-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On February 23, 2004 08:44, Jason Van Dellen wrote: > The results were suprising to me, what do you think? > > http://slashdot.org/article.pl?sid=04/02/21/142239&mode=thread
surprising unless you think about it for about 2 seconds. first off, the mi2g's "research" is flawed, as has been pointed out how many times in the past in various places? here's the cheat sheet: o they don't discuss methodology, including what their sample set was. this makes accurately interpreting their numbers impossible. o they dismiss automated attacks, as if those don't count. trust me, they do. o they don't define the type of "breaches" counted, what software was affected, where the sstems existed (profile is often important, especially in non-automated attacks), etc... look at the recent wave of phpNuke attacks. would those count as breaches? are they really Linux breaches? or is that an OS agnostic attack that just happens to land most often on a Linux box due to deployment? is this an indictment of PHP and/or PHPNUke, which runs on Windows just as handily? basically, this report is, IMHO, rubbish. i don't know what mi2g's angle is, but then if their website were actually working perhaps i'd be able to find out. =P but they are correct about one thing: Linux adoption is rising fast. the number of users with security knowledge is being diluted. help newbies install software securely (regardless of the OS) and encourage automated sofwtare updated. help ensure a secure network in your area for everyone. the Linux distros are doing their part by not installing and starting every daemon under the sun ala 1999, but there's still a part to be played by us the users. - -- Aaron J. Seigo GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43 while (!horse()); cart(); -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQFAOiez1rcusafx20MRAvk6AJ0YVd6coAkjLGaRxZuDP+vWAI/5ZwCbB2B/ mfORN4LPJozHqUPn5N/EIJY= =nNhb -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
