According to Peter Jeremy: > One point that has come up is along the lines of `most Internet sites > that have been hacked have been running Unix therefore Unix is > insecure'. The implied assumption here (sites not cracked are secure) is logically flawed. A secure site is one which CAN'T be cracked, not one which HASN'T been cracked. This is like the difference between security and illusion of security. If you don't know better, you can't know one from the other until you're cracked. As a side note, Unix sites are absolutely not the only ones which have been cracked. > Can anyone point me to some figures showing what sorts of > sites have been broken into and what they were running, compared to > the Internet as a whole? I can't provide stats, sorry. But there are some points to be made: - WNT is new in the field and way behind Unix in terms of existing sites; hence it's only statistically logical that it has been cracked less; - known vulnerabilities are fixed when they are discovered, generally on a case-by-case basis. This means that older systems are inherently more secure. Even more so if they have been developed in an "open" way (their source is available) because this allows code review by third parties. There would be lots more to say, of course. -- Pierre.Beyssacat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:22 PDT