Message boards :
Politics :
Linux hits the world
Message board moderation
Previous · 1 . . . 24 · 25 · 26 · 27 · 28 · Next
Author | Message |
---|---|
ML1 Send message Joined: 25 Nov 01 Posts: 20142 Credit: 7,508,002 RAC: 20 |
Free(dom) software to take the lead in mobile devices? The Register catches up on some news that's been around for a short while now: FSF passes collection plate for free Android clone Replicant The Free Software Foundation has launched a new fundraising program aimed at getting Replicant, the free software version of Google's Android smartphone OS, running on more devices. Replicant – named after the androids in Ridley Scott's movie Blade Runner (but not the Philip K. Dick story upon which the film is based) – is a fork of the Android source code launched by a group of hackers in 2010, with the goal of creating an Android distribution based strictly on free software. ... IT is very much what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
http://arstechnica.com/security/2013/08/researchers-find-trojanized-banking-app-that-exploits-critical-android-bug/ "Dan Goodin @ ArsTechnica.com" wrote: Researchers have unearthed another malicious app exploiting a critical vulnerability in Google's Android OS that allows attackers to inject malicious code into legitimate programs without invalidating their digital signature. |
skildude Send message Joined: 4 Oct 00 Posts: 9541 Credit: 50,759,529 RAC: 60 |
you missed the one that targets the Iphone. In a rich man's house there is no place to spit but his face. Diogenes Of Sinope |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30608 Credit: 53,134,872 RAC: 32 |
Android is perfectly secure, it is Linux based ... http://www.foxbusiness.com/government/2013/08/07/cyber-hackers-on-course-for-one-million-malware-apps/ wrote: Cyber Hackers on Course for One Million Malware Apps Yep, 100% safe, it is based on Linux and Linux is secure because there are so many eyeballs looking at it. Well, until people start using it and giving the crooks some reason to break in. When will it pass Windoze in the number of exploits? |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
http://arstechnica.com/security/2013/08/hand-of-thief-banking-trojan-doesnt-do-windows-but-it-does-linux/ "Dan Goodin @ ArsTechnica.com" wrote: Hand of Thief, as researchers from security firm RSA have dubbed it, sells for about $2,000 in underground Internet forums and boasts its own support and sales agents. Its functionality—consisting of form grabbers and backdoor capabilities—is rudimentary compared to Windows banking trojans spawned from the Citadel or Blackhole exploit kits, but that's likely to change. RSA researcher Limor Kessem said she expects Hand of Thief to become a full-blown banking trojan that includes more advanced features such as the ability to inject attacker-controlled content into trusted bank webpages. My emphasis in bold, and a very important article to boot. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30608 Credit: 53,134,872 RAC: 32 |
http://arstechnica.com/security/2013/05/critical-linux-vulnerability-imperils-users-even-after-silent-fix/ wrote: This lack of security advisories has been standard practice for years among Linus Torvalds and other developers of the Linux kernel Lie about security. Now we know. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30608 Credit: 53,134,872 RAC: 32 |
Android, its Linux, it's secure ... http://www.bbc.co.uk/news/technology-23664743 wrote: Bitcoins at risk of theft on flawed Android apps |
ML1 Send message Joined: 25 Nov 01 Posts: 20142 Credit: 7,508,002 RAC: 20 |
http://arstechnica.com/security/2013/08/hand-of-thief-banking-trojan-doesnt-do-windows-but-it-does-linux/ Yourself and a certain other are sounding just like the two "Old Codgers" grumpy old men from the Muppets Show... Also, it looks like you've found your hero in Dan Goodin's sensationalism. So let's see for this one from that article: ... the open-source model Linux is developed on makes the OS less susceptible to attacks that remotely execute malicious code by exploiting security bugs. ... a Hand of Thief sales agent recently suggested using social-engineering attacks to infect users of the open-source OS. ... So, download a "dodgy app" from some random source and so dodgy actions can be expected. No surprise there. At least the damage is contained with no live examples of going viral in the way that a certain other OS continuously suffers. Still a world away from the very low expectations made for a certain heavily Marketed compromised secret proprietary system. Just wait for the headline news when there is something to report... (Note the next post ;-) ) IT is what we make it, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
ML1 Send message Joined: 25 Nov 01 Posts: 20142 Credit: 7,508,002 RAC: 20 |
http://arstechnica.com/security/2013/05/critical-linux-vulnerability-imperils-users-even-after-silent-fix/ wrote:This lack of security advisories has been standard practice for years among Linus Torvalds and other developers of the Linux kernel Good Dan Goodin sensationalism... So that's the nearest we come to world headline news. Ye Gods! How many of that sort of thing and worse is a weekly event elsewhere? How does that compare to one in 2.5 years?... And compared to certain notoriety that is still painfully expensively current in proprietary systems from over a decade ago?... Good find that is already fixed ready for immediate updates. However, for a little perspective outside of journalistic sensationalism and embarrassment: So you need permission to access to the computer in the first place to make it work?... Yes. This is a privilege escalation exploit. If you don't have an account on the machine (or some other way to force software to run on it), it does nothing for you. As strcat said earlier, it *can* be used to "upgrade" a remote exploit that would normally give you unprivileged access. Much more worryingly, note the example: Critical threat, really? ...This is a critical threat for any server where you allow not-fully-trusted users to login (which many web hosts do, or corporate networks). On the other hand, for a personal desktop/laptop system... you're right, this isn't really a big deal, since Linux's (and Windows/OS X's) security model largely does nothing to help you for the most part. ... [The applications you run and the remote companies you trust are by far the greatest security risk...] XKCD: All pretty good if that is the worst that can be dug up for Linux! Meanwhile, it's the rest of the IT system we really need to fix... IT is what we make it, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
Also, it looks like you've found your hero in Dan Goodin's sensationalism. So when there's negative news about *nix, it's sensationalism on behalf of the reporter, but when there's negative Microsoft news, it's a serious threat and one should ditch Windows in favor of alternatives. Got it. I just provide the balance you're missing from your reports; I don't put anyone on a pedestal to call them a "hero". I happen to like ArsTechnica and feel they do an excellent job at reporting in an unbiased fashion, unlike The Register which I quit reading because I felt they did not provide such a thing. What's funny to me is watching you downplay each and every report or spin-doctor them so that *nix comes out smelling like roses even though it too suffers from issues and at times critical threats just like Windows and OS X. Your biased loyalty and unbounded evangelism toward Linux is truly astounding. No worries though, I'll keep reporting the issues you refuse to provide to educate the masses reading. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30608 Credit: 53,134,872 RAC: 32 |
I see Martin is back posting. I expect by the end of the decade for there to be more *nix/droid exploits than there are windoze exploits. And that isn't a bold prediction either. As more and more users shift to *nix/droid there is more and more to steal. Programmers are still programmers so there are just as many holes per thousand lines of code. But there will be more economic advantage for crooks to find them, so they will. |
ML1 Send message Joined: 25 Nov 01 Posts: 20142 Credit: 7,508,002 RAC: 20 |
Also, it looks like you've found your hero in Dan Goodin's sensationalism. So let's see then eh?... I'm running "Linux kernel 3.8.13 #1 SMP Sun May 19 00:25:21 BST 2013 x86_64". So your critical flaw was patched over a few versions before then and before the big news. No sweat here then, but that's just me... No special updates. It just simply works. As for the count of such flaws... You are blathering on about ONE flaw that was a local exploit for Linux systems. Already fixed for those that keep updated. There's a little sensationalism about the lack of fanfare for how the bug/exploit was listed for backports. Note that not even all kernels for the range affected include the vulnerable feature. All still bad but that all pales into inconsequence compared to the monthly fiasco for a certain supplier for their "Patch Tuesdays". Those number an awful lot more than just one "criticality", and that's for each month! Then also, that's only what seeps out from behind the proprietary "hide everything under the carpet"... No contest really. Next? IT is very much what we make it, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
ML1 Send message Joined: 25 Nov 01 Posts: 20142 Credit: 7,508,002 RAC: 20 |
... there will be more economic advantage for crooks to find them, so they will. Note the real problem for ALL operating systems and applications as Marketing pushes everyone to go "Cloudy": XKCD: IT is what we allow it to be... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
I'm running "Linux kernel 3.8.13 #1 SMP Sun May 19 00:25:21 BST 2013 x86_64". So your critical flaw was patched over a few versions before then and before the big news. No sweat here then, but that's just me... No special updates. It just simply works. Right - that's just you. How many other systems are left running unpatched because they sit in a corner running a few services? It may be important to others who are unaware of the flaw and the patch. As for the count of such flaws... You are blathering on about ONE flaw that was a local exploit for Linux systems. I'm providing information about multiple flaws in *nix throughout the thread. You've seized upon one and call it blathering? Must you be so offensive? Is there a reason you're so defensive toward others providing balance? Already fixed for those that keep updated. Yeah, it was fixed this time. How many other flaws remain unfixed? And for how long? Yes, it happens in Linux too. There's a little sensationalism about the lack of fanfare for how the bug/exploit was listed for backports. I think the lack of fanfare is worrisome for an OS that is so popular on mobile devices. Is this your way of trying to keep issues hidden? All still bad but that all pales into inconsequence compared to the monthly fiasco for a certain supplier for their "Patch Tuesdays". Those number an awful lot more than just one "criticality", and that's for each month! Then also, that's only what seeps out from behind the proprietary "hide everything under the carpet"... All a matter of how many people are trying to exploit your software for gain. *nix isn't very far off now that it dominates the mobile phone space. No contest really. It soon will be. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30608 Credit: 53,134,872 RAC: 32 |
... there will be more economic advantage for crooks to find them, so they will. Note the classic use of a strawman to deflect from the point being raised for which the speaker can provide no answer. |
ML1 Send message Joined: 25 Nov 01 Posts: 20142 Credit: 7,508,002 RAC: 20 |
Here's a little fun with version numbers and year numbers: Torvalds frustrated at missing simultaneous release Linux 3.11 rc 5 emerges on an important day Linus Torvalds has issued release candidate five for Linux 3.11, but is a little upset with the fact the final release missed a serendipitous anniversary. The date in question is August 11th, 1993, as it was on that day that Windows 3.11 emerged blinking and howling into the world. Torvalds liked the idea that Linux 3.11 would debut on that day, but has written “Sadly, the numerology doesn't quite work out, and while releasing the final 3.11 today would be a lovely coincidence (Windows 3.11 was released twenty years ago today), it is not to be.â€... So, all a good giggle on version numbers and dates and there's a fun-fest to be had in the comments. More than enough material there for even the most lack-luster of trolls. For those who are actually interested in the IT world, there are some rather good comments also. One of the 'fun' comments is: Linux for Workgroups The numerology is correct due to MS leaving all the "alpha_rc_0.00.0.00.-4" stuff off the end and selling it anyway. IT is very much what we make it, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
ML1 Send message Joined: 25 Nov 01 Posts: 20142 Credit: 7,508,002 RAC: 20 |
Another auspicious anniversary: No distro diva drama here: Penguinista favourite Debian turns 20 Today Debian marks a milestone not many pieces of software last long enough to see: its 20-year anniversary. Debian has become the foundation of dozens of other Linux distros. It’s the basis of all manner of embedded systems – which means many of the uninitiated use it without knowing – and it boasts a customers list spanning governments and giant globo-corps alike. ... ... What's even more remarkable about Debian is that the project behind it continues to churn out great, reliable software and that Debian remains - after all these years - true to the vision (and accompanying manifesto) that accompanied its birth. The Debian Project was founded by Ian Murdock and officially brought to life on 16 August, 1993. With the backing of the Free Software Foundation's GNU project, Murdock set out to create what he called "a distribution that lives up to the Linux name". Murdock's vision for Debian was to "carefully and conscientiously put together" a distribution that "will be maintained and supported with similar care"... IT is very much what we make it, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
Double-dose of security flaw goodness: http://arstechnica.com/security/2013/08/google-confirms-critical-android-crypto-flaw-used-in-5700-bitcoin-heist/ "Dan Goodin @ ArsTechnica.com" wrote: Google developers have confirmed a cryptographic vulnerability in the Android operating system that researchers say could generate serious security glitches on hundreds of thousands of end user apps, many of them used to make Bitcoin transactions. And this goodie: http://arstechnica.com/security/2013/08/once-the-domain-of-windows-xp-web-servers-are-hackers-target-of-choice/ "Dan Goodin @ ArsTechnica.com" wrote: In a pattern that has played out repeatedly over the past year or two, researchers in the past two days have reported a string of ongoing attacks that take control of Web servers by exploiting critical vulnerabilities in Apache software, Joomla, and other applications used to deliver content and programs online. All some very serious stuff, and all only in our only IT world. IT is what IT is. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30608 Credit: 53,134,872 RAC: 32 |
In some respects, Web server applications are to 2013 what Windows XP was to 2005—complex and full-featured enough that critical vulnerabilities are plentiful and in such wide use that some percentage of its user base is sure to make crucial mistakes. Fortunately, Microsoft's secure development lifecycle program has gone a long way to resolving the Windows security crisis that once endangered large swaths of the Internet. It's not clear how the current campaign against Web servers will play out, but it wouldn't be surprising if it got worse before it got better. Until the *nix world realizes its users are humans, just like XP users are humans and forces security upgrades to be installed the situation will simply get worse and worse. I wonder how soon before we start seeing lawsuits because some company didn't upgrade and some random browser of their website, not necessarily even a customer, figures out that their site is the one that stole their data and make that website's owner pay pay pay? Perhaps then the *nix world, er Linus Torvalds, will take security seriously and not try to hide and obscure problems. |
ML1 Send message Joined: 25 Nov 01 Posts: 20142 Credit: 7,508,002 RAC: 20 |
... In some respects, Web server applications are to 2013 what Windows XP was to 2005—complex and full-featured enough that critical vulnerabilities are plentiful and in such wide use that some percentage of its user base is sure to make crucial mistakes. Fortunately, Microsoft's secure development lifecycle program has gone a long way to resolving the Windows security crisis that once endangered large swaths of the Internet. It's not clear how the current campaign against Web servers will play out, but it wouldn't be surprising if it got worse before it got better. Agreed on that one and also that is one which is likely to get worse as the general blind rush develops to offer an ever more 'rich' "cloud" experience via your web browser, regardless of how flawed or vulnerable... Much better would be to dumb down the browser and instead just have a simple dumb remote display device... Or continue with the 'old style cloud' which I've been supporting for over a decade now where you use whatever dedicated protocols and applications for the particular task. All well established, well proven, and robust and reliable... IT is what IT is. That's only for if you are really happy for what you get forced-fed. IT is what we make it, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.