OSNews

I see what you did there. You assumed that a clueless speaker, at a Microsoft conference, would speak the truth about Linux.

If Thom would've taken a moment to look around and read, say, the comments that followed the same story in The Register days ago, perhaps he'd have benefitted from other people already debunking this ridiculous report and save OSNews the embarrassment:
http://www.theregister.co.uk/2007/10/03/ebay_paypal_online_banking/

While there, he noticed an unusual trend when taking down phishing sites. "The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes," he said.

This is either utter stupidity, or FUD. Home computers are not used for phishing. Phishing is run from cheap webhosting, which may be running on Linux, but definitely not on "rootkitted boxes". If there's a rootkit on your home computer there's no need for phishing anymore, is there? It can use a keylogger and just wait for your login. Or scrape your browser cache or files for data.

Not to mention that eBay is refusing to show any proof and I personally have yet to hear of any worm or form of rootkit affecting any significant number of Linux home desktop users. And if there's no security hole to take over machines there can be no botnets built on Linux.

The whole article is a mix of innuendo and plain bullshit. It's so obvious a cheap shot at Linux that it's not even funny. It's just boring. Slow newsday, eh, Thom?

Edited 2007-10-08 01:09

The article does give the impression to me that he's either confused or talking about multiple issues.

Botnets could definitely be possible from regular desktop machines, in fact it'd probably be preferred to not only increased the load and spectrum of attack points but also to deflect the real "source", that is the group organising it.

It would be possible however to conceive the notion that if eBay was slow people would notice immediately and be suspicious. A botnet could be used to try and mask any slowness in response times. Envisage a botnet which is running a small web server one each node, and when people connect to what they believe is eBay the request is directed to their fastest neighboring botnet node to serve that request, whilst in the background these name nodes transfer the collected data elsewhere.

This is possible and quite conceivable.

Unless eBay were to release more specifics on what they discovered then we're really just guessing, but to say that they suspect every desktop as almost a matter of default, are very strong words indeed.

I also wouldn't look at this as a cheap shot on Linux. Sure Microsoft were a sponsor of the event, but there's no compelling reason for eBay to put themselves in the middle of any anti-whatever propaganda. It doesn't make any sense to me.

Is it not possible that it was merely a statement of the facts as they discovered and documented them?

Also, a lot of people myself included have taken shots at OSNews for the quality of their articles. The phrase, "slow news day" seems rather typical. It doesn't really help. I can see you've only submitted one article and that was back in 2006. Perhaps you could submit or author some to improve the quality of this site?

Cheers.

"""

"""

Unless Ebay were paid well for doing so, of course.

I'm contributing comments to put things right, am I not? It's not my job to find meaningful stories to run on OSNews, it's Thom's and his fellow editors. And there's an undeniable trend of sensationalistic trolling on OSNews for some time now. I guess they look at the comments and are happy when they go over 100 for a story and that's that.

Come on, it can't be that hard. Simply scanning my RSS feeds gives me far more better reading, there's got to be useful subjects you can pick.

Undeniable?

Little has changed on OSNews since Eugenia took it over, and now. Eugenia and I rarely, if ever, disagree over what stories to publish, and I myself haven't changed my criteria all that much either.

This story in particular is interesting because it's a major company (eBay) claiming something interesting about Linux. The fact that the securiry event is "sponsored" by MS is clearly stated by me in the teaser; if I were sensationalist, as you claim to be fact, I would have left that out, now, wouldn't I?

It's always easy to claim nonsense like you do from your armchair, but the fact that you say it doesn't actually mean it's true. What if this eBay guy had gone to a Red Hat/IBM sponsored event (they exist too!) and had said that "The vast majority of the threats we saw were rootkitted Windows boxes", would you still have complained?

I have presented this story for what it is: company A claiming something about product B, during an event sponsored by company C. That's it.

Novell must have a golden plate in front their forehead.

Relax, Thom. It is far easier for some people to bash than to actually do something constructive, like say write an article or post a link with a short intro. I did find the article interesting and plausible.

Many Linux users have adopted the same complacency that they accuse Mac users of having. "What, me worry", I run Linux so I am safe. Well, having been around in the computer world for over 30 years I can tell you, folks, it ain't so. Harder than with Windows, yes. Impossible, no.

And let me close by saying that while I find some of the articles not worth my time, I would have to say overall I find a lot of interesting leads here. I have enjoyed this site for quite some time and hope to continue to do so. Thanks to the staff.

The article doesn't talk about Linux users, but about Linux servers being used to control Phishing botnets. That you would assume that this was about people failing to secure their home Linux PCs is a perfect example of how misleading the eBay guy's statement was. Thanks for proving my point.

Relax, Thom. It is far easier for some people to bash than to actually do something constructive, like say write an article or post a link with a short intro. I did find the article interesting and plausible.

Many Linux users have adopted the same complacency that they accuse Mac users of having. "What, me worry", I run Linux so I am safe. Well, having been around in the computer world for over 30 years I can tell you, folks, it ain't so. Harder than with Windows, yes. Impossible, no.

And let me close by saying that while I find some of the articles not worth my time, I would have to say overall I find a lot of interesting leads here. I have enjoyed this site for quite some time and hope to continue to do so. Thanks to the staff.

I have one more submission than you on this site, FWIW. But I don't see how my submissions or yours have anything to do with Thom's. Unless you blame poor stories on lack of choice. "If only there were more stories to choose from, we wouldn't have to read this." Hilarious.



Turn the other cheek, Thom.

Bugger me, I could've sworn not so long ago OSNews stories were better. Either my sense of time is deteriorating in my old age, or my taste is improving. Either way, I'm not pleased. But since you don't feel that anything is amiss you won't change anything so that's that, I guess. At some point I'll give it up. I'm not saying it's gonna be a big loss for the site, I'm just saying.



I would've said something along the lines of "duh!" and complain about why it would be considered news. Because it's such an obvious fact that it begs no questions anymore.



That's not what I'm complaining about. It's the fact you chose to run it in the first place. It is poor quality, full of contradicting terms, and offers no proof. That's what we call FUD, and it comes, what a surprise, from a FUD-master-sponsored-event. I don't know about others but I call that sensationalistic or trolling.

I'm not saying OSNews has completely gone down the drain and there's nothing good to read here anymore. It's just that there seem to be a disturbing amount of this kind of articles. More than I remember there used to be. And I believe I'm not alone in that.

'k we still love you but eBay makes more from sugaring its partner relations (OpenBSD only...I could wish) and actionable advice than from quality advice; and you might pepper in some Intrusion Detection Kit and Appropriate Use of VMs advice from the quarters of the Service News Chef or Saucier's worktable.

Normally of course OSNews editorial standards call for 6 or more 'I am feeling sick' screens from various built-in OS utilities. They're not gonna fit in the icon, after all.

This is either utter stupidity, or FUD.

I vote for FUD.

Slow newsday, eh, Thom?

It's becoming a daily routine: have a peek at OSNews, discover some silly/FUDdy/flamy article, skip directly to something else (usually Gnome Files). Which is what I'm going to as soon as I've posted this comment. Sad.

Rehdon

I love it when I see Linux users becoming what they accuse Mac users of, complacent.

Three questions for you:

1) Why do you love it? Security issues such as Phishing affect everyone. I don't use Windows at home, and I'm not a big MS fan, but I'm not happy when I see Windows boxen being turned into phishing or spamming bots. That attitude seems very immature to me.

2) Who is being complacent, here? Who are these Linux users you're talking about so knowingly? If you're going to make such blanket allegations, shouldn't you learn more about the issue? Specifically, there's *no* indication from the article that Linux workstations are being used in botnets. To point fingers at Linux users (a term that pertains almost exclusively to Linux enthusiasts who have installed it at home, or those that use it on their workstations) seems erroneous, to say the least.

3) When have Linux users ever accused Mac users of complacence?

Edited 2007-10-08 15:44

Fair enough. Your response is polite and well thought out so you deserve a reply.

1. Why do you love it? - The use of the term, while maybe not completely clear, was more a slap at the irony of the situation. There is just too much smugness in all the OS camps about security.

2. Who is being complacent, here? Who are these Linux users you're talking about so knowingly? - A generalized statement is called for here. Since this is not the only site I read I only speak from my experiences overall. Time and again I have read posts about how security is not a major concern because the person posting runs Linux. And it you are honest about it I am sure you have seen many such posts.

3) When have Linux users ever accused Mac users of complacence? - I have read posts by both Linux and Windows users about this subject. In fact is is one area where I think the label might be a bit justified. I have both a Mac and A PC here and I take security very seriously on both.

While maybe not the response you are looking for it will have to do. And I will stand by my assertion that security is not taken seriously enough by many users in the Linux camp.

Well, these were probably Linux users, i.e. using Workstations. And, in fact, security is not as major a concern for Linux workstation users, because most Workstation issues are malware-based, and there is virtually no malware for Linux. So indeed, for the office/home user who does not run servers, security is a minor concern for Linux (and Mac) users, and rightly so.

For servers, the situation is completely different, and I think the problem with your posts is that you don't differentiate between servers and workstations. Most server admins *will* be security-conscious, as they shoud. Apparently there are lots of cheap web-hosting servers that are not well-protected. That is not an issue with Linux or Linux users (as you seem to claim), but rather *bad* server administrators.



I find that hard to believe...that Windows users would accuse Mac users of complacence, yes, but Linux users? You could say Linux and Mac users are equally complacent, because neither of them has to deal with the constant threat of malware - and as long as they don't run servers, they can indeed allow themselves to worry a little less worried.



The answer was all right, but you really need to address Servers and Workstations separately, because many of your comments seem to target "Linux users", which suggest workstation users (servers having admins instead).

I disagree with you on your assertion: I think most Linux people are security-conscious. I know I am, perhaps that clouds my judgement, but then again I run servers so I *have* to know. A Linux (or Mac) workstation is quite safe (though a router/firewall is always a good idea).

I don't run linux, but I frequent slashdot, which is full of linux users and linux advocates, and while a handful of slashdotters dismissed this info because the ebay guy was speaking at a Microsoft-sponsored event, by and large, most slashdotters agreed with the info:
http://it.slashdot.org/article.pl?sid=07/10/05/1234217

And I never saw any of them "debunk" it at all.

I was thinking that it was not exactly so, but not with so much ad homiem. Phishing is still likely under a rooted box because it can phish out email/hosting attacking other people's credentials (not so much machines.)

Linux VMs under Vista distros (cough), for example. OS X distros somehow seemed like a blind alley.

It would be a nice punchline to say it was just 2 beowulf clusters of 320-core cards IBM was testing they've locked down now.

Certainly if they want to release any information which would help an punter (or admin) run an IDK or ICE or antivirus, it would help to drop a partial tell; correspondingly:
-http server ident?
-linux Apache server tells?
-they misheard LAMP as LIMP and expanded it to _LIMP is no phisher_ after best practices....?
-English (Fr/Sp/Ch/Ko/Vi/Pr/Ge) grammar!!!LOLZ
-Does this count the banks sending us blank checks and pre-credentialed credit applications in the mail?

Actually, the most common attack vector for these so-called 'rootkits' are just code injection/php-injection attacks on badly-written web-software. The sort of thing that PAX and SELinux can defend against, but the SSH/Root usage stuff is not a common vulnerability.

pbkac, or there about?

"pbkac, or there about?"

More like 'pbkaa' (problem between keyboard and Africa).

*no offense meant to any Africans of course.

IMHO the "pbkac" theory never holds water when applied to security.

Anything designed for the "average" user (and not limited to people that are trained and/or knowledgeable and/or experienced) needs to have security systems designed for the average user.

You can complain that an OS designed for trained users is marketted towards average users. You can complain that an OS designed for average users doesn't have enough security for it's intended market. You can't blame average users when they use an OS marketted towards average users if the security isn't designed for average users, which is what you're doing by claiming it's a "pbkac".

The real question would be, if distributions like Ubuntu aren't secure out of the box, then why aren't they?

the problem is that for a average user, a compromised computer is bad even if its not fully rooted, as it had most likely already spilled anything the user had stored in its personal account.

question is, how to separate network activity from personal activity without having to annoy the user with context switching or access barriers.

remember, this is people that want to upload just about anything onto places like facebook or myspace. and download random stuff for their desktop, like pretty screensavers and pointers.

this kind of use just flies in the face of any sense of security what so ever.

There are problems, but it's a matter of perspective - are they problems with "bad users" that should be ignored, or problems that OS designers and researchers should be trying to fix (or even problems that should've been fixed already)?

As more and more of the world starts using computers & the internet, the number of trained/experienced users is decreasing. You can't *assume* the user isn't an idiot.

One method may be to detect anything that might compromise security (e.g. downloading any executable from the internet onto your desktop and trying to run it) and then switching to "tutorial mode", where the user isn't allowed to continue until they've correctly answered some test questions (and read any of the provided educational material necessary for them to answer the test questions correctly). Once they have answered correctly (and demonstrated an understanding of the security issues involved) the specific tutorial would be disabled so it only annoys people once.

I'm also thinking that the time has come for root/administrator to be locked out of most applications - games, email, web browsers, peer-to-peer file sharing software, etc. Give them just enough access to do administration tasks and read help files and nothing else, and make normal users hate logging in as root/administrator.

Of course these are just ideas from the top of my head - I haven't thought about them much, but surely there are better ways of either securing systems or educating users than are currently in use.

The point is that ignoring the problems or dismissing them as "pbak" won't make the problems go away.

dismissing the problem isnt what im attempting to do. rather, its showing that even with all the advances that have been done, the weakest link is still the user.

also, one does not need to be root to run a spam bot. it can just as well run as a user process.

thats the big problem, that one really dont need root to do some damage. these days, a lot of juicy data is stored in the users home area.

in the end, the question is, can you protect the user from himself?

That, considering the minuscule installed base of users that don't understand security running Linux desktops, probably isn't the case. More likely, this problem is stemming from compromised web servers running Linux, which weren't secured properly.

Actually, no. The problem that created botnets is the lax security and the monoculture of Windows. It is Windows machines after all that are the bots.

Even if it is true that Linux machines are being used for botnet command and control (debatable), that is almost irrelevant. There would be no bots to command or control without Windows.

I get this impression as well. It's by no means impossible to root a remote Linux box if it isn't properly patched. But it is prohibitively difficult to root thousands of remote Linux boxes using a sufficiently automated attack vector. There's simply not enough monoculture within the Linux community.

I'm not sure whether the eBay guy (intentionally or otherwise) misled the journalist or if the journalist was trying to sensationalize the story. I'm guessing the former, since the Symantec guy told a much more believable story: that the vast majority of botnet command and control boxes run Linux, but an even more pronounced majority of bots run Windows.

Once again, I won't deny that the Linux community isn't where it needs to be in terms of security. SELinux and AppArmor, once smoothly integrated with Linux distributions, will be a big leap forward. However, for the time being, Linux is much more attractive as a platform for hackers than as a target.

Before anyone accuses these Linux-using hackers of attacking Windows as a form of OS zealotry, it's important to understand that the world is chock-full of mercenaries whose only loyalty is to whoever signs their checks. Whether they use Linux or AK-47s is irrelevant--it's international warfare for hire, the world's most lucrative industry until being overtaken by fractional reserve banking. Together they represent the ultimate threat to peace and prosperity.

Yeah, LOL, saying that this was said on a "Microsoft-sponsored security symposium", this takes all credibility from the statement, so, this is false, do not believe this piece of FUD. Also important to notice, "the company is not releasing the results of this analysis" why? because it is false. So long, and thanks for the good laugh of a non-true article. OMG, I thought today was April fools.

I can completely agree to your statement. Seems very obvious and typical. I just wonder why eBay got into there.

"OMG, I thought today was April fools."

Erm... no, it's my 1st anniversary today (joined one year ago). Yippee. Great present, MICROS~1, really great, gotta download an update of MSTRUTH.EXE soon! :-)

Statement of the day: Phisher's Phritze phisht phrishe phishe. =^_^=

Edited 2007-10-08 03:01

"...really great, gotta download an update of MSTRUTH.EXE soon!"

Just make sure you get the latest version as it changes regularly...

"Just make sure you get the latest version as it changes regularly..."

There were rumours that claimed the MSTRUTH.EXE would come with a built-in self-updating update using the 1984's "room 101 algorithm" for three, four and / or five fingers. :-)

I think the issue is made worse given that there is no evidence used; the other question; if the 'study' (quotations deliberate) found Windows to be the single vector for phishing, would it have been mentioned?

Until the raw data, how the data was collected and conclusions drawn - its nothing more than an exercise of a said company using information in such a way to suite and agenda.

Its like when a government claims that 'crime has reduced' but never mentions which metric is actually used.

WTF? Is it my fault if you don't like to hear the truth?

Name one (1) instance where I have "put down others" without there first being an attack from them on what I said, and without the facts supporting my point.

As far as rootkits on Linux goes ... yes indeed, there are rootkits for Linux. That is why there exist utilities such as chkrootkit and rkhunter.

http://en.wikipedia.org/wiki/Rootkit#Detecting
http://en.wikipedia.org/wiki/Rkhunter
http://en.wikipedia.org/wiki/Chkrootkit
http://www.rootkit.nl/projects/rootkit_hunter.html

Over.

Correction. Most default Linux distro's nowadays (not to mention other Unixes, such as BSD's or OS X) are very secure nowadays. They are secure, no need to be made so by installing a firewall, antispyware, antivirus, then pray while Windows installs the latest security patches, then keep your fingers crossed for the moment a work still manages to break in remotely, in spite of all these.

How do Linux or BSD or OS X manage it? Very simple: they don't come with anything listening for network connections out of the box. Basic idea that eliminates the need for all the defences. Why should anything listen to remote connections? If I need to enable daemons, most of them will work fine listening on the loopback interface. If I do need to enable something, they're usually solid pieces of software and, more importantly, patched very fast as soon as a vulnerability appears.

How do Linux or BSD or OS X manage it? Very simple: they don't come with anything listening for network connections out of the box.

You must be extremely knowledgeable about Linux and BSD distros to speak on behalf of all of them and all their versions... Most distros have just as many ports open as Windows, if not more.

Obviously however, some distros are more secure than others.

I seriously doubt it. If for no other reason that the fact it defies all logic. Why would they? They'd gain nothing by shipping default installs with open ports. There's nothing that can't be enabled easily if there's a need for it (sharing printing and files, most likely). Shipping an OS with open ports for no serious reason is stupid.

Do you have a source for that? It seems that most popular distros (i.e. the ones newcomers are likely to use) come with very ports open. Ubuntu, for example, ships with no open ports on public interfaces.

The trouble is that some software is inherently vulnerable by design (i.e. PHP). Unless SELinux or AppArmour is installed and very carefully configured, any bug in PHP software running on the server can be exploited to run code (Not a 'rootkit' but the guy's allowed to get it slightly wrong).
This happened to us, and the only way it was detected was by running a scheduled anti-virus (actually anti-malware) scan on the box.

Programming languages like PHP are not "vulnerable by design". They are tools that enable programmers to do stuff, including to provide points of entry for hackers. It's like blaming the knife for the murder because "it's sharp".

Face the reality: you are giving a person the possibility of designing an interface visible to the world and with access to the guts of your machine. My first thought in such circumstances would be "it had better be a damn rock solid interface, with no possibility of cracking".

Bad programmers are a security risk, but instead of getting better programmers who design secure from the ground up, people prefer to blame the language or use symptomatic treatment. Scanning for viruses or malware is simply wrong from a security point of view. You'll never keep up with all the malware and you have to do it again and again with no guarantee for success.

Media is partially to blame for this. We've become complacent. We consider malware and break-ins the norm, just because Windows has accustomed us to it and because the antivirus companies are parasites who live off the malware and security issues with Windows. And the media blames hackers and worms and botnets, but never the bad engineers who designed software that is so easy to crack that mindless bots can do it.

And I don't see why the guy's "allowed to get it slightly wrong" when he's making such allegations. If it was a unified entity he was targeting, such as a company, he'd be asked to retract by now or face a lawsuit for baseless defamation. The article was a bunch of nonsense glued together in a haste.

In all fairness, the numbers here doesn't quite add up.
How can the majority of threats be from an OS that supposedly has a very small market share, does not have nearly as much malware and isn't usually a botnet's bots?
When you then weigh in the fact that he was talking at a *Microsoft* sponsored security symposium and that we are told nothing about how this data was acquired and measured it does not paint a pretty picture.

The Symantec guys comment seems more anchored in reality:
"We see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based."
I have no problem believing that but that Linux is the dominant botnet bot? No.

Also, eBay and security? That's gotta be a joke, right?

You're assuming that people are commonly breaking into boxes by guessing passwords.

> You're assuming that people are commonly breaking into boxes by
> guessing passwords.

Why do you think so? After all, I'm blaming password-based security in general to be vulnerable to phishing attacks, and proposing alternatives where phishing is both harder (the advice to enter one's password *only* into the trusted physical boxes is much easier to follow than the advice about where to enter one's ebay password, especially in the light of fake ebay homepages) and less useful (the password is worthless without access to the physical key, e.g. an USB stick or magnetic card).

If guessing passwords was that easy, phishing wouldn't be necessary.

the ebay representative said that when taking down phising sites, -"the vast majority of the threats were rootkitted linux boxes", he said nothing of the general windows/linux rootkit infection ratio.

later in the article, a Symantec representative said that -"we see alot of linux machines used in phishing", -"we see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based."

indicating to me that linux boxes are a minority of infected machines but are more frequently used to control the large botnets which consists mainly of infected windows machines.

so basically linux is a great os to use when administering a large group of windows boxes, there's some good linux advertising in here somewhere.

Without any meaningful data, everybody is speculating about the announcement. And while you can manage Windows machines with Linux, I can do the same thing with Solaris 10 (I do this everyday from my Sun Ray using Solaris 10), so I wouldn't say that Linux has a unique advantage here.

Actually, there's an excellent reason. They don't exist.

It's a bit confusing actually. At one point the article implies that it is regular users who don't even know their boxes are compromised. Later on, it describes the phishers as setting up Linux servers to run botnets. Given that pretty much any Linux box can be configured as a server, I went with the assumption that it is home users who are compromised. After all, any enterprise Linux administrator worth his salt will have already hardened his company's machines against rootkits and such.

I'm sort of responding to myself, and sort of just making a general comment to this story:

The Linux boxes in question are most likely running a WWW server through which they have been compromised. Perhaps due to poor PHP coding skills or some such. Anyway, those compromised boxes are most likely not part of any botnet but rather used to control such ones. And also, those boxes could well serve as phishing sites. But the things to note here are that almost all Linux WWW servers are running Apache and Apache could just as well be run under Windows. Someone running buggy PHP code on Apache doesn't mean either platform is any less secure by itself, it just means that buggy software on ANY platform makes the whole system vulnerable.

As for home user Linux boxes..Well, I much doubt there are many, if at all, compromised home user boxes. The fact is that most distros aimed for the average user DO NOT ship with services like SSH or WWW enabled, or maybe even installed at all. An average box wouldn't even have any ports open so it would be practically impossible to attack one without having physical access to it. Also, I atleast have never seen/heard of any Linux malware spreading via email or such whereas I frequently get mail from f.ex. "Windows Update" telling me to update my software by installing the attachment.

So, this eBay guy saying compromised Linux boxes are their biggest threat...Well, he must have gotten something completely screwed up. I'd figure the thousands of compromised Windows boxes working as part of a botnet are the single biggest threat whatsoever on the Internet. Even just thinking about the numbers..how many Windows boxes are there? Compared to the far fewer number of Linux boxes?

PS. I'm not saying Linux is invulnerable, I'm not saying this is some sort of MS PR (I don't believe this has anything to do with MS actually) or such, I'm just saying it's very improbable that any botnet would have even 30% of it comprised of compromised Linux boxes..

That's a very nice (and long) rant. Only one problem with it: complete lack of evidence. Show me the proof. I want to see a serious threat that's exploiting all these many hosts and CMS's you argue are out there, waiting for mayhem.

There is none. Oh, there are small outbreaks occasionally. At some point there were scanners using Google to pick up phpBB forums and try to exploit one vulnerability automatically. It went away with the next round of updates. Nowadays all I see in my 404 logs is stuff like /_vti_bin/owssvr.dll or /MSOffice/cltreq.asp. Funny, that.

There's not likely to be any major outbreak in the conditions you outlined. Two reasons, both coming from natural evolution laws. (1) The Linux/BSD Internet medium is too varied and you can find almost nothing widespread enough to be worth attacking. This is a basic rule of agriculture: vary the crops and should one or two fall ill, the rest will survive. (2) The few pieces of software that are widely used got this way because they underwent a lot of toughening up. It's the law of evolution. They are used in a lot of places because they're tough and secure. Unlike the world of clueless home users, the business world is pragmatic; it won't use unsecure software for long, if they want to stay in business.

It happens all the time. Constantly. I just looked at zone-h's attack archive and just today I see hundreds of defaced sites running on Linux.
While this is more likely due to bad PHP or other dynamic website programming errors it's still a site running on Linux.

So what does that tell us? Nothing. No useful information. The same goes for worm writers. A "crew" who defaces sites approaches each one on a case by case basis and there's humans doing the breaking in. Bots have to be automated and need an omnipresent, identical vulnerability in order to spread. But there isn't any. With Linux, you don't get world epidemics, just minor colds or a flu, at worst.

Good points overall that applies to *any* hosting service, whether they use Linux, Windows or whatever.

This does not make a difference for botnet bots though. The advantage of botnets is power by numbers and each bot does not need a lot of bandwidth. In fact, the less bandwidth is uses the better since that will make it less likely that you're discovered.



This is a big secret? Just look at any defacement archive and you'll see a LOT of defaced and otherwise compromised Linux hosts.
Note that defacement is very different from being able to use a host for attacks though. A properly configured hosting service does not become "owned" just because an individual site is compromised. Then again, there are a lot of bottom-of-the-barrel hosting companies these days.

Here's my responses:

1. If you want to use machines for DDOS attacks, Web Host machines make the best ones.

2. On most Internet web sites, these types of vulns (crap CMS systems) are glossed over.

There ARE a lot of bottom of the barrel, as you say, hosting companies these days. Many of them actually are nothing more than a few co-lo'ed servers in another web hosting company's data center, and are not run by the sharpest tacks .

Everything you've described has to do with treating the symptoms and is NOT good security. It's a diseased mindset that stems from using Windows for too long. Please read this to understand your many errors:
http://www.ranum.com/security/computer_security/editorials/dumb/

Linux (or BSD, or OS X) are more secure because they do not offer outside listening daemons with a default install. This way, even if the system is out of date, nothing can enter. That's all.

Thanks, just printing the article you mentioned. :-)

"Linux (or BSD, or OS X) are more secure because they do not offer outside listening daemons with a default install. This way, even if the system is out of date, nothing can enter. That's all."

I think this depends on the Linux distribution or the BSD variant (PC-BSD / DesktopBSD). In order to make the user feel more comfortable, some services are enabled, usually services to interoperate with "Windows" services. The "more basal" services such as WWW, SSH or FTP are not enabled by default, fortunately, because users who want to use these services are smart enough to enable and configure them by theirselves, I assume.

Compared to that installing antivirus, antispyware and a firewall in Windows seems like a small task

What I mention is mainly for Linux servers (though I do it on my desktop because I have potentially unsafe network services enabled). Securing certain network services like OpenSSH also help.

SELinux and Exec-Shield provide coverage for network daemon by default in Fedora and there are plenty of resources for those interested in securing critical apps by making their own security policies.

On Windows there is a very similar set of tasks that should be completed. There are anti-rootkit apps for Windows, NTFS ACL permissions to check, UAC to enable, spyware and adware to scan, event logs to check, so on.

What "issue" are you talking about, exactly? Because what I've seen so far is a glaring lack of evidence and some (I believe intentional) confusion over how Linux is involved.

What the eBay guy seemed to imply was that rooted Linux boxes represented the "majority of threats", but in reality it seems that the actual bots are still virtually all Microsoft boxes, and that the botmasters use Linux servers (not clear if they are actually rooted) for managing the botnets.

I agree with others, the way this was presented seems like a deliberate attempt to mislead the public with regards to the vulnerability of Linux. In this context, trying to then put the spotlight on "the Linux community" for not responding well to this *alleged* issue seems downright dishonest.

I find it amusing that you simply cannot believe that linux boxes can be owned. Aren't Linux boxes run by naive admins just like Windows boxes? Why is it inconceivable to you that people misconfigure their apache installs and have their boxes taken over?

Anecdotally, I saw a linux box of a close friend get taken over by an Australian hacker who was using a vulnerable (perhaps misconfigured) apache module to access my university's online research facilities. It happens all the time.

Frankly, if I were running a large organization that is heavily attacked, I'd prefer to run Windows these days while following the usual practices of isolating pieces of the network and keeping things as locked down as possible while allowing my users to get their work done. Consider that Microsoft itself runs Windows and uses it to guard their source code and other assets. It has undoubtedly one of the most remotely attacked networks in the world, yet we haven't heard of any breaches in their security for a long time. It's also used in the DoD and in many banks. If it were so easily hacked as people claim with comments about "swiss cheese security", we'd have serious economic problems right now and everyone would currently have access to the Windows Source.

For the end-user, I often recommend Macs because there are fewer social engineering attacks for them than there are for Windows.

Edited 2007-10-08 02:34 UTC

Way to misrepresent what I said. Linux servers can be hacked, of course. The issue is that what the eBay guy said is misleading: bots are still by far almost exclusively Windows PCs. That hackers use Linux as their OS of choice to control the botnets doesn't say anything about Linux security in itself (if anything, it shows how easy it is to "administer" multiple remote machines with Linux).

Even if the "command and control" servers are in fact compromised boxes - and the article isn't clear on that - there is not *anything* in this that could suggest that home Linux users are seeing their PCs being compromised.



Yes, well that would no doubt be due to your oft-demonstrated anti-Linux bias (despite your misleading nickname).



So is Linux. What's your point?

Forgot to include: I'd use Windows on the desktop in a heavily-attacked organization.

Windows desktop software is used in those organizations far more than Linux. Who knows what EoP vulnerabilities lie in X and all of its paraphanelia?


Oh, and my nickname was chosen a couple years ago. At that time I was on Linux and was looking into how to write a basic OS. I got around to it much later, but by then Linux had lost its charm for me. I wouldn't say I'm anti-Linux. But I am against Linux triumphalism and the arrogant claims of superiority in some parts of the Linux community (especially a number of Kernel devs). Linux is an incredibly fast and flexible kernel (more so than NT, Solaris, or Mach), but it is not the best one out there for all purposes. It's a great resource for learning, but I don't consider it innovative, or even well-engineered.

VMS/NT was the last generation of Operating System innovation, and Singularity is likely to be the next. The open-source community is living in the past and the present, but does not seem to be investing in the future.

Edited 2007-10-08 05:55 UTC

As long as those desktops are not exposed to the wider Internet, this would be OK I suppose.

Expensive, hard to maintain, requires a large IT support staff, makes the organisation subject to BSA audit and requires extra staff to keep track of license compliance & IT inventory, prone to require expensive forced updates for hardware and software every few years, high risk of "orphaning" older documents due to extensive use of proprietary formats which are deliberately and rapidly made obsolete, probable need for user retraining because of "new improved GUIs", severe lack of interoperability with other platforms, non-compliance with ISO standards, and make the organisation locked in to a critical sole-source supplier ... but otherwise OK.

Edited 2007-10-08 06:21

I'd use SELinux, though that is irrelevant. You want to protect your outer periphery, i.e. servers facing the Internet. What you use on desktop software is not really relevant.



Source, please.



Yeah, and Iraq had WMDs, right? That's textbook FUD: you don't know that there are vulnerabilities in X, but you insinuate that there are, without any proof whatsoever.



And that warrants your bias against Linux? What about just telling the truth, even if some kernel devs are hotheads? If an arrogant, obnoxious person screams "2+2=4", does the fact that they are dislikable mean that 2+2 no longer equal 4?

It's not "triumphalism" to defend Linux when it is *constantly* attacked by Microsoft. You want a less shrill environment? Put pressure on MS to stop the OS cold war, and to truly embrace coexistence and interoperability. Then you'll be true to your nickname.

You're burying your head in the sand and denying that vulnerabilities exist when you have no idea how things are tested. You seem to have no idea what kind of scrutiny XOrg recieves, but you're willing to compare finding bugs there to finding WMD in Iraq. The difference of course, is that WMD are created intentionally while bugs crop up on their own by accident. Take these two in the X Font Server, for instance: http://labs.idefense.com/intelligence/vulnerabilities/display.php?i....

The first bug mentioned is an honest mistake. Integer overflows are hard to spot and the only real way to eliminate them is rigorous use of a checked integer library like SafeInt for buffer sizing with static code analysis to make sure you didn't miss any places.

The second bug may be a real design mistake. Letting people remotely swap an arbitrary number of bytes on the heap is not a good idea.

I was making that insinuation about X EoP attacks with this recent bug in mind. I also suspect that X doesn't get nearly as much scrutiny from *nix security researchers as Apache or Samba. And XOrg is in a serious state of flux right now, so new vulnerabilities can arise as the code is refactored and extended.

My point is that your arrogance about Linux security is unjustified. Sure, bugs get fixed quickly after they are reported, but how long do those fixes take to get to the corporate desktop? Also, how long can a zero-day attack last in the Linux world? Microsoft has nothing to celebrate here because their track record was piss-poor before 2003. Things changed there at that time and now they're pretty paranoid about security. How paranoid is the linux crowd? They're certainly not like Theo's gang at OpenBSD.

First, I can't be arrogant, since I haven't actually made claims about Linux security. So that would make you ignorant, I guess.

Second, you try to argue that Linux can be attack because of an unexploited vulnerability in XFS...how is *that* related to the current discussion? Are you talking about home PCs or servers? Why focus on Linux? Solaris, the BSDs and other Unix systems might also use XFS. Are these systems insecure as well, from your point of view? OpenBSD *also* uses XFS as part of X, does that make it insecure by your definition?

Again, you show dishonesty by claiming that I somehow think that Linux has no security problems ever (when I believe nothing of the sort). Linux, like all OSes, has security issues, and software that runs on Linux also sometimes has issues. That has *nothing* to do with the current discussion, which is whether or not Phishing botnets are made mostly of Linux boxes, as the eBay guy insinuated, or if this is yet another PR job to convey the false notion that Windows is more secure than Linux.

"Consider that Microsoft itself runs Windows and uses it to guard their source code and other assets."

Really? How do you know that? Do you work for Microsoft?

What else do you think they use?

You don't have to work there to know that they use Windows for everything they can.

Except windows update, which funny enough has run on Linux servers for a long time now.

Interesting... that might well be Akamai or some other edge-networking company.

In the past, Microsoft definitely used Digital PDP and VAX machines for "server" roles. They also used their own Xenix version of UNIX (reportedly it was one of the better ones of the day). HoTMaiL was run on FreeBSD when it was purchased (and used as a testbed for deploying an at-the-time unready Windows Server system).

Whoooooooooo boy, that's a biggie. I don't think so.

http://www.google.com/search?hl=en&q=%22homeland+security%2...

4 million hits.

... let alone the admission from Microsoft itself a few weeks ago that Windows Update has a backdoor into Windows ...

Edited 2007-10-08 05:40

"I agree with others, the way this was presented seems like a deliberate attempt to mislead the public with regards to the vulnerability of Linux. In this context, trying to then put the spotlight on "the Linux community" for not responding well to this *alleged* issue seems downright dishonest."

What implications can be seen in this attempt?

1. "Linux boxes are a threat, because they're rootkitted and running bots."

If proven to be wrong (see opinions above), there's more:

2. "Linux boxes are a threat, because they're used by criminals to gain control over poor 'Windows' boxes that are running bots."

Does this imply Linux users to be criminals because they're using an OS that's used to control criminal actions? Using the same "logic", cellphone users, car drivers or other users of common means can be looked at like at criminals...

So, following this logic some more, "Windows" users are just victims - the Linux users are the evildoers?

So, are you saying that Microsoft is funding/training crackers to use Linux to attack other boxes, to give Linux a bad name as a crackers operating system? And if so, they could argue [to the US government or whoever], that Linux encourages unlawful activity, and on that basis alone it should be forcibly outlawed?

I really hope that's not what you're saying...I'm a conspirationalist at the best of times, but not even I'd go that far lol...

Dave

"So, are you saying that Microsoft is funding/training crackers to use Linux to attack other boxes, to give Linux a bad name as a crackers operating system? And if so, they could argue [to the US government or whoever], that Linux encourages unlawful activity, and on that basis alone it should be forcibly outlawed?"

You've got a strange mind, Sir... :-)

"I really hope that's not what you're saying...I'm a conspirationalist at the best of times, but not even I'd go that far lol..."

Don't mind, I didn't want to say this. Your ideas are interesting. Have you thought of getting employed by the MICROS~1 interoperability and security team lately? :-)

To be serious again: It seems that MICROS~1 is using third party statements (i. e. eBay) to bring Linux into miscredit, claiming it's used by (unspecified) evildoers in an (unspecified) criminal way. I had a great laugh reading the article. As a sidenote, it mentiones Linux security issues (rootkits etc.), but, as it has been said before, "Windows" boxes (or, their lack of security, and / or the lack of proper administration) are the real threat to the Internet. Of course, you can make a Linux box insecure, too. But this seems to be much more complicated, and it does not pay because Linux has not enough oh joy oh market share.

I don't think MICROS~1 encourages anyone to use Linux as a means for a criminal action, because it tries to convince everyone to keep hands off Linux in any way. Thus said, it would not give training to persons in order to take over "Windows" boxes, this seems to be easy enough. But a cool imagination, though... another anniversary present for me, thank you. :-)

As I understand it, a botnet relies upon there being a large group of vulnerable computers all connected to the Internet, all similarly configured and all vulnerable to remote exploits. A botnet relies on the existence of a "monoculture" of computing platforms. The machines targetted to become bots must all have the same binary-compatible software base installed, and they must all be the same computer architecture.

http://en.wikipedia.org/wiki/Botnet

This means that the machines that are the actual "bots" are necessarily ALL Windows machines. (Note: this fact does not mean that the small number of botnet command and control machines are, or are not, Linux boxes).

In the phrase from your post where you say you don't need to have included the word "virtually".

The argument that the botnet command and control computers are Linux machines is somewhat strengthened by the observation made in the quoted Wikipedia article to the effect that:


Edited 2007-10-08 02:56

Thanks for the clarification. So now we know that bots are *all* Windows PCs, and yet the spin we're seeing is that Linux is somehow equally (or even moreso) to blame.

God, Microsoft's PR machine makes me sick...

"Thanks for the clarification. So now we know that bots are *all* Windows PCs, and yet the spin we're seeing is that Linux is somehow equally (or even moreso) to blame.

God, Microsoft's PR machine makes me sick..."

You're either easily sickened, or want an excuse to claim that you're sickened.

If you read the article, you'll see that there are three people saying different (possibly contradictory) things from their own points of view, that's all. There's no "Microsoft PR machine" at work here.

The article has a link to the "Microsoft sponsored symposium's" site:
http://www.scu.edu/sts/trustonline/

Read the list of speakers and contributers. Are you (and the rest of the folks dismissing this on the basis that the symposium was sponsored by Microsoft) making the charge that that they were all paid off by Microsoft to spout Microsoft PR? The list of speakers includes very serious minded security people; I'd be very surprised if any of them were paid to spout Microsoft PR. Are you saying that they are serving as paid Microsoft shills?

Edited 2007-10-08 08:18

No, I am certainly not saying this at all, and I resent you insinuating this, though I'm not surprised, considering how low you're usually willing to go to defend Microsoft. I was referring to the eBay guy's comment, and to how this is being recuperated by some to somehow insinuate that Linux has big security problems.

Oh, and "slashdotters are agreeing with this?" This is at least the third time that you use this particular logical fallacy here. Once upon a time the majority of Europeans believed the world was flat - that didn't make it so. Look up "argument by popularity" one of these days.

Again, my exception is with the insinuation that somehow large numbers of Linux boxes have been hacked as part of botnets. I still haven't seen anything to corroborate this, and your usual PR-worthy talk hasn't changed this a bit.

"No, I am certainly not saying this at all, and I resent you insinuating this, though I'm not surprised, considering how low you're usually willing to go to defend Microsoft. I was referring to the eBay guy's comment, and to how this is being recuperated by some to somehow insinuate that Linux has big security problems."

Oh, you "resent it", eh? You have some gall being resentful of anything *I* have to say, considering how often you've insulted me personally on this site. Which you continue to do with even the above comment, I might add.

Now, you say that you "are not saying at all" that the ebay guy or any of the speakers/contributers of the Microsoft sponsored symposium at Santa Clara University were paid to or directed to say whatever they had to say. You're only upset about the spin on what the guy said, that such spin is due to the "Microsoft PR machine" that "makes you sick" right? Where in God's name do you see any Microsoft PR machine at work here? The article in question wasn't written by Microsoft. The two places where I've seen stories on the article (slashdot and OSNews) are not controlled by Microsoft (and indeed, the former hates Microsoft unabashedly). The article in question quotes another person from Symantec saying that he sees things differently from the ebay guy. The article also quotes someone else as saying root-kitted linux boxes are highly-prized by the hacker community because linux is easier to control/administer remotely, but he says that as a *positive*. How can you say that the ebay guy's comments are being spun by "Microsoft PR" machine that "makes you sick" when the story they appear in wasn't written by Microsoft, provides alternative points of view from that of the ebay-guy, and Microsoft doesn't control the web sites that have made topics regarding the article?

You're finding the bogey man where he ain't.


"Oh, and "slashdotters are agreeing with this?" This is at least the third time that you use this particular logical fallacy here."

At least the third time? I'd have guessed that I've used that argument well more than that. LOL
I cite slashdot comments because:
A. I frequent the site.
B. Slashdotters know way more about linux than I.
C. Slashdotters are linx and open source advocates.
D. Most slashdotters despise Microsoft.
What this means is that I can readily cite slashdotters opinions as "expert" opinions on a particular subject (i.e. Linux usage) and know that such opinions might have some credibility among linux advoactes and Microsoft haters that overwhelm OSNews, since they generally have the same outlook (loving linux, hating Microsoft). Normally slashdotters agree with the linux-advocates and/or Microsoft haters on OSNews, but when they go against their own "conventional wisdom", I find it interesting to post on that.


But here's the much more important thing regarding my citing slashdot comments:
There's no "logical fallacy" at work here, as I didn't say that the fact that slashdotters said something was in itself proof of anything. Rather than just saying, "well slashdotters said ...", I provided the actual link to the slashdot thread on this story so that readers here could actually read the comments, and see that the statments made by the ebay guy are backed up by technical arguments and personal experience presented by many linux users, and indeed, many linux *advocates*.

Since you didn't refute any of the evidence presented in the slashdot thread, and instead searched for a reason to dismiss that evidence (just as, much to your relief, you found a reason to dismiss anything anyone said at this symposium), I'm going to make the assumption that you didn't bother to read the slashdot comments (probably too scared, preferring blissful ignorance).

Linux and/or the services that people run on it, ain't "perfect". Know that. You ain't doing Linux any favors by living in denial about that.

BTW, I'm curious about something. You've yet again referred to my posts as "PR-worthy". I have a couple of questions about hat. First, Is that a meant to be a compliment or an insult (or both)? Second, what are your criteria for posts to be "PR-wotrhy"? Just out of curiosity.

Edited 2007-10-08 17:07

(Just wanted to say that MollyC's post here was very good.)

I haven't insulted you. I've asked you if you were working for a PR company that has MS as one of its clients, and when you didn't answer I took that as an admission of guilt. Now you're being oversensitive, though I suspect it's just an act to avoid actually having a reasonable debate - you don't really feel insulted, but you claim to be in order to give you some advantage in this particular debate.

That still doens't change the fact that you ascribed me a position I did not have in this particular debate.



Where did I insult you? I simply stated that you *always* defend MS - and indeed, you always do. Since when is telling the truth insulting?



No, I don't believe the eBay guy was paid to do this. That doesn't mean that there isn't a strategic incentive for him to help Microsoft. Even then, the PR work is not necessarily what he said - he could be simply mistaken - but rather the fact that people are trying to spin this into a negative report card for Linux (when there is no real indication that hacked Linux boxes form an important proportion of botnets). *That's* the spin that sickens me - and it doesn't matter if someone is paid by MS or not, they are doing its PR work when they spread this misinformation.



You should stop, because that's not a valid argument, but rather a variation of Argumentum ad populum:

http://en.wikipedia.org/wiki/Argumentum_ad_populum



B, C and D are nowhere near as true today as they used to be. Many Slashdot readers are MS users and pro-MS posters. I know, because I frequent the site as well.



"Overwhelm" OSNews? Hardly. I, for example, do not hate Microsoft - I just don't feel the need to defend them all the time.

Anyway, you've just summed up why you shouldn't make these kinds of arguments - because it's not arguments at all. Rather, it's your *own* appraisal of what *some* people on Slashdot think. Combine that to the fact that popularity of an opinion does not make it more or less valid, and you've got a very weak position to stand on. So rather than claim that "Slashdotters agree" (which would require some hard numbers anyway, which you have failed to provide), instead address the actual declaration by Cullinane and its misrepresentation by anti-Linux advocates.




Then why mention it at all, then. If you saw a good. *on-topic* argument on the slashdot thread, then why not reprint it here, rather than sending us to the comment section of another web site (which is a bit rude to the OSNews editors)?



I'm sorry, but I'm not going to read a whole thread just to humor your. You want to bring an argument, bring one.



Scared? Why would I be scared? Contrary to what you claim (in your usual dishonest way) I do not think that Linux is invulnerable. I simply stated that what Cullenane said was dubious and led to easy misinterpretation.

I didn't bother to read the Slashdot thread, because a thread isn't an argument. If you want to present arguments, go ahead, but don't expect me to sift through an entire thread on another site - I don't have that kind of time to waste.



Again, you dishonestly misrepresent my position. Strawman argument, Argumentum ad Populum, Appeal to Authority - you really like logical fallacies, don't you?

I know Linux isn't perfect. I know insecure server installs exist. I believe I know a *lot* more about Linux (and Windows) security than you do. That is *not* the point. The point is the ambivalence in Cullinane's declaration, and how it is recuperated by anti-Linux advocates doing MS' PR work for it, free of charge.

The issue is how we handle a problem like this, that means the way we respond, our comment's, who we blame, who's really at fault, IS my issue.

Deny it all, the usual 'it must be MS trying to destroy us again' bs really is getting old. It seems that we may never get away from being the 'anti MS OS' and stand on our own two feet. That means being able to sort out these type of problems with some intelligence, honesty and move forward.

One glimmer of hope is that some(including posts here), are taking the right approach and using this opportunity to teach others on how to secure there systems, posting links to resources, etc, and admitting that Linux is NOT invulnerable to attacks.

And it's not dishonest to 'put the spotlight on the Linux community for not responding well', this shows us that we need to improve how we respond and who we need to get rid of. Like all the Linux trolls!

You didn't understand my question. What is, exactly, the actual *security* issue with Linux that we can conclude from the article? Shouldn't we make sure there's an actual issue before we point fingers, as you seem so eager to do?

So I'm asking you: after reading the article, can you conclude that there is a rampant problem with Linux boxes being hacked into bots? Yes or no, that's all I'm asking.



It's not about getting old or not, it's about how accurate it is. People have been saying that the sky is blue since time immemorial, it's not any less true today.

In this case, it seems obvious that the statement from the eBay guy was made to detract from the fact that the actual bots in botnets are still exclusively Windows machines. *That* is the real problem which should be tackled.



We would get away from this stance if MS actually stopped trying to undermine Linux by continually spreading falsehoods about it, in addition to trying to divide the FOSS community with stunts such as OOXML and the MS/PL.

The day MS actually accepts to coexist with Linux and FOSS, then we'll stop being defensive towards the software giant, and not a moment before.



There are two logical fallacies in this sentence. The first is that it implies that its one or the other, i.e. that you somehow cannot give people tips on how to secure their Linux boxes AND be skeptical about the eBay guy's claims. In fact, you *can* very well do both, so insinuating that you can't (as you do) is simply wrong.

Second, I and others who have expessed skepticism with the eBay guy's claim do NOT thing that Linux is invulnerable to attacks. That's a textbook "Strawman Argument" fallacy. Linux *is* vulnerable to hacking - the question is whether this is relevant to the issues regarding Phishing and botnets. *That's* my issue with the statement - it's not clear at all that *hacked* Linux boxes are an issue, but it rather seems that phishers are using Linux to control Windows bots (something they could do with needing to hack a system).

I'm sorry, but if you're going to continue to use logical fallacies to support your arguments, we're gonna get nowhere fast.



It is when we have yet to establish that there is an issue with Linux boxes being hacked to be used as part of Phishing botnets. It is when the distinction isn't made between LAMP web servers and people's home Linux PCs - it's irrelevant to point out that distro X may or may not be secure, if you're into the web server business it's your job to make sure your servers are secure.

Again, there's no indication that we have the same situation as Windows-based bots, i.e. the millions of home Windows PCs that have been hacked into bots. *That's* the real issue



Oh, you want to "get rid of" those who disagree with you, now? How open, how democratic.

Listen, kiddo, I've been around this Internet thingy (and this particualr web site) for a looong time now. I've used - and still use - Windows, Macs, Unix and Linux PCs and servers. Just because I find that what some eBay guy has said to be questionable doesn't automatically make me a "Linux troll". So work on making arguments that are logically sound, and try to understand what it is that I'm actually saying, and then we'll talk.

Shout you down? I didn't write a single word in all caps. Sorry if you feel that my arguments are tantamount to badgering, but I am not trying to intimidate you or anything. If you have valid counter-arguments I'd be happy to hear them - though calling me a Linux troll is rather insulting, considering how long I've been posting here...

I'm a Linux advocate. That doesn't mean I don't recognize its flaws, but that also doesn't mean I'm not going to argue with someone when they say something I don't agree with...

Ironically they are hacking the Linux machines for exactly what makes them popular. They are cheap, unattended and have great uptime. That "just works" goodness translates into poor administration and ignoring patches and such because they're rarely necessary for the product to function. As long as they crackers are careful not to break the running system they can go on undetected. Using Linux for the controller makes sense because it could be a long time before somebody finds your bot-net head and cuts it off, getting bots is easy, a stable point of control (that you don't own) is not.

True even though I think its amazingly dumb. It's also usually not done for any security reasons but as a service differentiator. If you want to run services you need a "business" account which is usually a lot more expensive. There's a horrible flaw in the logic that if you can pay more you know what you're doing.
Blocking inbound connections also breaks a lot of applications and services, like inbound VOIP calls and P2P, but maybe that's just another reason for them to do it.
And if the malware is delivered by other means, such as browser exploits or trojans, blocking inbound connections is pointless.



I disagree. In my experience corporate admins are just as clueless as, or more than, ISP admins and corporate servers just as ill-maintained. I've seen so many corporate admins who's main network understanding seems to have come from playing Counter Strike on a LAN. Obviously that's not sufficient.
My experience with ISP people while still bad has not been nearly as disastrous.



So a terrible design flaw is a good thing?



Uhm, I'd say it's a good thing they (and by extension the "bad" guys) cant find things I don't want them to find. It's called "security"



And not just on Linux. Rampant incompetence is the curse of the entire industry. It's no coincidence that "enterprisey" is a derogatory term.

Heya,

Verizon does have the motive to block incoming traffic and break VOIP and other services. After all, they compete with FIOS, and they are Ma Bell with a different name .

The corporate admins I have worked with fall into two categories...clueless and clueful. The latter usually gets assigned to work on the revenue generating side of the house. The clueless one usually get put on the internal apps that the outside world doesn't see or interact with (think business intelligence, reporting, and the like). Clueless usually happens to know a lot about games, I agree. Clueful at least understands LDAP, UNIX, and lots of other acronyms . Clueful also understands interoperability and security.

ISP admins usually have a significantly higher server/admin ratio.

And I agree, rampant incompetence is omnipresent in IT. I've seen way too much of it myself, esp. in large enterprise projects .

Interesting link, thankyou!

Speaking of which, is anyone here on a cable or other "semi-static IP" connection who has limited SSH logins to one IP or another, and been locked out of their system due to an IP reassignment? This is what makes me a little paranoid as I have a few boxes out in remote datacenters, who will charge me for a reboot or any kind of intervention on that server.

I don't really know what would be the best way to do this as I don't limit SSH logins to a certain IP on my machines. But if you know the range of IP addresses your machine could obtain from DHCP then you could just allow that IP address range to make an SSH connection? Or set the server periodically look for "myexamplemachine.ath.cx" on dyndns.com servers and if the IP address there doesn't correspond with the one enabled then use the new IP address and restart the SSH service? That way the theoretical attacker would still have to guess what name the server is looking for, would have to obtain your username and password for dyndns and only then could he have a shot at trying to break into your server. Those are just two proposals out of my head. Anyway, if you don't have password logins disabled then I'd suggest installing denyhosts (or similar) so that it blocks the IP address of the person trying to log in after 3 (I use this number, yours may vary) failed login attempts. I just calculated yesterday that if someone wanted to bruteforce my password he would need around 3400 billion different IP addresses.. (and given my upload bandwidth it would take about 7000 years )