|
The team at Zone-H is currently questioning
the merit of continuing to update and maintain their well known
defacement archive service given the negative sentiment directed at
them that many people express when they find out that they have been
compromised and the discouraging trend of site defacers using the
archive as an informal ranking board, with some striving for the
highest number of defacements recorded in the archive.
Having
become the leading archive of defaced sites following the demise of the
Alldas archive (the Zone-H archive is now more than 200 times larger
than Alldas was at its peak), Zone-H has become a valuable resource for
Information Security, even more valuable when the numerous other
services that the company offers are considered. However, the
continuation of the archive isn't the only problem that Zone-H has had
to face in recent months, with the arrest of their founder, Roberto Preatoni in relation to an Italian spying scandal.
Zone-H
are currently running a poll to determine whether maintaining the
service is worthwhile (the poll is reachable directly from the main
page). Worryingly for Information Security researchers and interested
observers there is an almost 80% vote in favour of terminating the mirroring services.
Those
who would argue against the continuation of the Zone-H archive should
consider that their same arguments can be used against Information
Security resources such as Full Disclosure, BugTraq (probably more of a
concern given the moderation delay), Milw0rm, and any number of sites
that have published information about attacks and how to carry them
out. Most of these arguments seem to stem from the fact that Zone-H is
only a relatively small Information Security company and a lot of the
negative sentiment they attract comes from a fear of the unknown.
Withholding
valuable information from the Information Security community is more of
a problem than any short term embarrassment that might come from the
knowledge that an attacker might pick up from the archive.
If nothing else, the historical data
that Zone-H provides is a valuable insight into the changing nature of
website attacks and defacements and the sort of general attacks that an
attacker might be expected to have in their toolkit. It is interesting
to note that the greatest overall successful target is Linux-hosted
systems, and there is a distinct downwards trend in terms of overall
attack numbers following a peak in 2006.
Open source advocates
who point to the robustness of their chosen solutions (generally a
Linux - Apache stack) against attack will be shocked to discover that
the greatest number of successful attacks were against Linux systems
(more than double the combined number of Windows systems in 2007) and
against the Apache web server (more than double the combined number of
IIS attacks in 2007). It is surmised that the primary reason for this
is due to the greatest threat to a website.
Based on the reported
compromise methodology, it would appear that poor administrative skills
and weak security policies are the greatest threat to a website, though
almost a quarter of all attacks are actually based on weaknesses within
the site itself (file inclusion, SQL injection and the like). This
ratio is surprising, given the increasingly vocal nature of the web
security community (though it should be noted that many site
compromises that take place through the actual site would never get
reported as they are being actively used for malicious purposes).
If
Zone-H were to terminate their operation of the defacement archives it
would be a great loss to the Information and general security
community. It is disappointing that the reason may be due to the ill
will that Zone-H (and doubtless many others in the Information Security
receive very similar ill will) receives for archiving what has been
reported to them.
It is often those who are least capable of
understanding the true nature of what has happened to their systems who
are quickest and most vocal in attacking those who are reporting an
identified problem and it wouldn't be the first time that someone has
stopped openly reporting issues because of slander from victims when
they have passed along the information.
Roberto Preatoni's comment: 2 quick things
1- the Poll results are showing the opposite sentiment expressed by the comments left by our readers to that news. We surely have some dude who is playing with a voting botnet :) Votes will be checked and purged frequently, so don't bother flooding the poll with fake votes, for whichever of the two options. We will pay much more attention to the comments left by the readers, as you see we are publishing both positive and negative comments. Believe us, taking a vacation is a very good option for our health...
2- the results of the statistics and the comments on Slashdot are the clear demonstration that people STILL don't understand that given the vast majority of intrusions being performed at application level, it's pointless whether the attacked server was running windows or linux and apache instead of IIS.
Update : Mon, March 17 - 8:24 PM - We purged 1115 voted casted by a single smart-ass...
Powered by a Zone-H(ified) version of AkoComment 3.0!
DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice. |
Kevin McCarthy Written by Guest on 2008-03-17 16:09:31
Re: Kevin McCarthy Written by Guest on 2008-03-17 19:59:22
