Linked by Thom Holwerda on Sun 7th Oct 2007 23:02 UTC
Privacy, Security, Encryption When it comes to launching online attacks, criminals are getting more organised and branching out from the Windows operating system, says eBay's security chief. eBay recently did an in-depth analysis of its threat situation, and while the company is not releasing the results of this analysis, it did uncover a huge number of hacked, botnet computers, said Dave Cullinane, eBay's chief information and security officer, speaking at a Microsoft-sponsored security symposium at Santa Clara University. "The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes," he said.
Thread beginning with comment 276755
To read all comments associated with this story, please click here.
Not surprising
by garymax on Sun 7th Oct 2007 23:22 UTC
garymax
Member since:
2006-01-23

With the number of new users streaming into Linux thanks to easy-to-use distros like Ubuntu, there are many users who do not have the requisite knowledge to adequately secure their computers--maybe even believing, albeit falsely, that Linux is inherently safe out of the box.

As more Linux systems are brought on line it is not surprising to see the number of compromised Linux boxes increase.

This does not point to a weakness of Linux per se; it points out the problem that many users are not doing enough to secure their computers.

Linux' track record still stands as a monument to the security and power of open source.

Edited 2007-10-07 23:24

Reply Score: 4

RE: Not surprising
by hobgoblin on Sun 7th Oct 2007 23:25 in reply to "Not surprising"
hobgoblin Member since:
2005-07-06

pbkac, or there about?

Reply Parent Score: 3

RE[2]: Not surprising
by jayson.knight on Mon 8th Oct 2007 01:01 in reply to "RE: Not surprising"
jayson.knight Member since:
2005-07-06

"pbkac, or there about?"

More like 'pbkaa' (problem between keyboard and Africa).

*no offense meant to any Africans of course.

Reply Parent Score: 1

RE[2]: Not surprising
by Brendan on Mon 8th Oct 2007 12:44 in reply to "RE: Not surprising"
Brendan Member since:
2005-11-16

IMHO the "pbkac" theory never holds water when applied to security.

Anything designed for the "average" user (and not limited to people that are trained and/or knowledgeable and/or experienced) needs to have security systems designed for the average user.

You can complain that an OS designed for trained users is marketted towards average users. You can complain that an OS designed for average users doesn't have enough security for it's intended market. You can't blame average users when they use an OS marketted towards average users if the security isn't designed for average users, which is what you're doing by claiming it's a "pbkac".

The real question would be, if distributions like Ubuntu aren't secure out of the box, then why aren't they?

Reply Parent Score: 2

RE: Not surprising
by FreakyT on Mon 8th Oct 2007 12:32 in reply to "Not surprising"
FreakyT Member since:
2005-07-17

"With the number of new users streaming into Linux thanks to easy-to-use distros like Ubuntu, there are many users who do not have the requisite knowledge to adequately secure their computers--maybe even believing, albeit falsely, that Linux is inherently safe out of the box."


That, considering the minuscule installed base of users that don't understand security running Linux desktops, probably isn't the case. More likely, this problem is stemming from compromised web servers running Linux, which weren't secured properly.

Reply Parent Score: 1

RE[2]: Not surprising
by lemur2 on Mon 8th Oct 2007 13:44 in reply to "RE: Not surprising"
lemur2 Member since:
2007-02-17

More likely, this problem is stemming from compromised web servers running Linux, which weren't secured properly.


Actually, no. The problem that created botnets is the lax security and the monoculture of Windows. It is Windows machines after all that are the bots.

Even if it is true that Linux machines are being used for botnet command and control (debatable), that is almost irrelevant. There would be no bots to command or control without Windows.

Reply Parent Score: 2