Message boards :
Politics :
Linux hits the world (cont #2)
Message board moderation
Previous · 1 . . . 16 · 17 · 18 · 19
Author | Message |
---|---|
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
New encryption ransom-ware targets Linux systems. http://arstechnica.com/security/2015/11/new-encryption-ransomware-targets-linux-systems/ Sean Gallagher @ ArsTechnica wrote: The antivirus software company Doctor Web has issued an alert about a new form of crypto-ransomware that targets users of Linux-based operating systems. Designated as "Linux.Encoder.1" by the company, the malware largely targets Web servers, encrypting their contents and demanding a ransom of one Bitcoin (currently about $500). (My emphasis on the number of reported victims) The good news is that only 10 victims is far, far, far less than that of Windows systems, but the importance of this news is that this type of malware is coming to Linux as I previously stated. The same bad practices on Linux will leave you just as vulnerable than on Windows. |
Wiggo Send message Joined: 24 Jan 00 Posts: 36189 Credit: 261,360,520 RAC: 489 |
New encryption ransom-ware targets Linux systems. I can add 4 Chrome book users here to that list, but I'm sure that ML1 will come back with something to make it look like it's nothing to worry about (though most of us know that Linux based systems will be hit harder as time goes by). ;-) Cheers. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30895 Credit: 53,134,872 RAC: 32 |
I can add 4 Chrome book users here to that list, but I'm sure that ML1 will come back with something to make it look like it's nothing to worry about (though most of us know that Linux based systems will be hit harder as time goes by). ;-)^2 |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
http://arstechnica.com/security/2015/12/getting-a-linux-box-corralled-into-a-ddos-botnet-is-easier-than-many-think/ "Dan Goodin @ ArsTechnica" wrote: ...a critical vulnerability disclosed earlier this year in Elasticsearch, an open source server application for searching large amounts of data. In February, the company that maintains it warned it contained a vulnerability that allowed hackers to execute commands on the server running it. Within a month, a hacking forum catering to Chinese speakers provided all the source code and tutorials needed for people with only moderate technical skills to fully identify and exploit susceptible servers. |
ML1 Send message Joined: 25 Nov 01 Posts: 20872 Credit: 7,508,002 RAC: 20 |
So... Is Dan G still following a certain Campaign Against GNU/Linux...? His reporting in a similar style for certain other OSes would make for a lot of reading... If he did any such writing that is... Except... Might he dare not bite the big dollars that feed him?... Or why else no comment from him on the much more widely prevalent ongoing security issues elsewhere?... And so for his latest: http://arstechnica.com/security/2015/12/getting-a-linux-box-corralled-into-a-ddos-botnet-is-easier-than-many-think/ (Bold my emphasis.) So nothing new or surprising there and the same problem as for any internet facing system. More of interest is this recent bit of sensationalism from Dan against anything Linux hosted applications: Botnet preying on Linux computers delivers potent DDoS attacks ... uncovered a network of infected Linux computers that's flooding gaming and education sites... ... takes hold by cracking weak passwords... Once the attackers have logged in, they use root privileges to run a script that downloads and executes a malicious binary file. There's no evidence XOR DDoS infects computers by exploiting vulnerabilities in the Linux operating system itself... And yet still for Linux systems, there is still not the disproportionate rampant malicious exploitation as evident on one particular other system... No excuse to be lax but might it be that good design does help?... Next? IT is what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30895 Credit: 53,134,872 RAC: 32 |
... underscores the growing ease of hacking [unmaintained/unpatched] production servers and the risk of being complacent about patching. But isn't that the advice on Linux? Don't apply the service patches, wait for the next big stable release patch?!! Even if that means the zero day is one or two years old?!!! IT is what we make it... Wouldn't that make M$'s forced to patch the correct solution? |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
So... Is Dan G still following a certain Campaign Against GNU/Linux...? So this author is claiming bias on Ars' behalf, and for good measure he claims the Microsoft writer named Peter (formerly of Martin's favorite theregister.co.uk) is just as much of a shill... because he was hired to write articles highlighting Microsoft, just as there are others hired for science, Apple, legal matters... And we're supposed to take him at his word because he says so? Because Dan chooses to write about all security flaws, including those in GNU/Linux, but somehow that's interpreted as an "attack"? He even uses the word jihad. Come on, really!? And then you're no better than him: His reporting in a similar style for certain other OSes would make for a lot of reading... If he did any such writing that is... Except... Might he dare not bite the big dollars that feed him?... Or why else no comment from him on the much more widely prevalent ongoing security issues elsewhere?... When you don't like what someone writes, you just attack them, right? Dan Goodin is engaged in a(n alleged) jihad against Linux, so let's just throw a bunch of mud all over him, claim his journalism is poor, and we may as well call him white trash and his momma a '**'. That's about the level you and the author of the article have stooped to. Pathetic. |
bobby Send message Joined: 22 Mar 02 Posts: 2866 Credit: 17,789,109 RAC: 3 |
So... Is Dan G still following a certain Campaign Against GNU/Linux...? Elasticsearch is not an OS specific product, it runs on Windows and Linux (and you could probably get it to run on Unix and OSX if you wanted/needed to). The issue Elasticsearch found is with their Groovy scripting engine; Groovy is also not OS specific (Groovy runs in a JVM). So why does the Ars Technica article only discuss the issue in a Linux context? I think you'll find it's a bit more complicated than that ... |
bobby Send message Joined: 22 Mar 02 Posts: 2866 Credit: 17,789,109 RAC: 3 |
... underscores the growing ease of hacking [unmaintained/unpatched] production servers and the risk of being complacent about patching. Are you joking? If not, where have you seen such advice? IT is what we make it... As I understand it, the reason M$ have taken this approach is that too many Windows "Home" edition systems never got patched. Forced patching is not implemented for Windows 10 Professional or Enterprise editions, because M$ believes that the owners of such systems have a better grasp of the benefits of patching (M$ probably has data to substantiate the belief), I'd say it's plausible that Linux system owners share this grasp (though I do not have any data to substantiate this). I think you'll find it's a bit more complicated than that ... |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
Elasticsearch is not an OS specific product, it runs on Windows and Linux (and you could probably get it to run on Unix and OSX if you wanted/needed to). The issue Elasticsearch found is with their Groovy scripting engine; Groovy is also not OS specific (Groovy runs in a JVM). So why does the Ars Technica article only discuss the issue in a Linux context? According to the article, the way hackers are implementing the vulnerability is against a Linux host and being able to execute bash commands. The vulnerabilities are literally named Backdoor.Perl.RShell.c and Backdoor.Linux.Mayday.g. While it may be OS-agnostic, is there any evidence to suggest the same flaw is being used within Windows or other OSes? |
bobby Send message Joined: 22 Mar 02 Posts: 2866 Credit: 17,789,109 RAC: 3 |
Elasticsearch is not an OS specific product, it runs on Windows and Linux (and you could probably get it to run on Unix and OSX if you wanted/needed to). The issue Elasticsearch found is with their Groovy scripting engine; Groovy is also not OS specific (Groovy runs in a JVM). So why does the Ars Technica article only discuss the issue in a Linux context? Absence of evidence is not evidence of absence. It may well be that Elasticsearch is predominantly deployed on Linux systems, so the initial attacks target these deployments. Is there any evidence that Windows systems with Elasticsearch are not at risk from exploits leveraging the same attack vector, and, either way, wouldn't it be reasonable (and responsible journalism) to note that detail in an article discussing the issue? I think you'll find it's a bit more complicated than that ... |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
Elasticsearch is not an OS specific product, it runs on Windows and Linux (and you could probably get it to run on Unix and OSX if you wanted/needed to). The issue Elasticsearch found is with their Groovy scripting engine; Groovy is also not OS specific (Groovy runs in a JVM). So why does the Ars Technica article only discuss the issue in a Linux context? In reading the detailed findings by Kaspersky Labs, the attack vector found is strictly tailored to Linux systems and bash. It would make no sense to report anything beyond what was found. Had the researchers mentioned the flaw could be used in Windows systems, then yes, by all means, report on it. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30895 Credit: 53,134,872 RAC: 32 |
... underscores the growing ease of hacking [unmaintained/unpatched] production servers and the risk of being complacent about patching. On this board. Why it may have even been ML1 who was terrified that some patch or another might break a production environment because it wasn't thoroughly tested. In fact I kind of remember him using Linux stable releases to blast M$ and a patch with a bug ... Forced patching is not implemented for Windows 10 Professional or Enterprise editions, because M$ believes that the owners of such systems have a better grasp of the benefits of patching (M$ probably has data to substantiate the belief), No, the data they have is from the marketing department saying the owners of the systems who might be interested in those versions will not purchase an O/S that has forced updates. |
bobby Send message Joined: 22 Mar 02 Posts: 2866 Credit: 17,789,109 RAC: 3 |
... underscores the growing ease of hacking [unmaintained/unpatched] production servers and the risk of being complacent about patching. Fair enough, I don't recall those details. To the best of my knoweldge, ML1 is not the maintainer of the Linux distro I use at work or the one I use at home. I'll take my patching advice from them. Forced patching is not implemented for Windows 10 Professional or Enterprise editions, because M$ believes that the owners of such systems have a better grasp of the benefits of patching (M$ probably has data to substantiate the belief), That too. I think you'll find it's a bit more complicated than that ... |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30895 Credit: 53,134,872 RAC: 32 |
Oh my, zero day for this Linux bug giving root access was 2009! http://www.pcmag.com/article2/0,2817,2496870,00.asp Exploit Logs You Into Linux Systems After Hitting Backspace 28 Times They are just now getting around to an emergency patch. Is there such a long lived zero day in M$? I thought all those millions of eyeballs was supposed to prevent this kind of thing. And 2009 to 2016 is how many years?!! Root access might be a bit mild description too, perhaps supervisory mode access might be a better description. This because you could replace the O/S, boot loader, BIOS, etc! |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30895 Credit: 53,134,872 RAC: 32 |
My oh my, http://thenextweb.com/insider/2016/02/22/hackers-compromised-linux-mint-in-a-way-the-fbi-can-only-dream-of/ resulting in users downloading a build of the OS that had been modified to include a backdoor that would give attackers full access to a user’s system. And I bet it was a linux webserver too! |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
Bet it had amazing uptime! |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
http://www.ibtimes.co.uk/google-red-hat-discover-critical-dns-security-flaw-that-enables-malware-infect-entire-internet-1545687 Maybe this will come off as less biased since it isn't from ArsTechnica. |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30895 Credit: 53,134,872 RAC: 32 |
http://www.ibtimes.co.uk/google-red-hat-discover-critical-dns-security-flaw-that-enables-malware-infect-entire-internet-1545687 My, zero day was in 2008 and it is now 2016 and it is only now that the millions of eyeballs are beginning to notice there is a problem. How are they going to force an update onto the millions of routers out in the field? Who is going to flash all those ROM's? |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.