addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1light-bulblinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

Re: [newtech-1] statistical breakdown of the collected website defacements from the last few years

From: Victor S.
Sent on: Sunday, March 16, 2008 2:03 PM
You are on the right track Asif, at last!
 
Those numbers show us that LAMP stack is more difficult to work with for various reasons. It is more costly because of that, and in addition raw numbers indicate that it is getting hacked more.
 

 
On Sun, Mar 16, 2008 at 1:52 PM, Asif Youssuff <[address removed]> wrote:
On Mar 16, 2008, at 1:34 PM, Victor Shamanovsky wrote:

> Randy, I am sorry you are having such a hard time with the numbers
> and the
> context.
>
> These numbers represent the realities (not emotions or "FUD") of
> working
> with 2 platforms.

Why are you even bothering to argue this? The data doesn't tell us
anything about Linux vs. Windows security. Just look at the top 5
methods by which the defacement happened:

1. Attack against the administrator/user (password stealing/
sniffing):[masked]
2. Shares misconfiguration:[masked]
3. File Inclusion:[masked]
4. SQL Injection:[masked]
5. Access credentials through Man In the Middle attack:[masked]

(Those are the 2007 numbers)

That's a total of 333,561 total intrusions, and not one of those is
due to inherent insecurity in anything. They are all configuration
problems or bugs in the web apps themselves. And that's about 70% of
the intrusions. Plus, many of the other attack vectors were of the
same class. Only 13,405 were "web server intrusions" which is about
3%. If you take "RPC Server Intrusion" and "Other server intrusion"
together as platform bugs (and I'm guessing most aren't), then you
still only end up with another 3%.

Therefore, all this story tells us is that the software industry has
to do a lot of work to protect users from themselves. It doesn't tell
us that Apache or IIS or Windows or Linux is more secure than
something else. It tells us users suck at security and programmers
suck at making security simple.

http://apache.slashdot.org/comments.pl?sid=488736&cid=22763474

(Repost)

-Asif

> On Sun, Mar 16, 2008 at 1:03 PM, Randy Noval <[address removed]>
> wrote:
>
>> not being sure what the point o this post was, i can only assume
>> it's FUD.
>> without context, absolute numbers for comparison helps to illustrate
>> nothing.
>>
>> so linux has 700k more break-ins, but has 10x the number of
>> possibilities
>> (i.e. installations), this would show that it's a far more secure
>> option,
>> rather than being just the most popular / easiest to hit.
>>
>>   On Sun, Mar 16, 2008 at 12:42 PM, Victor Shamanovsky <
>> [address removed]> wrote:
>>
>>>   *"Zone-H have recently posted the **statistical
>>> breakdown*<http://www.zone-h.org/content/view/14928/30/>
>>> * of the collected website defacements from the last few years.
>>> "Surprisingly", in 2007 more Linux servers suffered a successful
>>> attack
>>> than all versions of Windows, combined. Similarly, more Apache
>>> installations
>>> were successfully attacked than all IIS versions combined. A day
>>> after
>>> posting this data, Zone-H have **questioned*<http://www.zone-
>>> h.org/content/view/14931/31/>
>>> * the appropriateness of continuing to operate the archive.
>>> Despite the
>>> **valuable information*<http://www.beskerming.com/commentary/
>>> 2008/03/14/343/Somebody_has_to_do_the_Dirty_work>
>>> * that can be gleaned from the service, it may soon be lost to the
>>> world. The natural successor to the now-defunct Alldas archive of
>>> defaced
>>> websites, Zone-H's archive maintains records of over 2.6 million
>>> defaced
>>> sites but may be shut down due to the continuous accusations of
>>> impropriety
>>> leveled against them any time they disclose and mirror a reported
>>> defacement."*
>>> **
>>> Here is a copy of it, since site is getting heavy traffic.
>>>
>>> -------------------------------
>>>
>>> Every year, Zone-H publishes stats of registered attacks.
>>> In the early months of Zone-H, we received an average of
>>> 2.500notifications per month, last year this average jumped to
>>>[masked] monthly attacks. In order to have better idea of the attacks
>>> number, during January 2007,[masked] attacks were validated, and
>>> in the
>>> month of June - when a DDoS cyberwar in Russia<http://www.zone-
>>> h.org/content/view/14928/30/content/view/14788/107/>paralyzed
>>> thousands of web sites, Zone-H included - we validated
>>>[masked] defacements. The record occurred in the month of August 2006,
>>> with[masked] registered attacks.
>>>
>>> In the past the most attacked operating system was Windows, but many
>>> servers were migrated from Windows to Linux... Therefore the attacks
>>> migrated as well, as Linux is now the most attacked operating
>>> system with
>>>[masked] defacements against[masked] in Windows systems (numbers
>>> calculated from 2000).
>>>
>>>
>>>
>>>
>>>   Attacks by month   Year 2005
>>>  Year 2006   Year 2007    Jan  45.929  43.585  [masked]   Feb  47.059
>>>[masked]  52.697  Mar  41.175  38.630  54.842  Apr  48.995  43.007
>>>[masked]
>>>  May  41.735  86.135  41.410  Jun  43.870  51.888  17.797  Jul
>>>[masked]
>>>[masked]  56.763  Aug  41.917  [masked]  38.362  Sep  31.853  69.643
>>>[masked]  Oct  40.724  52.421  31.681  Nov  35.000  50.940  31.925
>>> Dec
>>>[masked]  52.945  23.181  *Total*  *[masked]*
>>>  *[masked]*
>>>  *[masked]*
>>>
>>>
>>>
>>>   Special Attacks by month   Year 2005
>>>  Year 2006
>>>  Year 2007
>>>   Jan  832  923
>>>  863
>>>   Feb  924
>>>  517
>>>  613
>>>   Mar  755
>>>  787
>>>  656
>>>   Apr  958
>>>  682
>>>  592
>>>   May  903
>>>  597
>>>  349
>>>   Jun  822
>>>  821
>>>  176
>>>   Jul  1.607  1.746  715   Aug  1.749
>>>  1.187
>>>  840
>>>   Sep  799
>>>  911
>>>  717
>>>   Oct  741
>>>  849
>>>  1.029
>>>   Nov  591
>>>  1.004
>>>  763
>>>   Dec  565
>>>  890
>>>  468
>>>   *Total* *[masked]* *[masked]*  *7.781*
>>>    Single attacks by month   Year 2005
>>>  Year 2006   Year 2007    Jan  9.584  10.846  [masked]   Feb  6.233
>>>[masked]  11.135  Mar  8.128  14.625  13.324  Apr  12.398  13.591
>>>[masked]
>>>  May  8.950  14.397  9.870  Jun  13.203  27.832  3.827  Jul  11.384
>>>[masked]  14.537  Aug  10.328  20.198  10.300  Sep  8.667  16.589
>>> 8.954
>>>  Oct  14.263  12.407  10.038  Nov  10.627  11.679  8.384  Dec  9.140
>>>[masked]  7.344 *Total* *[masked]*
>>> *[masked]*  *[masked]*
>>>
>>>    Mass attacks by month   Year 2005
>>>  Year 2006   Year 2007    Jan  36.345  32.739  47.646  Feb  40.826
>>>[masked]  41.562  Mar  33.047  24.005  41.518  Apr  36.597  29.416
>>>[masked]
>>>  May  32.785  71.738  31.540  Jun  30.667  24.056  13.970  Jul
>>>[masked]
>>>[masked]  42.226  Aug  31.589  [masked]  28.062  Sep  23.186  53.054
>>>[masked]  Oct  26.461  40.014  21.643  Nov  24.373  39.261  23.541
>>> Dec
>>>[masked]  40.034  15.837 * Total*  *[masked]*
>>> *[masked]*
>>> *[masked]*
>>>
>>>
>>>    Operational System   Year 2005   Year 2006   Year 2007    Linux
>>>[masked]  [masked]  [masked]   Windows 2003  72.377  [masked]
>>>[masked]   Windows
>>> 2000  [masked]  69.754  23.838
>>>   FreeBSD  23.653  31.075  18.542  Unknown
>>>  2.834  3.802  9.314   SolarisSunOS  6.193  9.797  5.226
>>> Windows NT/9x
>>>  5.921  4.023  1.204   MacOSX  2.139  2.247  1.488   Windows XP  498
>>>  393  323   HP-UX  667  166  259   AIX  367  101  124   SCO UNIX
>>> 19  5  92
>>>   Unix  7  134  79   Tru64  54  25  40   OpenBSD  21  13  39
>>> NetBSDOpenBSD
>>>  366  229  36   IRIX  771  211  34   BSDOS  498  49  26
>>> NovellNetware
>>>  30  24  9   OpenServer  0  0  7   OS390
>>>  1  3  3   MacOS  27  6  3  OS2  9  9  2  Compaq Tru64  23  13  1
>>>  NetBSD  31  14  1  Digital UNIX  2  3  1  Windows .NET  10  1
>>> 1  VM  1
>>>  0  0
>>>
>>>    Webserver defaced  Year 2005
>>>  Year 2006   Year 2007    Apache  [masked]  [masked]  [masked]  IIS/6.0
>>>[masked]  [masked]  [masked]  IIS/5.0  99.616  66.304  23.664  Unknown
>>> 4.974  8.805  16.741  Zeus   1.059  506  1.972  NOYB  0  1308  1.920
>>>  IIS/4.0  5.846  3.952  1.149  nginx   136  870  729  IIS/5.1
>>> 540  412
>>>  308  Rapidsite   158  110  244  SonataServer
>>>  4  557  178  A-NETEK RobustWeb   4  4  92  Zope   106  67  80
>>>  LiteSpeed   3  150  65  IdeaWebServer   50  191  60  E-Neverland
>>> DataPalm   15  16  41  lighttpd   25  33  37  DinaHTTPd Server
>>> 52  89
>>>  36  Boa   6  59  26  SilverStream Server   36  40  20  SAMBAR
>>> 0  18
>>>  17  thttpd   8  29  15  SunONE WebServer   165  670  12
>>>  ConcentricHost-Ashurbanipal   18  12  11  Lasso   18  26  11
>>> Cougar
>>>  1  21  10  NetWare-Enterprise-Web-Server
>>>  5  3  8  Sun Java System Web Server 6.1   0  6  8  GWS   2  4  8
>>>  DataPalm   0  7  7  Abyss   0  0  5  OBEC-Web-Serv   0  13  5
>>>  InfomexWebServer  2  14  4  tigershark  54  9  4  4D_WebSTAR_S
>>> 34  169
>>>  4  IBM HTTP SERVER  7  17  4  Jetty  0  0  4  Netscape-
>>> Enterprise  37
>>>  21  4  OmniHTTPd  7  3  4  AOL server  28  15  3  IIS/3.0  3  4
>>> 3   exteNd
>>> Application Server   3  2  2  RaidenHTTPD   5  5  2  Resin   9
>>> 25  2
>>>  Replica   1  0  2  RRRPHP/9.4.2   1  0  2  CoffeeMaker   0  0
>>> 1  Hix
>>> Webserver   0  0  1  KFWebserver   5  5  1  NetCache   5  8  1
>>> Oracle
>>> AS   0  3  1  WebLogic Server   27  27  1  Xitami   7  16  1
>>> Zort Zirt
>>> Server  20  7  1  Caudium  2
>>>  3  0  VHFFS  15  2  0  Oracle  33  2
>>>  0  Roxen  87  2  0  Lotus-Domino  6  5
>>>  0  Mistral  1  1  0  Web Crossing  0
>>>  1  0
>>>   Netscape-FastTrack  0
>>>  2
>>>  0
>>>   WebSphere Application Server  0  5
>>>  0
>>>   PWS  0  5
>>>  0  Netscape-Communications  0  1
>>>  0
>>>
>>>
>>>    Attack Method  Total 2005   Total 2006   Total 2007
>>>   Attack against the administrator/user (password stealing/sniffing)
>>>  48.006  [masked]  [masked]   Shares misconfiguration  [masked]  36.529
>>>[masked]
>>>   File Inclusion  [masked]  [masked]  61.011   SQL Injection
>>>  36.253  47.212  35.407   Access credentials through Man In the
>>> Middle
>>> attack  [masked]  21.209  28.046   Other Web Application bug  [masked]
>>> 6.529  18.048   FTP Server intrusion  [masked]  55.611  17.023   Web
>>> Server intrusion  [masked]  30.059  13.405   DNS attack through cache
>>> poisoning   7.541  9.131  9.747   Other Server intrusion  [masked]
>>>[masked]  8.050   DNS attack through social engineering   4.719  5.959
>>> 7.585   URL Poisoning   2.897  7.988  6.931   Web Server external
>>> module
>>> intrusion   8.487  17.290  6.690   Remote administrative panel
>>> access
>>> through bruteforcing   2.738  4.988  6.607  Rerouting after
>>> attacking
>>> the Firewall   988  4.308  6.127   SSH Server intrusion   2.644
>>>[masked]
>>>  5.723   RPC Server intrusion
>>>  1.821  5.793  5.516   Rerouting after attacking the Router   1.520
>>> 4.867  5.257   Remote service password guessing
>>>  939  7.008  5.105   Telnet Server intrusion   1.863  6.252
>>> 4.753  Remote
>>> administrative panel access through password guessing   1.014  4416
>>> 4.753   Remote administrative panel access through social
>>> engineering
>>>  780  5472  3.127
>>>   Remote service password bruteforce   3.576  4018  3.125  Mail
>>> Server
>>> intrusion   1.198  4195  1.315 Not available
>>>  11.382  37243  9.724
>>>
>>>    Attack Reason  Year 2005   Year 2006   Year 2007    I just
>>> want to be
>>> the best defacer    95.870  [masked]  [masked]  Heh...just for fun!
>>>[masked]  [masked]  95.664  As a challenge  [masked]  72.287
>>>[masked]  Political
>>> reasons  61.068  77.350  31.073
>>>   Patriotism  53.168  30.207
>>>  28.307  Revenge against that website  17.847  11.489  10.120  Not
>>> available  26.662  84.929  58.014
>>>
>>>
>>> *Linux X Windows*
>>>
>>>    *Year* * Total defacements Linux (all distros) * * Total
>>> defacements
>>> Windows (all versions) *   *2000*  931  2.586 * 2001*  4.081
>>>[masked] *
>>>  2002*  22.693  43.426 * 2003*  [masked]  58.559 * 2004*  [masked]
>>>[masked] * 2005*  [masked]  [masked] * 2006*  [masked]  [masked] * 2007*
>>>[masked]  [masked]
>>>   *Total *  [masked] * *[masked]
>>>
>>>
>>>
>>>
>>> --
>>> Please Note: If you hit "*REPLY*", your message will be sent to *
>>> everyone* on this mailing list ([address removed])
>>> This message was sent by Victor Shamanovsky (
>>> [address removed]) from NY Tech Meetup<http://
>>> newtech.meetup.com/1>
>>> .
>>> To learn more about Victor Shamanovsky, visit his/her member
>>> profile<http://newtech.meetup.com/1/members/4560286/>
>>> To unsubscribe or to update your mailing list settings, click
>>> here<http://www.meetup.com/account/?tab=comm>
>>>
>>> Meetup.com <http://meetup.com/> Customer Service: [address removed]
>>> 632 Broadway New York NY 10012 USA
>>>
>>
>>
>>
>> --
>> I shall pass this way but once. Therefore, any good that I can do
>> or any
>> kindness that I can show, let me do it now, for I shall not pass
>> this way
>> again.
>>
>>
>>
>> --
>> Please Note: If you hit "*REPLY*", your message will be sent to
>> *everyone*on this mailing list (
>> [address removed])
>> This message was sent by Randy Noval ([address removed]) from NY
>> Tech
>> Meetup <http://newtech.meetup.com/1>.
>> To learn more about Randy Noval, visit his/her member
>> profile<http://newtech.meetup.com/1/members/4439032/>
>> To unsubscribe or to update your mailing list settings, click
>> here<http://www.meetup.com/account/?tab=comm>
>>
>> Meetup.com <http://meetup.com/> Customer Service: [address removed]
>> 632 Broadway New York NY 10012 USA
>>




--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
http://newtech.meetup.com/1
This message was sent by Asif Youssuff ([address removed]) from NY Tech Meetup.
To learn more about Asif Youssuff, visit his/her member profile: http://newtech.meetup.com/1/members/4507642/
To unsubscribe or to update your mailing list settings, click here: http://www.meetup.com/account/?tab=comm

Meetup.com Customer Service: [address removed]
632 Broadway New York NY 10012 USA


Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy