[Gllug] Linux/OS breakdown of recently hacked sites?

general_email at technicalbloke.com general_email at technicalbloke.com
Wed Jul 20 16:50:25 UTC 2011

On 20/07/11 13:05, gvim wrote:
> Considering the recent tsunami of hacked high-profile sites, has
> anyone come across info relating to how many of these sites were
> running Linux and staffed by competent admins? They can't all be down
> to cross-site scripting surely?
> gvim
> -- 

My understanding is that most of these site hacks happen at the
application layer so the OS and webserver are mostly irrelevant. SQL
injection seems to be the largest vector for such attacks and that's
really all that is needed to steal or corrupt a database. This means the
responsibility would lie with whoever created the webapps/website and
the company's appsec team (if they have one), not the sysadmins that
administer the servers the apps/sites are deployed on.

The more recent spearfishing/APT attacks on people like verisign are a
different kettle of fish. These work by targeting the Windows PC's of
particular people in an organisation, ideally those with best access to
the target material i.e. top executives, sysadmins, developers etc. In
those cases the sysadmins may have more of a case to answer. Generally
this type of attack is against very specific resources on a company's
internal LAN though, not their website.


Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list