On Tue, 14 Oct 2008 17:24:05 -0700, The Ghost In The Machine wrote:
> In comp.os.linux.advocacy, Terry Porter <linux-2@xxxxxxxxxxxxxxx>
> wrote
> on Tue, 14 Oct 2008 18:58:36 -0500
> <SvOdnbkYptSxr2jVnZ2dnUVZ_ofinZ2d@xxxxxxxxxxxxxxx>:
>> On Tue, 14 Oct 2008 19:12:59 +0100, Homer wrote:
>>
>>> Verily I say unto thee, that Terry Porter spake thusly:
>>>
>>>> Hi All,
>>>
>>> Crikey!
>>>
>>> We better evacuate the Trolls, for humanitarian reasons.
>>
>> Hahahah, Hi Homer :)
>>
>> I'm not the Troll eater I used to be, time and age have taken their
>> toll.
>>
>> I'm 54 years old now and only eat the odd live Windows advocate for
>> breakfast, as I'm finding they lack nutrition.
>>
>> Wintrolls are stale like bread made in October 2001, and their diet of
>> XP isn't doing them any good, it's just too damn OLD!
>>
>> Most Wintrolls find the new Windows sustenance called Vista just
>> doesn't agree with them for some reason.
>>
>> There is only one modern, Free, up-to-date, and outstanding OS around,
>> it's called Gnu/Linux, and of course every real Linux advocate here
>> knows it :)
>>
>>
>> Cheers
>> Terry
>>
>>
> Well, FWIW, not much has changed, although I don't remember if you left
> before Roy decided to start his news service.
Neither can I !
>
> I also have bad news....and I wish I knew precisely what version of
> Apache is affected. Seems that a site named zone-h.org is tracking
> successful hacks of websites, and Apache is at the top of the heap -- a
> dubious honor, at best.
>
> http://httpd.apache.org/security_report.html
>
> shows a critical Chunked encoding vulnerability in 1.3.25 (fixed in
> 1.3.26) but little else, unless web servers are using Win32 (there's a
> Win32 Apache Remote command execution capability fixed in 1.3.24).
>
> Color me extremely curious and rather worried, but it appears that IIS
> is now *more* secure than Apache, at least from the standpoint of
> successful hacks.
That's hard to know, as it's difficult to get past the stats and damn
lies to uncover the truth these days.
I see Code-Red and Nimda attempts in my logs every day, and these are
Windows server only exploits.
>
> zone-h.org is now back up and shows 69.55% successful hacks of Linux as
> of last week, with 21.00% Win2003, and 5.04% Win2000. One of the bigger
> hacks was of phoeniz.lpl.arizona.edu, the Martian lander, apparently. It
> is running Apache 2.2.8.
>
> One has to wonder what hole allowed the intruders in; the Apache website
> above only suggests cross-scripting vulnerabilities, and I don't know if
> that'll do it or not. (I'm not much of a hacker/cracker type.)
>
> http://blogs.zdnet.com/security/?p=1235
>
> suggests they used remote SQL injection. (Fortunately, this particular
> attack was limited to defacement/redirction of the page; no malware was
> sent -- but what about next time?)
SQL injection isn't really the fault of the web server is it ?
As far as I know, it's the fault of the application or database.
In any event, Apache is so configurable, it's pretty easy to prohibit
data that would enable SQL injection, and log such attempts.
There are articles on the Internet that show how to do this.
>
> Of course, there's still the question of *desktop* security; Linux still
> wins there -- thank goodness for small favors.
I admit I'm *really* out of touch with Windows on the desktop, and I plan
to keep it that way.
Here are my latest Apache 2 server stats from Awestats:-
Operating Systems
Versions Hits Percent
Windows 75766 75.8 %
Windows XP 57129 57.2 %
Windows NT 30 0 %
Windows Vista 15827 15.8 %
Windows CE 4 0 %
Windows 98 87 0 %
Windows 2003 1654 1.6 %
Windows 2000 1035 1 %
BSD 32 0 %
OpenBSD 30 0 %
FreeBSD 2 0 %
Linux 14643 14.6 %
Ubuntu 8031 8 %
Suse 221 0.2 %
Red Hat 29 0 %
Mandriva (or Mandrake) 37 0 %
Fedora 800 0.8 %
Debian 774 0.7 %
Centos 30 0 %
GNU Linux (Unknown or unspecified distribution) 4721 4.7 %
Macintosh 8214 8.2 %
Mac OS X 8214 8.2 %
Others 1179 1.1 %
Unknown 1057 1 %
Unknown Unix system 84 0 %
Sun Solaris 38 0 %
Browsers (Top 10)
MSIE 14139 14.1 %
Msie 8.0 No 462 0.4 %
Msie 7.0 No 9725 9.7 %
Msie 6.0 No 3939 3.9 %
Msie 5.5 No 11 0 %
Msie 5.01 No 1 0 %
Msie ? No 1 0 %
FIREFOX 70932 71.1 %
Firefox 3.1 No 245 0.2 %
Firefox 3.0.3 No 55398 55.5 %
Firefox 3.0.2 No 1075 1 %
Firefox 3.0.1 No 3847 3.8 %
Firefox 3.0 No 1818 1.8 %
Firefox 2.0.0.9 No 109 0.1 %
Firefox 2.0.0.7 No 122 0.1 %
Firefox 2.0.0.6 No 271 0.2 %
Firefox 2.0.0.5 No 52 0 %
Firefox 2.0.0.4 No 172 0.1 %
Firefox 2.0.0.3 No 151 0.1 %
Firefox 2.0.0.2 No 30 0 %
Firefox 2.0.0.17 No 4686 4.6 %
Firefox 2.0.0.16 No 602 0.6 %
Firefox 2.0.0.15 No 99 0 %
Firefox 2.0.0.14 No 616 0.6 %
Firefox 2.0.0.13 No 107 0.1 %
Firefox 2.0.0.12 No 338 0.3 %
Firefox 2.0.0.11 No 501 0.5 %
Firefox 2.0.0.10 No 83 0 %
Firefox 2.0.0.1 No 32 0 %
Firefox 2.0.0.0 No 29 0 %
Firefox 2.0.0 No 32 0 %
Firefox 2.0 No 63 0 %
Firefox 1.5.0.6 No 1 0 %
Firefox 1.5.0.4 No 30 0 %
Firefox 1.5.0.12 No 391 0.3 %
Firefox 1.5.0.11 No 2 0 %
Firefox 1.0 No 30 0 %
NETSCAPE 20 0 %
Netscape 5.0 No 1 0 %
Netscape 4.0 No 19 0 %
Others 14619 14.6 %
Safari No 6560 6.5 %
Opera No 4790 4.8 %
Mozilla No 1994 1.9 %
Konqueror No 638 0.6 %
Unknown ? 181 0.1 %
BonEcho (Firefox 2.0 development) No 116 0.1 %
Epiphany No 87 0 %
K-Meleon No 70 0 %
Vienna (RSS Reader) No 56 0 %
Links No 54 0 %
NetNewsWire (RSS Reader) No 34 0 %
Galeon No 30 0 %
LibWWW No 5 0 %
Wget Yes 2 0 %
BlogBridge (RSS Reader) No 1 0 %
Liferea (RSS Reader) No 1 0 %
An interesting stat I see here, is that while Windows is dominant, Linux
is as popular as Vista :)
>
> All in all, welcome back to the fray... ;-)
Thanks!
I must admit, I don't expect much from the current crop of Wintrolls,
their posts nowdays make obnoxious 6 years olds I once knew seem like
Einstein.
When I was here last, around 2001, things were far more exciting as XP
had just been released, and how the Wintrolls were stamping their big
hairy flat feet in excited expectation of wonderful things to come from
Microsoft.
I thought it was all a big yawn. XP looked like 'Toys R Us' to me, same
old stuff.
Now it's 2008, XP is still the most popular OS amongst Windows users, and
it's EIGHT YEARS OLD !!!!!
HAHHAAHHAAHAHAHAHAHAHAHAHAHAHHAHAHAHHAHAHA, GACK,SPIT, COUGH, ahh I
needed that!
XP is eight years old, and it sure looks dated to me. Then again it
looked dated when it first came out, hello ... can anyone spell NT ?
Flatfish used to carry on about how old Linux was etc, talk about irony :)
Sure Compiz-Fusion is all bling and personally I use ICEwm (still), but
Compiz does show the advanced display technology available in Linux.
Compiz also makes great big saucer eyes out of Windows users when they
see it, in fact I'm pretty sure that Compiz has stopped the brains of a
couple as their mouths worked like stranded Guppies as they stared.
Windows ..... where do you want to be stuck yesterday ?
Cheers
Terry
--
Linux full time, on the desktop, since August 1997
|
|