@Windows Fanboy & Anon Coward
"Properly patched, secured and maintained windows boxes are no less secure than unix boxes"
Windows webservers are usually running IIS, which when I last looked, runs at least partly in kernel-mode. As a result, when cracked the hacker gets full control of the machine. Do some research on the defacing scoreboard sites and see who they are hitting.
Well done for leaping to stupid conclusions like "another uninformed Nix fanboy with clearly no actual experience of running a large scale hosting operation on Windows (or Unix probably)" ... because in fact my previous job was supporting a farm of windows and redhat servers at a big London web design house.
Are you quite done with the "arrogant" and "fanboy" remarks? I think you've done a good job of making yourself sound like a simple-minded windows admin in the process - blaming PHP security flaws on Unix is pretty fucking dumb, since it runs on top of most webservers regardless of platform.
If you're going to label people - get it right: I'm an OpenBSD "fanboy" if anything.
@Anon Coward - yes people DO still use "drivel" like "internet facing platforms" because a lot of companies out there DO still put windows boxes on the 'net with no firewall, and a suprising proportion of those who do bother with firewalls don't seem to know to put 'DENY ALL' as the first rule.
The point I obviously failed to make is that eBay has had big security problems for the last few years, with apparently someone inside their systems running admin level hacks at will. If the site is using URLs containing ".dll" then its almost certainly running a MS webserver ... a quick check suggests that guess was right:
Clearly someone out there likes Microsoft though, as they're catching up in the webserver market: