Attacks on Linux and open source Web applications appear to have risen sharply this year, while attacks on Windows systems are markedly down.
That's the conclusions of a study by security consultancy mi2g after it compiled a database on attacks culled from data from defacement archives (such as alldas.org), hacker bulletin boards and "information from automatic robots".
According to mi2g the first six months of 2002 saw 7,630 overt digital attacks on Linux systems, significantly higher than the whole of 2001 (5,736). Overt attacks on Microsoft Windows/IIS based online systems taking place in the first half of 2002 fell 20 per cent to 9,404, from the 11,828 in the first half of 2001.
The total number of overt digital attacks taking place in the first six months of 2002 rose 27 per cent to 20,371, from 16,007 in 2001, according to mi2g. Attacks on government systems are down though, a factor mi2g controversially attributes to tougher government legislation, such as the Cyber Security Enhancement Act (CSEA), acting as a deterrent to crackers.
DK Matai, mi2g chairman and chief executive, told us the playing field in security between Linux and Windows is levelling out. Many attacks on open source systems are successful because of vulnerabilities in third party apps on Linux (such as portal software and PHP scripting) enable attacks into the heart of corporate environments, he said.
News source: The Register
View: The entire article
That's the conclusions of a study by security consultancy mi2g after it compiled a database on attacks culled from data from defacement archives (such as alldas.org), hacker bulletin boards and "information from automatic robots".
According to mi2g the first six months of 2002 saw 7,630 overt digital attacks on Linux systems, significantly higher than the whole of 2001 (5,736). Overt attacks on Microsoft Windows/IIS based online systems taking place in the first half of 2002 fell 20 per cent to 9,404, from the 11,828 in the first half of 2001.
The total number of overt digital attacks taking place in the first six months of 2002 rose 27 per cent to 20,371, from 16,007 in 2001, according to mi2g. Attacks on government systems are down though, a factor mi2g controversially attributes to tougher government legislation, such as the Cyber Security Enhancement Act (CSEA), acting as a deterrent to crackers.
DK Matai, mi2g chairman and chief executive, told us the playing field in security between Linux and Windows is levelling out. Many attacks on open source systems are successful because of vulnerabilities in third party apps on Linux (such as portal software and PHP scripting) enable attacks into the heart of corporate environments, he said.
News source: The Register View: The entire article
PEAP would certainly be one way to beef up wireless security for small business, homes, and execs wireless hot-spotting out of range of the corporate network cops. According to Microsoft's paper (which incidentally contains several suggestions regarding the security content of "future" versions of the Windows client) PEAP "provides a mechanism for mutual authentication and session key generation in a roaming environment." It allows a client to establish an encrypted session with an access point and then with a server by setting up a TLS session, EAP being wrapped inside TLS.
One advantage of this is that it allows the use of username/password challenge/response authentication rather than relying on certificate exchange. According to the IETF working draft, the protection of EAP within a TLS channel also gets round the deficiency of EAP whereby negotiation is unprotected, and hence vulnerable to attack.
So will it be part of Microsoft's wireless security? Could be, and considering there aren't supposed to be many future versions of the Windows client (apart from Tablet PC edition, that is) for quite some while, shipping it in SP1 if possible, or as an add-on if not, makes sense. In any event, in order to be useful it would have to be available around the time of SP1, because shortly afterwards Microsoft will be needing it, or an alternative, for both home wireless and Tablet PCs
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.