Information Security News mailing list archives
Vandals up attacks on Linux Web pages
From: InfoSec News <isn () C4I ORG>
Date: Wed, 13 Sep 2000 02:38:28 -0500
http://www.thestar.com/editorial/technology2/20000912BUS01d_FI-LINUX.html September 12, 2000 By Rachel Ross Toronto Star Technology Reporter Do you know which operating system your Web server's running? If the answer is Linux, there's an increasing chance your home page will be attacked. According to statistics gathered by security research group Attrition, Linux-based Web sites are four times more likely to suffer online vandalism than just three months ago. As a member of Attrition, Matt (Munge) Dickerson has kept track of defacements for more than a year. ``In May it stood at about 50 defacements to the Linux operating system per month. Then it jumped in August to over 200 defacements. When you stand back and look at the numbers that's a big increase,'' Dickerson says. Generally, online vandalism or defacement as it is called, is the work of young programmers, referred to in the online community as script kiddies. A script kiddie doesn't write his own programs to break into Web sites. Instead, he or she will use code written by a hacker to exploit a weakness of a specific Web server. That's why the attack code is called an exploit. As soon as an exploit is released on the Internet, dozens of script kiddies will use it on a myriad of sites. Once the kiddie has access to a Web site's files, he will usually replace the home page with a page of his own, usually giving his name or alias, complaining about the company's poor security and listing his or her friends and enemies. The rest of the Web site is typically left untouched. Dickerson says the increase in vandalism of Linux-based sites is partly due to poor system administration. Many administrators aren't properly configuring their servers, leave default settings intact and don't keep track of known problems with the system, he said. These problems are often easily fixed, assuming the administrator checks security Web sites for frequent updates. Evan Leibovitch, president of the Thornhill-based Linux consulting firm Starnix and director of the Canadian Linux Users Exchange, agrees system administrators need to take a more active role in security. ``Out of the box, it's (Linux) not totally bullet-proof,'' he says. ``Linux does have a very good reputation for security but the most important aspect of security is the person setting it up,'' he says. Leibovitch also says that defacement numbers for Linux may be increasing due to the growing popularity of the free operating system and the server it's most commonly used with, Apache. Victor Keong, an Internet security specialist at Deloitte & Touche, has also noticed an increase in Linux users and in attack program exploits. ``It's a natural progression. The more Linux is used, the more it's a target.'' But Dickerson says it's hard to believe that Linux has become four times as popular with system administrators as it was last quarter. In fact, statistics gathered by Internet consulting firm Netcraft show little change in the number of Apache servers used for Web sites over the past three months, though the numbers do show an over-all growth pattern in Apache use since 1995. The real increase in popularity, according to Dickerson, is among hackers. There have been a number of recent attack programs released for the Linux operating system and Dickerson says that the release dates roughly correspond to the increase in Linux vandalism. ``Now it's a matter of status,'' he says, adding that script kiddies have been attacking Windows NT operating systems for about a year now and it's just not as much of a challenge any more. ``It's bragging rights for a lot of these guys.'' According to many underground hackers, Linux is seen as a more secure operating system because it is developed by a community of programmers as opposed to a single company. As an open-source operating system, Linux's code is readily available for anyone to read and alter, so more people develop patches after weaknesses have been found, they say. If you're hoping that the whole defacement problem will just go away as the script kiddies get older, guess again. Brian (Jericho) Martin, a security expert and founder of Attrition, doesn't think defacements are a fleeting trend. ``Every day that one group fades away, two more seem to spring up to take over.'' ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Vandals up attacks on Linux Web pages InfoSec News (Sep 13)