Vandals up attacks on Linux Web pages

[InfoSec News <isn () C4I ORG>]

http://www.thestar.com/editorial/technology2/20000912BUS01d_FI-LINUX.html

September 12, 2000

By Rachel Ross
Toronto Star Technology Reporter

Do you know which operating system your Web server's running? If the
answer is Linux, there's an increasing chance your home page will be
attacked.

According to statistics gathered by security research group Attrition,
Linux-based Web sites are four times more likely to suffer online
vandalism than just three months ago.

As a member of Attrition, Matt (Munge) Dickerson has kept track of
defacements for more than a year.

``In May it stood at about 50 defacements to the Linux operating
system per month. Then it jumped in August to over 200 defacements.
When you stand back and look at the numbers that's a big increase,''
Dickerson says.

Generally, online vandalism or defacement as it is called, is the work
of young programmers, referred to in the online community as script
kiddies. A script kiddie doesn't write his own programs to break into
Web sites. Instead, he or she will use code written by a hacker to
exploit a weakness of a specific Web server. That's why the attack
code is called an exploit.

As soon as an exploit is released on the Internet, dozens of script
kiddies will use it on a myriad of sites. Once the kiddie has access
to a Web site's files, he will usually replace the home page with a
page of his own, usually giving his name or alias, complaining about
the company's poor security and listing his or her friends and
enemies. The rest of the Web site is typically left untouched.

Dickerson says the increase in vandalism of Linux-based sites is
partly due to poor system administration. Many administrators aren't
properly configuring their servers, leave default settings intact and
don't keep track of known problems with the system, he said. These
problems are often easily fixed, assuming the administrator checks
security Web sites for frequent updates.

Evan Leibovitch, president of the Thornhill-based Linux consulting
firm Starnix and director of the Canadian Linux Users Exchange, agrees
system administrators need to take a more active role in security.

``Out of the box, it's (Linux) not totally bullet-proof,'' he says.
``Linux does have a very good reputation for security but the most
important aspect of security is the person setting it up,'' he says.
Leibovitch also says that defacement numbers for Linux may be
increasing due to the growing popularity of the free operating system
and the server it's most commonly used with, Apache.

Victor Keong, an Internet security specialist at Deloitte & Touche,
has also noticed an increase in Linux users and in attack program
exploits. ``It's a natural progression. The more Linux is used, the
more it's a target.''

But Dickerson says it's hard to believe that Linux has become four
times as popular with system administrators as it was last quarter. In
fact, statistics gathered by Internet consulting firm Netcraft show
little change in the number of Apache servers used for Web sites over
the past three months, though the numbers do show an over-all growth
pattern in Apache use since 1995.

The real increase in popularity, according to Dickerson, is among
hackers. There have been a number of recent attack programs released
for the Linux operating system and Dickerson says that the release
dates roughly correspond to the increase in Linux vandalism.

``Now it's a matter of status,'' he says, adding that script kiddies
have been attacking Windows NT operating systems for about a year now
and it's just not as much of a challenge any more. ``It's bragging
rights for a lot of these guys.''

According to many underground hackers, Linux is seen as a more secure
operating system because it is developed by a community of programmers
as opposed to a single company. As an open-source operating system,
Linux's code is readily available for anyone to read and alter, so
more people develop patches after weaknesses have been found, they
say.

If you're hoping that the whole defacement problem will just go away
as the script kiddies get older, guess again. Brian (Jericho) Martin,
a security expert and founder of Attrition, doesn't think defacements
are a fleeting trend. ``Every day that one group fades away, two more
seem to spring up to take over.''

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".