Linux hits the world

Message boards : Politics : Linux hits the world
Message board moderation

To post messages, you must log in.

Previous · 1 . . . 24 · 25 · 26 · 27 · 28 · Next

AuthorMessage
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20142
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1396284 - Posted: 29 Jul 2013, 18:10:43 UTC

Free(dom) software to take the lead in mobile devices?


The Register catches up on some news that's been around for a short while now:


FSF passes collection plate for free Android clone Replicant

The Free Software Foundation has launched a new fundraising program aimed at getting Replicant, the free software version of Google's Android smartphone OS, running on more devices.

Replicant – named after the androids in Ridley Scott's movie Blade Runner (but not the Philip K. Dick story upon which the film is based) – is a fork of the Android source code launched by a group of hackers in 2010, with the goal of creating an Android distribution based strictly on free software. ...




IT is very much what we make it...
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1396284 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1399203 - Posted: 5 Aug 2013, 21:55:17 UTC
Last modified: 5 Aug 2013, 21:55:49 UTC

http://arstechnica.com/security/2013/08/researchers-find-trojanized-banking-app-that-exploits-critical-android-bug/

"Dan Goodin @ ArsTechnica.com" wrote:
Researchers have unearthed another malicious app exploiting a critical vulnerability in Google's Android OS that allows attackers to inject malicious code into legitimate programs without invalidating their digital signature.

The threat poses as an update for the official Android app available to customers of NH Nonghyup Bank, one of South Korea's biggest financial institutions, according to a blog post published Friday by researchers from antivirus provider Trend Micro. By exploiting the so-called master-key vulnerability in the mobile OS, this malware bears the same cryptographic signature found in the legitimate release, even though the update contains malicious code that uploads user credentials to a remote server.
ID: 1399203 · Report as offensive
Profile skildude
Avatar

Send message
Joined: 4 Oct 00
Posts: 9541
Credit: 50,759,529
RAC: 60
Yemen
Message 1399745 - Posted: 6 Aug 2013, 19:54:32 UTC - in response to Message 1399203.  

you missed the one that targets the Iphone.


In a rich man's house there is no place to spit but his face.
Diogenes Of Sinope
ID: 1399745 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1400262 - Posted: 7 Aug 2013, 17:52:10 UTC

Android is perfectly secure, it is Linux based ...
http://www.foxbusiness.com/government/2013/08/07/cyber-hackers-on-course-for-one-million-malware-apps/ wrote:
Cyber Hackers on Course for One Million Malware Apps
Google's (GOOG) Android mobile operating system is so besieged by cyber hackers’ malicious apps that the malware count is on track to hit the million mark by 2014, a new report from cyber analysts Trend Micro warns.

In contrast, it took a decade for PC malware to hit that number versus just several years for mobile phone malware apps.
...
"Google's open Android ecosystem continues to be exploited by cyber criminals,” the report says, adding that "malware has even been found on the official Google Play store.” That means mobile security software is no longer just a “nice-to-have” offering for Android device owners, “but an increasingly essential tool to prevent malicious app downloads,” the report warns.

“Due to the fractured nature of the Android network, it is very difficult for patches to reach all users in an effective time frame,” said JD Sherry, vice-president, technology and solutions at Trend Micro. “In some cases, users will never get patches as vendors leave their customers at risk of attack.”

Sherry also warns: “Until we have the same urgency to protect mobile devices as we have for protecting PCs, this very real threat will continue to grow rapidly. At the rate this malware is accelerating – almost exponentially – we appear to be reaching a critical mass. To fight this, Android users need to take great care when using their devices and take the simple, but effective, step of adding security software to all mobile devices.”
...
The recent discovery of the Android master key vulnerability was a turning point in cyber phone hacking, as nearly 99% of Android devices were found to be vulnerable, the report says. The vulnerability lets cyberhackers modify installed apps without users’ consent.

Last month, a team from Bluebox Security found a vulnerability which lets a phone cyber malware convert 99% of apps already sitting on a user’s phone into a Trojan -- which could then be used to steal data or connect to botnets without the user knowing.

Duo Security and System Security Lab (NEU SecLab) released an app, ReKey, which they assert fixes the security flaw for users.

One malware, OBAD, requests root and device administrator privileges from a mobile phone user, and then lets it seize full control of an infected device, the report says. OBAD then “repeatedly shows popup notifications to convince users to grant permissions.”

Trend Micro also found more fake “antivirus” security malware this quarter that even more closely resembled legitimate ones.

Yep, 100% safe, it is based on Linux and Linux is secure because there are so many eyeballs looking at it.

Well, until people start using it and giving the crooks some reason to break in.

When will it pass Windoze in the number of exploits?

ID: 1400262 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1400345 - Posted: 7 Aug 2013, 20:12:08 UTC

http://arstechnica.com/security/2013/08/hand-of-thief-banking-trojan-doesnt-do-windows-but-it-does-linux/

"Dan Goodin @ ArsTechnica.com" wrote:
Hand of Thief, as researchers from security firm RSA have dubbed it, sells for about $2,000 in underground Internet forums and boasts its own support and sales agents. Its functionality—consisting of form grabbers and backdoor capabilities—is rudimentary compared to Windows banking trojans spawned from the Citadel or Blackhole exploit kits, but that's likely to change. RSA researcher Limor Kessem said she expects Hand of Thief to become a full-blown banking trojan that includes more advanced features such as the ability to inject attacker-controlled content into trusted bank webpages.

"Although Hand of Thief comes to the underground at a time when commercial trojans are high in demand, writing malware for the Linux OS is uncommon, and for good reason," Kessem wrote. "In comparison to Windows, Linux's user base is smaller, considerably reducing the number of potential victims and thereby the potential fraud gains."

She also said that the open-source model Linux is developed on makes the OS less susceptible to attacks that remotely execute malicious code by exploiting security bugs. That viewpoint is popular among many open-source advocates, but it's also the source of heated debates among security researchers. The number of Linux machines running Apache and other Web servers that are infected by Darkleech and similar exploits—recently estimated to be in the 20,000 range—suggests the platform isn't out of the reach of motivated attackers. What's more, contrary to popular beliefs, serious Linux vulnerabilities can sometimes linger for years. In fairness to Kessem, she said a Hand of Thief sales agent recently suggested using social-engineering attacks to infect users of the open-source OS.


My emphasis in bold, and a very important article to boot.
ID: 1400345 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1400398 - Posted: 8 Aug 2013, 3:07:08 UTC

http://arstechnica.com/security/2013/05/critical-linux-vulnerability-imperils-users-even-after-silent-fix/ wrote:
This lack of security advisories has been standard practice for years among Linus Torvalds and other developers of the Linux kernel

Lie about security. Now we know.

ID: 1400398 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1402203 - Posted: 12 Aug 2013, 15:15:09 UTC

Android, its Linux, it's secure ...
http://www.bbc.co.uk/news/technology-23664743 wrote:
Bitcoins at risk of theft on flawed Android apps
A weakness in the Android mobile operating system has left users of the virtual currency Bitcoin vulnerable to theft, the Bitcoin Foundation has said.
...
Analysts say Android's SecureRandom Java program sometimes repeats the number sequences, which must be unique in order to keep each Bitcoin secure.

Members of a Bitcoin forum have suggested that the equivalent of thousands of US dollars may have already been stolen.


ID: 1402203 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20142
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1402259 - Posted: 12 Aug 2013, 17:53:55 UTC - in response to Message 1400345.  
Last modified: 12 Aug 2013, 18:10:13 UTC

http://arstechnica.com/security/2013/08/hand-of-thief-banking-trojan-doesnt-do-windows-but-it-does-linux/

"Dan Goodin @ ArsTechnica.com" wrote:
Hand of Thief, as researchers from security firm RSA have dubbed it...


My emphasis in bold, and a very important article to boot.

Yourself and a certain other are sounding just like the two "Old Codgers" grumpy old men from the Muppets Show...

Also, it looks like you've found your hero in Dan Goodin's sensationalism.

So let's see for this one from that article:

... the open-source model Linux is developed on makes the OS less susceptible to attacks that remotely execute malicious code by exploiting security bugs. ... a Hand of Thief sales agent recently suggested using social-engineering attacks to infect users of the open-source OS. ...

So, download a "dodgy app" from some random source and so dodgy actions can be expected. No surprise there. At least the damage is contained with no live examples of going viral in the way that a certain other OS continuously suffers.


Still a world away from the very low expectations made for a certain heavily Marketed compromised secret proprietary system.

Just wait for the headline news when there is something to report... (Note the next post ;-) )

IT is what we make it,
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1402259 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20142
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1402261 - Posted: 12 Aug 2013, 18:03:14 UTC - in response to Message 1400398.  
Last modified: 12 Aug 2013, 18:08:02 UTC

http://arstechnica.com/security/2013/05/critical-linux-vulnerability-imperils-users-even-after-silent-fix/ wrote:
This lack of security advisories has been standard practice for years among Linus Torvalds and other developers of the Linux kernel

Lie about security. Now we know.

Good Dan Goodin sensationalism...

So that's the nearest we come to world headline news. Ye Gods! How many of that sort of thing and worse is a weekly event elsewhere? How does that compare to one in 2.5 years?... And compared to certain notoriety that is still painfully expensively current in proprietary systems from over a decade ago?...


Good find that is already fixed ready for immediate updates. However, for a little perspective outside of journalistic sensationalism and embarrassment:



So you need permission to access to the computer in the first place to make it work?...

Yes. This is a privilege escalation exploit. If you don't have an account on the machine (or some other way to force software to run on it), it does nothing for you.

As strcat said earlier, it *can* be used to "upgrade" a remote exploit that would normally give you unprivileged access.



Much more worryingly, note the example:

Critical threat, really?

...This is a critical threat for any server where you allow not-fully-trusted users to login (which many web hosts do, or corporate networks).

On the other hand, for a personal desktop/laptop system... you're right, this isn't really a big deal, since Linux's (and Windows/OS X's) security model largely does nothing to help you for the most part. ...

[The applications you run and the remote companies you trust are by far the greatest security risk...]


XKCD:




All pretty good if that is the worst that can be dug up for Linux!

Meanwhile, it's the rest of the IT system we really need to fix...


IT is what we make it,
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1402261 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1402287 - Posted: 12 Aug 2013, 19:06:37 UTC - in response to Message 1402259.  

Also, it looks like you've found your hero in Dan Goodin's sensationalism.


So when there's negative news about *nix, it's sensationalism on behalf of the reporter, but when there's negative Microsoft news, it's a serious threat and one should ditch Windows in favor of alternatives. Got it.

I just provide the balance you're missing from your reports; I don't put anyone on a pedestal to call them a "hero". I happen to like ArsTechnica and feel they do an excellent job at reporting in an unbiased fashion, unlike The Register which I quit reading because I felt they did not provide such a thing. What's funny to me is watching you downplay each and every report or spin-doctor them so that *nix comes out smelling like roses even though it too suffers from issues and at times critical threats just like Windows and OS X.

Your biased loyalty and unbounded evangelism toward Linux is truly astounding. No worries though, I'll keep reporting the issues you refuse to provide to educate the masses reading.
ID: 1402287 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1402302 - Posted: 12 Aug 2013, 19:32:51 UTC



I see Martin is back posting.

I expect by the end of the decade for there to be more *nix/droid exploits than there are windoze exploits. And that isn't a bold prediction either. As more and more users shift to *nix/droid there is more and more to steal. Programmers are still programmers so there are just as many holes per thousand lines of code. But there will be more economic advantage for crooks to find them, so they will.


ID: 1402302 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20142
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1402315 - Posted: 12 Aug 2013, 20:28:26 UTC - in response to Message 1402287.  
Last modified: 12 Aug 2013, 20:32:58 UTC

Also, it looks like you've found your hero in Dan Goodin's sensationalism.


So when there's negative news about *nix, it's sensationalism on behalf of the reporter, but when there's negative Microsoft news, it's a serious threat and one should ditch Windows in favor of alternatives. Got it.

...

Your biased loyalty and unbounded evangelism toward Linux is truly astounding. No worries though, I'll keep reporting the issues you refuse to provide to educate the masses reading.

So let's see then eh?...

I'm running "Linux kernel 3.8.13 #1 SMP Sun May 19 00:25:21 BST 2013 x86_64". So your critical flaw was patched over a few versions before then and before the big news. No sweat here then, but that's just me... No special updates. It just simply works.

As for the count of such flaws... You are blathering on about ONE flaw that was a local exploit for Linux systems. Already fixed for those that keep updated. There's a little sensationalism about the lack of fanfare for how the bug/exploit was listed for backports. Note that not even all kernels for the range affected include the vulnerable feature.

All still bad but that all pales into inconsequence compared to the monthly fiasco for a certain supplier for their "Patch Tuesdays". Those number an awful lot more than just one "criticality", and that's for each month! Then also, that's only what seeps out from behind the proprietary "hide everything under the carpet"...


No contest really.

Next?

IT is very much what we make it,
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1402315 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20142
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1402319 - Posted: 12 Aug 2013, 20:35:12 UTC - in response to Message 1402302.  

... there will be more economic advantage for crooks to find them, so they will.

Note the real problem for ALL operating systems and applications as Marketing pushes everyone to go "Cloudy":


XKCD:



IT is what we allow it to be...
Martin

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1402319 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1402329 - Posted: 12 Aug 2013, 21:02:30 UTC - in response to Message 1402315.  

I'm running "Linux kernel 3.8.13 #1 SMP Sun May 19 00:25:21 BST 2013 x86_64". So your critical flaw was patched over a few versions before then and before the big news. No sweat here then, but that's just me... No special updates. It just simply works.


Right - that's just you. How many other systems are left running unpatched because they sit in a corner running a few services? It may be important to others who are unaware of the flaw and the patch.

As for the count of such flaws... You are blathering on about ONE flaw that was a local exploit for Linux systems.


I'm providing information about multiple flaws in *nix throughout the thread. You've seized upon one and call it blathering? Must you be so offensive? Is there a reason you're so defensive toward others providing balance?

Already fixed for those that keep updated.


Yeah, it was fixed this time. How many other flaws remain unfixed? And for how long? Yes, it happens in Linux too.

There's a little sensationalism about the lack of fanfare for how the bug/exploit was listed for backports.


I think the lack of fanfare is worrisome for an OS that is so popular on mobile devices. Is this your way of trying to keep issues hidden?

All still bad but that all pales into inconsequence compared to the monthly fiasco for a certain supplier for their "Patch Tuesdays". Those number an awful lot more than just one "criticality", and that's for each month! Then also, that's only what seeps out from behind the proprietary "hide everything under the carpet"...


All a matter of how many people are trying to exploit your software for gain. *nix isn't very far off now that it dominates the mobile phone space.

No contest really.


It soon will be.
ID: 1402329 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1402330 - Posted: 12 Aug 2013, 21:05:39 UTC - in response to Message 1402319.  

... there will be more economic advantage for crooks to find them, so they will.

Note the real problem for ALL operating systems and applications as Marketing pushes everyone to go "Cloudy":

Note the classic use of a strawman to deflect from the point being raised for which the speaker can provide no answer.

ID: 1402330 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20142
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1402765 - Posted: 13 Aug 2013, 21:22:01 UTC
Last modified: 13 Aug 2013, 21:23:22 UTC

Here's a little fun with version numbers and year numbers:


Torvalds frustrated at missing simultaneous release

Linux 3.11 rc 5 emerges on an important day

Linus Torvalds has issued release candidate five for Linux 3.11, but is a little upset with the fact the final release missed a serendipitous anniversary.

The date in question is August 11th, 1993, as it was on that day that Windows 3.11 emerged blinking and howling into the world.

Torvalds liked the idea that Linux 3.11 would debut on that day, but has written “Sadly, the numerology doesn't quite work out, and while releasing the final 3.11 today would be a lovely coincidence (Windows 3.11 was released twenty years ago today), it is not to be.”...




So, all a good giggle on version numbers and dates and there's a fun-fest to be had in the comments. More than enough material there for even the most lack-luster of trolls. For those who are actually interested in the IT world, there are some rather good comments also.


One of the 'fun' comments is:

Linux for Workgroups

The numerology is correct due to MS leaving all the "alpha_rc_0.00.0.00.-4" stuff off the end and selling it anyway.


IT is very much what we make it,
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1402765 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20142
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1403063 - Posted: 14 Aug 2013, 12:57:01 UTC
Last modified: 14 Aug 2013, 12:58:15 UTC

Another auspicious anniversary:



No distro diva drama here: Penguinista favourite Debian turns 20

Today Debian marks a milestone not many pieces of software last long enough to see: its 20-year anniversary.

Debian has become the foundation of dozens of other Linux distros. It’s the basis of all manner of embedded systems – which means many of the uninitiated use it without knowing – and it boasts a customers list spanning governments and giant globo-corps alike. ...

... What's even more remarkable about Debian is that the project behind it continues to churn out great, reliable software and that Debian remains - after all these years - true to the vision (and accompanying manifesto) that accompanied its birth.

The Debian Project was founded by Ian Murdock and officially brought to life on 16 August, 1993. With the backing of the Free Software Foundation's GNU project, Murdock set out to create what he called "a distribution that lives up to the Linux name". Murdock's vision for Debian was to "carefully and conscientiously put together" a distribution that "will be maintained and supported with similar care"...





IT is very much what we make it,
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1403063 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 1403451 - Posted: 15 Aug 2013, 14:36:47 UTC
Last modified: 15 Aug 2013, 14:40:11 UTC

Double-dose of security flaw goodness:

http://arstechnica.com/security/2013/08/google-confirms-critical-android-crypto-flaw-used-in-5700-bitcoin-heist/

"Dan Goodin @ ArsTechnica.com" wrote:
Google developers have confirmed a cryptographic vulnerability in the Android operating system that researchers say could generate serious security glitches on hundreds of thousands of end user apps, many of them used to make Bitcoin transactions.

This weakness in Android's Java Cryptography Architecture is the root cause of a Bitcoin transaction that reportedly was exploited to pilfer about $5,720 worth of bitcoins out of a digital wallet last week. The disclosure, included in a blog post published Wednesday by Google security engineer Alex Klyubin, was the first official confirmation of the Android vulnerability since Ars and others reported the incident last weekend. Klyubin warned that other apps might also be compromised unless developers change the way they access so-called PRNGs, short for pseudo random number generators.


And this goodie:

http://arstechnica.com/security/2013/08/once-the-domain-of-windows-xp-web-servers-are-hackers-target-of-choice/

"Dan Goodin @ ArsTechnica.com" wrote:
In a pattern that has played out repeatedly over the past year or two, researchers in the past two days have reported a string of ongoing attacks that take control of Web servers by exploiting critical vulnerabilities in Apache software, Joomla, and other applications used to deliver content and programs online.

The vulnerabilities in both the Apache Struts framework and the Joomla content management system have been fixed recently, but attackers continue to exploit the flaws on servers that have yet to install the updates, according to research published in the past two days. The attacks can have severe consequences for the websites that use the older versions, since the exploits make it possible to execute malicious code that can pilfer confidential customer data, mount malware attacks on visitors, and install applications that give attackers persistent backdoor access to some of a server's most sensitive resources.

...

In some respects, Web server applications are to 2013 what Windows XP was to 2005—complex and full-featured enough that critical vulnerabilities are plentiful and in such wide use that some percentage of its user base is sure to make crucial mistakes. Fortunately, Microsoft's secure development lifecycle program has gone a long way to resolving the Windows security crisis that once endangered large swaths of the Internet. It's not clear how the current campaign against Web servers will play out, but it wouldn't be surprising if it got worse before it got better.



All some very serious stuff, and all only in our only IT world.

IT is what IT is.
ID: 1403451 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1403474 - Posted: 15 Aug 2013, 15:41:38 UTC - in response to Message 1403451.  
Last modified: 15 Aug 2013, 15:46:30 UTC

In some respects, Web server applications are to 2013 what Windows XP was to 2005—complex and full-featured enough that critical vulnerabilities are plentiful and in such wide use that some percentage of its user base is sure to make crucial mistakes. Fortunately, Microsoft's secure development lifecycle program has gone a long way to resolving the Windows security crisis that once endangered large swaths of the Internet. It's not clear how the current campaign against Web servers will play out, but it wouldn't be surprising if it got worse before it got better.



All some very serious stuff, and all only in our only IT world.

IT is what IT is.

Until the *nix world realizes its users are humans, just like XP users are humans and forces security upgrades to be installed the situation will simply get worse and worse. I wonder how soon before we start seeing lawsuits because some company didn't upgrade and some random browser of their website, not necessarily even a customer, figures out that their site is the one that stole their data and make that website's owner pay pay pay? Perhaps then the *nix world, er Linus Torvalds, will take security seriously and not try to hide and obscure problems.
ID: 1403474 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20142
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1404106 - Posted: 17 Aug 2013, 2:18:16 UTC - in response to Message 1403451.  
Last modified: 17 Aug 2013, 2:20:47 UTC

... In some respects, Web server applications are to 2013 what Windows XP was to 2005—complex and full-featured enough that critical vulnerabilities are plentiful and in such wide use that some percentage of its user base is sure to make crucial mistakes. Fortunately, Microsoft's secure development lifecycle program has gone a long way to resolving the Windows security crisis that once endangered large swaths of the Internet. It's not clear how the current campaign against Web servers will play out, but it wouldn't be surprising if it got worse before it got better.



All some very serious stuff, and all only in our only IT world.

Agreed on that one and also that is one which is likely to get worse as the general blind rush develops to offer an ever more 'rich' "cloud" experience via your web browser, regardless of how flawed or vulnerable...

Much better would be to dumb down the browser and instead just have a simple dumb remote display device...

Or continue with the 'old style cloud' which I've been supporting for over a decade now where you use whatever dedicated protocols and applications for the particular task. All well established, well proven, and robust and reliable...


IT is what IT is.

That's only for if you are really happy for what you get forced-fed.


IT is what we make it,
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1404106 · Report as offensive
Previous · 1 . . . 24 · 25 · 26 · 27 · 28 · Next

Message boards : Politics : Linux hits the world


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.