On Wed, 13 Jun 2012 11:08:25 -0700, JC Dill said: > If both flavors were equally easy to exploit, according to your theory > above we would see more exploits on the *nix servers. Yet server-side > exploits are seen on Windows servers far more often than *nix servers, > despite the fact that more web pages are served by *nix servers than > Windows servers.
I suspect the *real* issue is that for really large systems, it's not so much "exploits" as "one-off customized attacks". The chances of pwning Bank of America with an off-the-shelf attack are pretty low - but finding a blind SQL injection and leveraging it are a bit higher. And given all the 'XYZ got pwned' news stories, I suspect that in fact the *nix boxes *are* being attacked - just not with COTS attack tools.
pgpuUJFvMZu9O.pgp
Description: PGP signature
