[ISN] mi2g needs math lessons too

From: InfoSec News (isnat_private)
Date: Fri Sep 12 2003 - 00:14:28 PDT

  • Next message: InfoSec News: "[ISN] Secunia Weekly Summary"

    Forwarded from: security curmudgeon <jerichoat_private>
    To: jkapicaat_private, newsroomat_private
    cc: InfoSec News <isnat_private>, errata submission <errataat_private>
    : http://www.globetechnology.com/servlet/story/RTGAM.20030911.gtlinuxsep11/BNStory/Technology/
    : Linux is favourite hacker target: Study
    : During August, 67 per cent of all successful and verifiable digital
    : attacks against on-line servers targeted Linux, followed by Microsoft
    : Windows at 23.2 per cent. A total of 12,892 Linux on-line servers
    : running e-business and information sites were successfully breached in
    : that month, followed by 4,626 Windows servers, according to the report.
    Have you stopped to consider these numbers? It's fairly clear that
    mi2g hasn't.
    : The Sobig and MSBlast malware that afflict Microsoft platforms contributed
    : significantly to the record estimate.
      August 19, 2003, 08:50 BST
      The original variant of the MSBlast worm continued to spread over the
      weekend and is likely to have infected more than 570,000 computers,
      according to security firm Symantec.
    Symantec says 570,000 computers were infected. Yet mi2g says 4,626
    windows servers were compromised and "verified". They speicifically
    say Sobig and MSBlast were factored in (quoted above), yet ignore the
    numbers from Symantec and other AV firms.
    It is crystal clear that mi2g is manipulating these statistics or not
    qualifying the numbers. As usual, they do not cite their sources
    despite it being continually proven they obtain them from non profit
    sites like attrition.org, or other commercial sites more recently such
    as zone-h.org.
    : The data comes from the London-based mi2g Intelligence Unit, which has
    : been collecting data on overt digital attacks since 1995 and verifying
    : them. Its database has tracked more than 280,000 overt digital attacks
    : and 7,900 hacker groups.
    Here is the same corporate spew they peddle to any journalist. Why
    hasn't anyone dug into their past?
    : The economic damage from the attacks, in lost productivity and recovery
    : costs, fell below average in August, to $707-million (U.S.).
    Did you ask where they got this damage figure? Seems arbitrary.
    : The Sobig and MSBlast malware that afflict Microsoft platforms
    : contributed significantly to the record estimate.
    : "The proliferation of Linux within the on-line server community coupled
    : with inadequate knowledge of how to keep that environment secure when
    : running vulnerable third-party applications is contributing to a
    : consistently higher proportion of compromised Linux servers," mi29
    : chairman D.K. Matai said.
    : "Microsoft deserves credit for having reduced the proportion of
    : successful on-line hacker attacks perpetrated against Windows servers."
    Those two worms infected over 500,000 machines according to anti virus
    companies, mi2g says almost 15,000 linux servers were compromised. How
    can you report this without questioning their numbers? How can mi2g
    say Microsoft deserves credit when they are responsible for vulnerable
    code allowing for several remote administrative holes, each of which
    is becoming the worm-of-the-week?
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Sep 12 2003 - 02:50:33 PDT