Forwarded from: security curmudgeon <jerichoat_private> To: jkapicaat_private, newsroomat_private cc: InfoSec News <isnat_private>, errata submission <errataat_private> : http://www.globetechnology.com/servlet/story/RTGAM.20030911.gtlinuxsep11/BNStory/Technology/ : : Linux is favourite hacker target: Study : : By JACK KAPICA : : During August, 67 per cent of all successful and verifiable digital : attacks against on-line servers targeted Linux, followed by Microsoft : Windows at 23.2 per cent. A total of 12,892 Linux on-line servers : running e-business and information sites were successfully breached in : that month, followed by 4,626 Windows servers, according to the report. Have you stopped to consider these numbers? It's fairly clear that mi2g hasn't. : The Sobig and MSBlast malware that afflict Microsoft platforms contributed : significantly to the record estimate. http://news.zdnet.co.uk/internet/security/0,39020375,39115783,00.htm August 19, 2003, 08:50 BST The original variant of the MSBlast worm continued to spread over the weekend and is likely to have infected more than 570,000 computers, according to security firm Symantec. Symantec says 570,000 computers were infected. Yet mi2g says 4,626 windows servers were compromised and "verified". They speicifically say Sobig and MSBlast were factored in (quoted above), yet ignore the numbers from Symantec and other AV firms. It is crystal clear that mi2g is manipulating these statistics or not qualifying the numbers. As usual, they do not cite their sources despite it being continually proven they obtain them from non profit sites like attrition.org, or other commercial sites more recently such as zone-h.org. : The data comes from the London-based mi2g Intelligence Unit, which has : been collecting data on overt digital attacks since 1995 and verifying : them. Its database has tracked more than 280,000 overt digital attacks : and 7,900 hacker groups. Here is the same corporate spew they peddle to any journalist. Why hasn't anyone dug into their past? http://www.attrition.org/errata/charlatan/mi2g-history.html http://vmyths.com/resource.cfm?id=64&page=1 : The economic damage from the attacks, in lost productivity and recovery : costs, fell below average in August, to $707-million (U.S.). Did you ask where they got this damage figure? Seems arbitrary. : The Sobig and MSBlast malware that afflict Microsoft platforms : contributed significantly to the record estimate. : : "The proliferation of Linux within the on-line server community coupled : with inadequate knowledge of how to keep that environment secure when : running vulnerable third-party applications is contributing to a : consistently higher proportion of compromised Linux servers," mi29 : chairman D.K. Matai said. : : "Microsoft deserves credit for having reduced the proportion of : successful on-line hacker attacks perpetrated against Windows servers." Those two worms infected over 500,000 machines according to anti virus companies, mi2g says almost 15,000 linux servers were compromised. How can you report this without questioning their numbers? How can mi2g say Microsoft deserves credit when they are responsible for vulnerable code allowing for several remote administrative holes, each of which is becoming the worm-of-the-week? - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Sep 12 2003 - 02:50:33 PDT