Dr. S.K. Singh enscribed thusly:
> Hi all,
> I am interested in some information or any site dealing about the
> number of systems cracked/hacked operating systemwise. This I need for a
> discussion which is scheduled in a weeks time. The organiser's view was
> that Linux is for Hackers only which I did not agree but I need dat to
> support.
By "cracked/hacked" do you mean all forms of attacks or only
those attacks that let the attacker use your system? Are you interested
in attempts or only those attacks that succeed? What about denial of
service attacks?
Many many months ago, when Billy boy was testifying in front
of Congress, some "crackers" decided to "make a point" and sent out
a "blue screen" attack that literally swept the nation. They worked
their way through a hugh chunk of the .edu (and possibly some .gov)
domains and hit every reachable Windows NT box with a triple whammy
"Blue Screen of Death". If I remember correctly, it was a combination
of the OOB (Out Of Band) Data Attack and some login packet protocol
violations. It quickly became a blue tsunami. :-)
I see Linux systems which seem to be under frequent attack attempts
but very few ever succeed. The ones that do are a real pain, though (as
are ALL successful attacks against any system).
I don't have any sites with break-in statistics (which are pretty
meaningless anyways) but can give you a few general pointers...
For some arguements regarding security and the Open Source Software
development model in general, you might find some ideas in my article
in the LinuxWorld archives titled "Musings on Open Source Security Models"
<http://www.linuxworld.com/linuxworld/lw-1998-11/lw-11-ramparts.html>
Be sure and check out the postings in the forum on that article.
Some of the posters pointed out some important details, some of which
I'm planning on quoting in a follow up article, next month. :-)
There are also some REAL INTERESTING recent CERT advisories about
Windows NT, if that's part of the discussion, including a coding error
in service pack 4 which creates conditions under which a user can
inadvertantly end up with a blank password! He changes is password
under the correct circumstances and both his new password and NO password
works! It's a screw up between the "LanMan" and "NT" hashes of the
passwords. There are several other recent security advisories over
Internet Explorer which might also be illuminating.
You can get to CERT at http://www.cert.org
In considering security problems, I generally lump virii in with
security vulnerabilities. There are recent problems with crackers taking
games and marrying them with remote exploits such as "Back Orifice" and
"Netbus" (Netbus attacks Windows NT) and then seeding them around the net.
After running, they infect the system and later check in and announce their
presence to the cracker community. Some places are reporting that this
problem is reaching epidemic proportions on their Windows and Windows NT
systems! The "virii" count throws the cracked system count right for a loop.
There are numerous other security sites around the web that a
search engine will turn up but I would be REAL suspicious of any statistics
or breakdowns by OS... The numbers are just too vague to draw anything
really meaningful conclusions...
> With Kind Regards,
> Sincerely Yours
> /-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_\
> :|->Dr. S.K.Singh <http://cirg.up.nic.in> |:
> :|->Central Institute for Research on Goats, |:
> :|->Mathura, UP. India, Ph. 0565-763325, 763334 |:
> \_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_/
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
