nanog mailing list archives
Re: EBAY and AMAZON
From: valdis.kletnieks () vt edu
Date: Wed, 13 Jun 2012 14:42:20 -0400
On Wed, 13 Jun 2012 11:08:25 -0700, JC Dill said:
If both flavors were equally easy to exploit, according to your theory above we would see more exploits on the *nix servers. Yet server-side exploits are seen on Windows servers far more often than *nix servers, despite the fact that more web pages are served by *nix servers than Windows servers.
I suspect the *real* issue is that for really large systems, it's not so much "exploits" as "one-off customized attacks". The chances of pwning Bank of America with an off-the-shelf attack are pretty low - but finding a blind SQL injection and leveraging it are a bit higher. And given all the 'XYZ got pwned' news stories, I suspect that in fact the *nix boxes *are* being attacked - just not with COTS attack tools.
Attachment:
_bin
Description:
Current thread:
- Re: EBAY and AMAZON, (continued)
- Re: EBAY and AMAZON Barry Shein (Jun 13)
- RE: EBAY and AMAZON Keith Medcalf (Jun 13)
- Re: EBAY and AMAZON Rich Kulawiec (Jun 13)
- vulnerability and popularity (was: EBAY and AMAZON) Andrew Sullivan (Jun 13)
- Re: vulnerability and popularity (was: EBAY and AMAZON) Aled Morris (Jun 13)
- Re: vulnerability and popularity (was: EBAY and AMAZON) Owen DeLong (Jun 13)
- Re: EBAY and AMAZON Doug Barton (Jun 13)
- Re: EBAY and AMAZON Jimmy Hess (Jun 12)
- Re: EBAY and AMAZON JC Dill (Jun 13)
- Re: EBAY and AMAZON valdis . kletnieks (Jun 13)
- Re: EBAY and AMAZON Jeroen van Aart (Jun 14)