A New Zealand Linux consultant is sceptical of a British survey which suggests hacks of Linux-based web servers are on the rise and those on Microsoft IIS-based servers are declining.
Chris Hegan, general manager of Auckland Linux consultancy Asterisk, says the survey, by British self-described "digital risk specialist" Mi2g, amounts to scaremongering.
"It's specifically about website defacements, which are only one aspect of hacking."
The survey, released last month (see Sharp rise in website defacements on Linux servers), says in the first six months of this year there were 7630 "overt digital attacks, excluding viruses and worms" on Linux web systems, compared with 5736 for all of 2001. IIS systems, on the other hand, have seen a decline, from 11,828 in the first half of 2001 to 9404 for the first half of this year.
Mi2g says "the Linux systems attacked deploy open source third-party applications, certain versions of which contain well-known vulnerabilities which are not being patched fast enough and continue to be exploited by hackers to gain control of the systems hosting the insecure application".
Hegan believes many of the reported hacks of Linux server-based sites relate to a well-known vulnerability in Apache, another open source product that is often run with Linux. "Anyone who's running a web server will know about the Apache vulnerability and patch it."
Mi2g's survey figures draw on data from the FBI and US Computer Security Institute and, according to its website, the company's database includes data on more than 6000 hacker groups.
Mi2g also says overt digital attacks on US and British government websites have declined markedly, with the US receiving 54 for the year to July, compared with 204 for the first half of 2001.
In the UK, there were 45 attacks in the whole of 2001, but the company has recorded just 12 so far this year.