EBAY and AMAZON

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Wed Jun 13 18:42:20 UTC 2012


On Wed, 13 Jun 2012 11:08:25 -0700, JC Dill said:

> If both flavors were equally easy to exploit, according to your theory
> above we would see more exploits on the *nix servers.  Yet server-side
> exploits are seen on Windows servers far more often than *nix servers,
> despite the fact that more web pages are served by *nix servers than
> Windows servers.

I suspect the *real* issue is that for really large systems, it's not so much
"exploits" as "one-off customized attacks".  The chances of pwning Bank
of America with an off-the-shelf attack are pretty low - but finding a blind
SQL injection and leveraging it are a bit higher.

And given all the 'XYZ got pwned' news stories, I suspect that in fact
the *nix boxes *are* being attacked - just not with COTS attack tools.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120613/17c07374/attachment.sig>


More information about the NANOG mailing list