[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: survey



   Is it possible that any of the break-ins happened on boxes not
updated with latest release, security?  IOW, a cracker learnt a security
weakness and exploited it.

   The few, I saw, that was defaced were behind in release according
to the date of attack and release avail.  

   One more addition to the human factor.  By knowing that something
is secure helps relax your guards.  Just because your paranoid
doesnot mean nobody following you.

On Sat, Feb 02, 2002 at 06:52:18PM -0800, twig les wrote:
> > While that gives some possibilities, there are any
> > number of others.
> > A CGI hole, a password sniffed, a poor password
> > chosen, a root password
> > given to the wrong person, social engineering,
> > physical access, a
> > trusted user on a remote machine which was
> > compromised.
> > 
> > While you can certainly look at the statistics page
> > as a real world
> > sampling of what happens, be very very careful about
> > trying to draw
> > any solid conclusions from such sketchy data.
> 
> 
> I agree and am grateful someone pointed this out.  A
> common logical mistake is to assume that because two
> facts are related, one must cause the other.  This is
> certainly the case many times, but the implicit
> implication of a statistical analysis like this survey
> is that the OS is the reason for the break-ins.  
> 
> While I'd concede that this is a likely cause in many
> cases, I'd also call the data too incomplete to base
> any *real* assessment on it.  I'm sure anyone on this
> list can figure out at least 3 plausible alternative
> reasons why the percentages of cracked boxen ended up
> like this.
> 
> But I digest...
> 
> =====
> -----------------------------------------------------------
> Few people think more than two or three times a year;
> I have made an international reputation for myself by 
> thinking once or twice a week.
>                                       George Bernard Shaw
> -----------------------------------------------------------
> Great stuff seeking new owners in Yahoo! Auctions! 
> http://auctions.yahoo.com