名稱 : Ping
發表時間 : 29/07/2004, 12:23 PM
標題 : 請 cnet 平衡報導
評論 :
數據會說話,但是讀數據的人會說他想說的話。
同一個網站,http://www.zone-h.org/en/defacements,今天去看,
"Todays reported and verified attacks: 2284 of which 25 are single IP and 2259
mass defacements"
然後好像沒幾個 Linux 嘛!
其實呢,作為一個以統計分析討飯吃的人,我也懷疑 zone-h.org 的樣本的代表性。
Linux 系統管理者絕對要注重 security updates,這是對的,
但是基於某單一天某些網站的數據下結論,未免太不專業。
請 cnet 平衡報導。
------------------------------------------------------------------------------------
以下是該筆分析的部份節錄;
你可以在這裡看到完整的全文:
http://www.zone-h.org/en/winvslinux2
So far, so good except from one detail: the only exact action after watching
these data is that
YOU SHOULD SEND ALL THIS ANALYSIS AND THESE GRAPHS IN /DEV/NULL
Why? The reason is simple.
First of all, somebody might argue that the data should be re-evaluated and
proportioned to the total amount of worldwide installations.
Second, crackers are choosing OS depending of what is "leet" at that very moment
(remember the Solaris Armageddon 18 months ago?)
Availability of 0days for particular OSs is also contributing to the "mumbo
jumbo" curves of the above graph.
EVEN THEN, EVERYTHING SHOULD STILL GO TO /DEV/NULL
In fact, nowadays many of the intrusions are performed at database or
application level.
Regardless the OS.
Regardless the web server.
Sql injection and file inclusion are the most used tecniques in the latest
months. This is happening because the usual "availability" of exploiting codes
has been constantly decreasing over the last 12 months since groups like Teso
has stopped to release to the public.
The moral is, in this historical period of the Internet, don't trust anybody who
is "lecturing" about the inherent vulnerability of a particular Operating
System.
SyS64738
www.zone-h.org admin