Linux hacks hit all-time high (vnunet)

Posted Jun 5, 2003 23:18 UTC (Thu) by LinuxLobbyist (guest, #6541) [Link]

It surprises me to see a both lwn and linuxtoday point to this with nary a comment on mi2g's shoddy history of 'security analysis'. I thought the name sounded eerily familiar. I simple google search on mi2g turns a lot stuff that brings back memories of sensationalism and lack of real security experience (at least according to some in the security field).

Posted Jun 5, 2003 23:29 UTC (Thu) by Baylink (subscriber, #755) [Link]

Wonderful!

No, *really*.

Do those two lines sound like an Apple ad anyone remembers? I'm glad to hear
this: it means we've gone mainstream, folks. I think our plans for World Domination
are just about complete.

What do we do next?

Posted Jun 6, 2003 0:29 UTC (Fri) by zepe (guest, #11665) [Link]

did a google search of Mi2g and microsoft and the first link contains this.

'The issue may come down to which vulnerabilities get counted and which don't.

In a statement, Mi2g said that the company is in touch with Microsoft at a senior level and that the two companies are working together to deal with the issue of vulnerability counting.'

no wonder all of a sudden and out of the blue the number of vulerabilities exploded for linux. this story can put tossed in the garbage.

Posted Jun 6, 2003 1:17 UTC (Fri) by rjamestaylor (guest, #339) [Link]

Remember the stupid y2k predictions in 1999? The worst, perhaps, came from DK Matai, founder of mi2g. I knew the name rang a bell. Via Google, I found a posting which refreshed my memory. Here's an excerpt:

The chief charge against mi2g is its regular predictions of withering
cyber-assaults which, critics say, rarely seem to materialise.

For example, Forno draws our attention to a "spooky November 11"
briefing by mi2g which talks about the need for
"counter-attack-forces" to deal with the threats of "digital
terrorism" in the "5th dimension defence shield" against "digital mass
attacks" and notes that it's "not a question of if, but when" such
attacks will occur.

"Coining neat buzzwords in the cybersecurity realm makes for
interesting reading, but does little to offer real solutions to the
security challenges faced today," Forno writes, arguing that the
material only "serves to fan the flames of public misperception".

"Even more disturbing is the report's feeble attempt to capitalise on
the public's visceral fear of real terrorism by trying to relate the
'insider threat' of disgruntled employees to the al-Qaeda members
responsible for the September 11 attacks," he adds.

According to mi2g, in November 2002 there have been 57,977 'overt
digital attacks' to date, and that such 'overt' attacks will cost $7.3
billion worldwide for 2002. Forno scoffs at these figures, pointing
out the difficulty of estimating losses resulting from cyber-attacks.

"One wonders how much mathematical masturbation takes place when
analysing and generating these numbers," he writes.

He also questions mi2g's credentials and experience in the security
industry, arguing that most of its staff appear to be without
"significant operational IT security experience". mi2g denies this and
states that it employs experienced risk managers.

mi2g started off in the mid-1989s as an e-business enabler focused on
operating portal sites (such as Carlounge.Com and Lawlounge.Com)
before repositioning itself as a security integrator consultant
specialising in providing "be-spoke security architectures" and
security intelligence.

It burst into the IT security scene with a highly controversial, and
colourful prediction, in late 1999 that a Y2K virus would cause
widespread loses by moving corporate clocks forward. Anti-virus firms
dismissed the alert and the subsequent non-appearance of any
significant Y2K-related problems cast further doubts on mi2g's initial
warnings, which are often the main exhibit in the case against the
company.

Indeed this alert can still be found on mi2g's Web site along with its
many reports of hacking assaults, which are frequently successful in
generating high-profile media coverage. To declare an interest, I
should state here that I have reported on a small number of mi2g
events and announcements. The company has good contacts in the city
and in government, and is one of the few which can regularly attract
IT directors from blue chip City financial firms to its events. 

Read the whole post for mi2g's answer.

Posted Jun 6, 2003 1:18 UTC (Fri) by lyda (guest, #7429) [Link]

19k breakins in a month?

wow, even if that's true isn't that the rate for windows email worms per hour?

Posted Jun 6, 2003 1:26 UTC (Fri) by parimi (subscriber, #5773) [Link]

I wonder why people continue to confuse between hackers and crackers? "Linux hacks" would mean smarter way of doing things with a linux box. Hackers have always been good to the community as opposed to crackers who do serious damage to the network/boxen they compromise.

--ravi

Posted Jun 6, 2003 10:24 UTC (Fri) by Corvus (guest, #11677) [Link]

(Regardless of the credibility of those "statistics")

I'd say, windows boxes are not anymore worth cracking, compared to a linux
box, when you look at what can be done with the system when someone
aquired privileges.

And the main failure of a system that lets intruders in, regardless of the general
systems security degree, will always be lazy administrators refusing to protect
their sys with the latest (or at least moderately recent) versions or patches.

So if you were going to crack a system, you wont be going for those stupid
dayfly systems of deficient systems with inadequate capabilitys to do "stuff",
would you?

No, you would go for real systems.
-Systems you would be in control of what is going on, where just a list of
active processes dont require download and install of extra stuff.
-Systems you could work with like it would be your very own.
-Systems you can be sure wont be rebooted any second, doe to some internal
segfault in a kernel lib that hasnt anything to do with your cracking attempt at
all.

Am I right?

Corvus Corax

Posted Jun 12, 2003 19:06 UTC (Thu) by jeleinweber (subscriber, #8326) [Link]

If you read the article, what the slipshod journalism was counting
was total number of defaced websites at some (virtual) hosting sites.

This has practically _nothing_ to do with rates of attacks on systems
exposed to the internet.

At the firewall for my small organization, a conservative analysis
shows that at least 85% of the blocked packets are attempts against
Microsoft boxes. And for my parent organization, most of the
recent incidents of compromised hosts are windows-2000 boxes invaded
by password guessing attacks over the SMB and CIFS file sharing ports.

All may not be sweetness and light in the land of Linux security, but
the truth is the opposite of what the article claims: the bulk
of the attacks, the release of new exploits, and the compromise of
hosts all impact Windows a lot more heavily than Unix.

I'm in FIRST, and one of the botnets discussed there from earlier
this year had over 170,000 compromised windows boxes under a single
miscreant's control. Nothing remotely comparable has been seen on
the Unix side.

-- Jim Leinweber, BadgIRT, U. of Wisconsin - Madison