Message boards :
Politics :
Linux hits the world (cont #2)
Message board moderation
Previous · 1 . . . 15 · 16 · 17 · 18 · 19 · Next
Author | Message |
---|---|
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30640 Credit: 53,134,872 RAC: 32 |
http://arstechnica.com/security/2015/04/30/spam-blasting-malware-infects-thousands-of-linux-and-freebsd-servers/ No, quote it right ... The Eset researchers still aren't certain how Mumblehard is installed. Based on their analysis of the infected server, they suspect the malware may take hold by exploiting vulnerabilities in the Joomla and WordPress content management systems. So, looks like a few got clobbered by installing a dubious copy of a commercial program. Imagine that, people too cheap to buy an O/S pirating the software they run. I waonder where they got the idea that free was the right price? There's also the other usual exploits routes through unmaintained CMS websites. Also note that the underlying OS has little to do with the application itself directly having been exploited. No Mr. Millions of eyeballs ... A version of the Mumblehard spam component was uploaded to the VirusTotal online malware checking service in 2009, an indication that the spammer program has existed for more than five years. Six years and it still isn't fixed. Like complaining about a security hole in Windows ME carried forward in every version to 10. Then there is this: The discovery is reminiscent of Windigo, a separate spam botnet made up of 10,000 Linux servers that Eset discovered 14 months ago. http://arstechnica.com/security/2014/03/18/10000-linux-servers-hit-by-malware-serving-tsunami-of-spam-and-exploits/ Researchers have documented an ongoing criminal operation infecting more than 10,000 Unix and Linux servers with malware that sends spam and redirects end users to malicious Web pages. Hey, what's this? Linux machines are infecting Windows ones? Since there are easily 10X more windows machines to get infected than Linux ones, divide windows by 10X before you compare! |
ML1 Send message Joined: 25 Nov 01 Posts: 20265 Credit: 7,508,002 RAC: 20 |
... Six years and it still isn't fixed. Like complaining about a security hole in Windows ME carried forward in every version to 10... By 'eck you really have a vendetta. Good trolling there. By what you describe as "fixed", that one quite possible isn't going to be fixed in that there isn't anything to fix other than educating people better. If anything, that problem is more an example of FLOSS being undervalued and being exploited by user ignorance... You yourself have argued hard that you cannot fix users from deliberately running whatever malware. What FLOSS and Linux does do is offer a better IT environment that can be completely free of Marketing coercion. You can enjoy using some very highly crafted software that works. Google is a big example that has made big business from that. And to me, FLOSS looks to work far better than the example we have for Microsoft systems that have introduced the need for 3rd-party antivirus! Dan Goodwin of Ars Tech and the various anti-virus sellers really do have a hard time to try to scare and bash the world outside of Microsoft systems. Might that be part of why there is no market for anti-malware for all other systems other than Microsoft?... IT is what we make it. Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
Dan Goodwin of Ars Tech and the various anti-virus sellers really do have a hard time to try to scare and bash the world outside of Microsoft systems. Might that be part of why there is no market for anti-malware for all other systems other than Microsoft?... First of all, his name is Dan Goodin. Secondly, let's leave the personal attacks out of this. Dan is the Technology Security reporter for Ars, and he reports on plenty of Microsoft flaws. I choose to post his articles on Linux here to show everyone reading just how widespread the problem is, and to balance out your anti-MS rhetoric. If you bothered to read up on Dan, he's not an anti-virus seller, and he certainly by no means engages in scare tactics to bash the world outside of Microsoft. I've chosen to ignore your petty comments that attack me, but you seriously look bad when you start attacking tech writers without knowing what you're talking about. |
ML1 Send message Joined: 25 Nov 01 Posts: 20265 Credit: 7,508,002 RAC: 20 |
Dan Goodwin of Ars Tech and the various anti-virus sellers really do have a hard time to try to scare and bash the world outside of Microsoft systems. Might that be part of why there is no market for anti-malware for all other systems other than Microsoft?... Ooops, simply typo. No one is perfect especially me! Secondly, let's leave the personal attacks out of this. The 'vendetta' comment was towards the desperate nit-picking from Gary... Dan is the Technology Security reporter for Ars, and he reports on plenty of Microsoft flaws. I choose to post his articles on Linux here to show everyone reading just how widespread the problem is, and to balance out your anti-MS rhetoric. Looking through Dan's list of recent articles on Ars, he has reported NO (NONE, ZERO, ZILCH) of anythign of any Microsoft flaws. In start contrast, his articles seize upon anything negative for all other systems, no matter whether or not petty. Looks to me like some rare bias there... And the widespread 'problems' do seem to have a far greater focus on Windows systems. More so than for the entire rest of the world of systems... My own bias is that is due to Marketing compromises and is in effect by design... I'm sure you will disagree. [...] Meanwhile, what of all the recent rather surprising articles about Microsoft waking up to Linux as reported even on Ars... IT is what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
Secondly, let's leave the personal attacks out of this. I was referring to your attacks on Dan Goodin as a Microsoft shill. Dan is the Technology Security reporter for Ars, and he reports on plenty of Microsoft flaws. I choose to post his articles on Linux here to show everyone reading just how widespread the problem is, and to balance out your anti-MS rhetoric. Correlation is not causation. That Dan's most recent articles are rather widespread, and that there aren't any significant Microsoft flaws to write about on a daily basis (unless you want to resort to the pettiness other sites tend to do). But don't take my word for it. Here's a March 18th article written by Dan: http://arstechnica.com/security/2015/03/18/microsoft-takes-4-years-to-recover-privileged-tls-certificate-addresses/ The day before, here's an article where he criticizes Microsoft's lack of quick response: http://arstechnica.com/security/2015/03/17/man-who-obtained-windows-live-cert-said-his-warnings-went-unanswered/ And on Feb 11th, an IE 11 flaw reported: http://arstechnica.com/security/2015/02/11/pwned-in-7-seconds-hackers-use-flash-and-ie-to-target-forbes-visitors/ And on the 10th: http://arstechnica.com/security/2015/02/10/15-year-old-bug-allows-malicious-code-execution-in-all-versions-of-windows/ And on Feb 3rd: http://arstechnica.com/security/2015/02/03/serious-bug-in-fully-patched-internet-explorer-puts-user-credentials-at-risk/ These are all relatively recent articles. Perhaps you should dig deeper than just his front page recent articles. And the widespread 'problems' do seem to have a far greater focus on Windows systems. More so than for the entire rest of the world of systems... My own bias is that is due to Marketing compromises and is in effect by design... I'm sure you will disagree. Perhaps your own bias on blowing Microsoft security flaws out of proportion leads you to believe that every minute flaw needs to be reported on so as to scare every MS user away from that platform is preventing you from seeing the bigger picture I've been trying to provide. And yes, I disagree with your assertion that Ars, or Dan, have been bought by Microsoft as a marketing front. Unless you have evidence to support your claim, I think it is a matter of Ars taking on a much larger approach to security while you've seized upon Microsoft alone. I, for one, appreciate the much wider view of security-related articles that seem to be well written, and well-balanced that Dan writes. He is one of many reasons why I enjoy reading Ars' long-form journalism. |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
http://arstechnica.com/security/2015/05/90s-style-security-flaw-puts-millions-of-routers-at-risk/ "Peter Bright" wrote: As companies continue to beat the Internet of Things drum, promoting a world when every device is smart, and anything electronic is network connected, we have some news that shows just what a horrible idea this really is. A security firm has found that a Linux kernel driver called NetUSB contains an amateurish error that can be exploited by hackers to remotely compromise any device running the driver. The driver is commonly found in home routers, and while some offer the ability to disable it, others do not appear to do so. Flawed code in the Linux kernel that runs in millions of routers, and a stack buffer overflow vulnerability no less. |
ML1 Send message Joined: 25 Nov 01 Posts: 20265 Credit: 7,508,002 RAC: 20 |
http://arstechnica.com/security/2015/05/90s-style-security-flaw-puts-millions-of-routers-at-risk/ Yep, quite a FUBAR. Another good fun view is given by the bite of The Register: 'Millions' of routers open to absurdly outdated NetUSB hijack Indeed a silly clanger that simply shouldn't be. And indeed so... From the comments: Because the company is too cool to use libusb… Digging further: That code is not in the mainline Linux kernel and would be blasted into oblivion with creatively extremely negative verbosity long before ever reaching the eyes of Linus! No sane kernel person would put such a module directly into the kernel!! That is why we have user-space to limit any damage from any exploits that might make it through. So, to me, that looks like cheap proprietary-ness secreting in some shoddiness for their own proprietary-rush shove-it-out-the-door quick products. Such companies have the freedom to abuse Linux any way they like provided they abide to share any code as protected by the freedoms insisted upon by the GPL and other similar 'copy-left' licenses. (Notably, a certain large company that is now surprisingly and rapidly moving into FLOSS needed over two years of work to get some of their proprietary code up to a reasonable enough standard to be accepted into the Linux mainline kernel. Even so, there were still some Big Boobs... ;-) ) IT is very much what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
Sirius B Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7 |
Well as we have been "reliably" informed by the OP over the past several years that most of the Internet's backbone is Linux makes the following two reports interesting to read... Google Maps links White House to offensive terms ...but this one is a beauty... FBI wants to ban Secure Internet by having backdoors ...what price "Secure Linux" if they succeed? |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30640 Credit: 53,134,872 RAC: 32 |
More Linux woes ... Android the fastest growing segment of Linux http://www.cnet.com/uk/news/researcher-finds-mother-of-all-android-vulnerabilities/ Most Android phones at risk from simple text hack, researcher says Millions of eyeballs = zero security |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30640 Credit: 53,134,872 RAC: 32 |
This isn't good news for FLOSS http://www.out-law.com/en/articles/2015/august/commercial-software-significantly-more-secure-than-open-source-software-says-new-report/ The software businesses build in-house or licence from suppliers is more secure than software built in an open source environment, according to a new report by software security testers. |
janneseti Send message Joined: 14 Oct 09 Posts: 14106 Credit: 655,366 RAC: 0 |
This isn't good news for FLOSS FLOSS means “Free/Libre and Open Source Software†It has nothing to do with security standards. IT is what we want it to be. Just do IT. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30640 Credit: 53,134,872 RAC: 32 |
http://www.bbc.com/news/technology-33839925 The data scrambling systems used by millions of web servers could be much weaker than they ought to be, say researchers. Isn't this random number weakness exactly what the NSA has already exploited? https://www.techdirt.com/articles/20140422/12243126991/nist-finally-removes-nsa-compromised-crypto-algorithm-random-number-generator-recommendations.shtml |
Sirius B Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7 |
|
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30640 Credit: 53,134,872 RAC: 32 |
It had to happen, Anti-virus for Linux: http://www.latimes.com/business/technology/la-fi-tn-wifatch-20151002-story.html “For all intents and purposes, it appeared like the author was trying to secure infected devices instead of using them for malicious activities,†Symantec’s Mario Ballano said in an online post. Linux has now joined the big boys! It has anti-virus! |
janneseti Send message Joined: 14 Oct 09 Posts: 14106 Credit: 655,366 RAC: 0 |
It had to happen, Anti-virus for Linux: Anti-virus for Linux? Internet browsers are prone to virus. No matter what OS used. Once per week I have to clean my browser for malware! |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30640 Credit: 53,134,872 RAC: 32 |
browsers?? obviously you did not read the article. Has nothing to do with browsers. |
janneseti Send message Joined: 14 Oct 09 Posts: 14106 Credit: 655,366 RAC: 0 |
browsers?? obviously you did not read the article. Has nothing to do with browsers. Merely thinking of computer viruses in general. The article is about routers that have Linux as an OS. I had one that you could use Telnet to access it. Don't try that at home! |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30640 Credit: 53,134,872 RAC: 32 |
browsers?? obviously you did not read the article. Has nothing to do with browsers. Have you done that with your smartphone yet? |
janneseti Send message Joined: 14 Oct 09 Posts: 14106 Credit: 655,366 RAC: 0 |
browsers?? obviously you did not read the article. Has nothing to do with browsers. Smartphone? I'm sixty years old:) Whatever. There are plenty of ways to hack computers/phones/cars/routers... If you want to be safe dont use computers. |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
Ars Technica benchmarked the recently released SteamOS against Windows for gaming performance. The results are not so good. http://arstechnica.com/gaming/2015/11/ars-benchmarks-show-significant-performance-hit-for-steamos-gaming/ Kyle Orland @ ArsTechnica wrote: Since Valve started publicly talking about its own Linux-powered "Steam Boxes" about three years ago now, we've wondered what kind of effect a new gaming-focused OS would have on overall PC gaming performance. On the one hand, Valve said back in 2012 that it was able to get substantial performance increases on an OpenGL-powered Linux port of Left 4 Dead 2. On the other hand, developers I talked to about SteamOS development earlier this year told me that the state of Linux's drivers, OpenGL tools, and game engines often made it hard to get Windows-level performance on SteamOS, especially if a game was built with DirectX in mind in the first place. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.