The number of hacking attacks on open source-based web software is soaring. In the first six months of 2002, hackers launched 7,630 attacks on systems running on the Linux open source operating system, compared to 5,765 attacks during the whole of 2001, according to security consultancy mi2g.
This increase is because organisations have been slow to patch vulnerabilities in third-party, open source web software that uses Linux, says DK Matai, chief executive of mi2g. It is well known that certain versions of these applications have software code problems, he adds. In contrast, the number of attacks on organisations using non-open source systems has fallen significantly. For example, during the first-half of 2002, there was a 20% drop in attacks on organisations using online applications based on software giant Microsoft's web server, Internet Information Server.
This indicates that the ‘Code Red' and ‘Nimda' distributed denial of service attacks – which wreaked havoc by crippling IT systems with a flood of unsolicited web traffic in mid-2001 – has forced organisations to deploy more robust security systems.
In particular, the UK and US government appear to have learned important lessons. Just 54 US government online systems were successfully attacked between January and July 2002, compared to 204 in the year ago period. In 2002, the UK government reported 12 attacks, a sharp decrease from 38 in the first half of 2001.
The widespread adoption of IIS, however, means that it still accounts for the majority of attacks, and the total number of attacks is still on the rise. Overall, there were 20,371 overt attacks on digital systems in the first six months of 2002, a 27% increase from the first half of 2001 when there were 16,007 attacks.