[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] mi2g needs math lessons too

Forwarded from: security curmudgeon <jericho@xxxxxxxxxxxxx>
To: jkapica@xxxxxxxxxxxxxxx, newsroom@xxxxxxxxxxxxxxx
cc: InfoSec News <isn@xxxxxxxxxxxxx>, errata submission <errata@xxxxxxxxxxxxx>

: http://www.globetechnology.com/servlet/story/RTGAM.20030911.gtlinuxsep11/BNStory/Technology/
: Linux is favourite hacker target: Study
: During August, 67 per cent of all successful and verifiable digital
: attacks against on-line servers targeted Linux, followed by Microsoft
: Windows at 23.2 per cent. A total of 12,892 Linux on-line servers
: running e-business and information sites were successfully breached in
: that month, followed by 4,626 Windows servers, according to the report.

Have you stopped to consider these numbers? It's fairly clear that
mi2g hasn't.

: The Sobig and MSBlast malware that afflict Microsoft platforms contributed
: significantly to the record estimate.

  August 19, 2003, 08:50 BST

  The original variant of the MSBlast worm continued to spread over the
  weekend and is likely to have infected more than 570,000 computers,
  according to security firm Symantec.

Symantec says 570,000 computers were infected. Yet mi2g says 4,626
windows servers were compromised and "verified". They speicifically
say Sobig and MSBlast were factored in (quoted above), yet ignore the
numbers from Symantec and other AV firms.

It is crystal clear that mi2g is manipulating these statistics or not
qualifying the numbers. As usual, they do not cite their sources
despite it being continually proven they obtain them from non profit
sites like attrition.org, or other commercial sites more recently such
as zone-h.org.

: The data comes from the London-based mi2g Intelligence Unit, which has
: been collecting data on overt digital attacks since 1995 and verifying
: them. Its database has tracked more than 280,000 overt digital attacks
: and 7,900 hacker groups.

Here is the same corporate spew they peddle to any journalist. Why
hasn't anyone dug into their past?



: The economic damage from the attacks, in lost productivity and recovery
: costs, fell below average in August, to $707-million (U.S.).

Did you ask where they got this damage figure? Seems arbitrary.

: The Sobig and MSBlast malware that afflict Microsoft platforms
: contributed significantly to the record estimate.
: "The proliferation of Linux within the on-line server community coupled
: with inadequate knowledge of how to keep that environment secure when
: running vulnerable third-party applications is contributing to a
: consistently higher proportion of compromised Linux servers," mi29
: chairman D.K. Matai said.
: "Microsoft deserves credit for having reduced the proportion of
: successful on-line hacker attacks perpetrated against Windows servers."

Those two worms infected over 500,000 machines according to anti virus
companies, mi2g says almost 15,000 linux servers were compromised. How
can you report this without questioning their numbers? How can mi2g
say Microsoft deserves credit when they are responsible for vulnerable
code allowing for several remote administrative holes, each of which
is becoming the worm-of-the-week?

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.