bmanning@vacation.karoshi.com wrote:
On Mon, Feb 20, 2006 at 07:49:04PM -0600, Rob Thomas wrote:
Hey, Bill.
] wht is the mean-time-to-infection for a stock windows XP system ] when plugged intot he net?... 2-5minutes? you can't get patches ] down that fast.
The same case can be made for Linux and Unix-based web servers with vulnerable PHP-based tools. There's also a large number of poorly configured devices such as routers with easily guessed passwords, overly permissive DNS name servers, etc.
It's not simply a Windows problem.
Thanks, Rob.
true enough. but "auntie jane" doesn't have linux/unix web server(s) or router(s) (other than the one provided by her ISP and managed by them) and has zero clue about overly permissive <service> machines.
me thinks it is a -much- larger pool that gets taken advantage of wiht a much higher threshold of ignorance about problems.
--bill
You described it best, and home users are indeed the problem discussed. However, the amount of insecure routers out there is scary by itself. Rob has a lot more data on that than me and I don't doubt what he said. -- http://blogs.securiteam.com/ "Out of the box is where I live". -- Cara "Starbuck" Thrace, Battlestar Galactica.