ultimate sophistication.


---------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message

Follow-Ups:
- Re: [ossig] Johor State Goverment Site defaced
  - From: Imran William Smith

Prev by Date: [ossig] Serious Linux Security Holes
Next by Date: Re: [ossig] Johor State Goverment Site defaced
Prev by thread: [ossig] Recent survey of system security treat
Next by thread: Re: [ossig] Johor State Goverment Site defaced
Index(es):
- Date
- Thread