Posted on 01/20/2016 6:32:48 PM PST by Swordmaker
Pinging Shadow Ace, ThunderSleeps, and dayglored for their ping lists.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Since this is a privilege escalation attack, it can only be used by a user who already has a login, right? It is basically an internal threat from someone who is already valid on the server.
Hardware designed by 100s of thousands X software generated by millions of code monkeys. What could go wrong, go wrong, go wrong.....?
Too many “back doors” are found in software and hardware. I think government agents have planted a lot of these things to use against U.S. and foreign computer users. Some through paying off the development company, some through maybe appealing to their “patriotism”, some through agents working in the industry. Too many found all the time to be accidental.
I agree. They seem to have done so with the Linux community. Why not with Google and Android?
For Android users, it may be more of a problem. There was a sidebar article which pointed out that one-third of Android users don't bother with a passcode on their phones which would mean that if their phone were stolen, root would be accessible. But of course, with no passcode, everything would be open anyway. These are probably people who don't bother with passwords on their computers either, though.
Then on a shared computer system, anyone with a passcode could be a threat.
I am talking about a genuine Linux server. Mine has two accounts, and I am the only one who knows the passwords. It’s an Ubuntu server, so there is no root account.
Re-reading the article, I suspect Google does know about the flaw. . . but Google/Alphabet is learning to keep press responses close to the vest like Apple does. Any response other than "No comment" can leave them open to legal action. Saying they are aware of the flaw might leave them open to lawsuits from disgruntled users who claim being damaged by the flaw because Android was not updated quickly enough. Saying they were unaware of the issue may trigger a lawsuit by disgruntled users claiming they should have created better software to protect their users and then KNOWN in advance about the flaw. Damned if they do and Damned if they don't. Silence is always legally better.
Yeah, Ubuntu took a clue from Apple OS X and is set up without a ROOT user account activated. I wonder if this flaw would allow a standard administrator user to create a ROOT account in an Ubuntu Linux server? Do you know?
I think they locked it up pretty tight. However, you can certainly get a root shell if you are an admin. This, however, is not recommended.
“Since this is a privilege escalation attack, it can only be used by a user who already has a login, right? It is basically an internal threat from someone who is already valid on the server.”
It’s a moot point, it’s been fixed and the patch was available yesterday. Any linux user that pays any attention to his system security has already applied the patch.
I have a house full of linux boxes and they were patched as soon I got on my laptop yesterday morning.
‘I have a house full of linux boxes and they were patched as soon I got on my laptop yesterday morning.”
Oops, it was actually this morning that I applied the patches, sorry.
My phone is a phone. I do no banking or any of that stuff on it.
That said, I do access my email on it, so those passwords are vulnerable. So I should probably be a little more security oriented in that regard.
I was at a developer's soiree, long ago, and the discussion over drinks was backdoor security in e-money. One major e-money developer told me flatly that there literally was no value in marketing e-money without a government-accessible backdoor. And when I asked about user security, he just laughed.
I worked for HP for 30 years. The story going around the company during the 1st Gulf War (1991). It seems the CIA had planted a computer virus in the HP printer firmware on the printers the Iraqis were using in their government and military bases. They would clear the virus out of their PC’s but as soon as they turned on the printer again, the PC would be re-infected. Don’t know if they ever figured out were the virus was coming from that disabled their pc’s.
The government has its fingers in the computer industry since the beginning.
I worked for the Burlington Northern Santa Fe and we found an HP printer on the network that had malware and was infecting other computers.
They probably got a printer meant for Iraq. ;-)
Not a big deal, plus it's already been patched.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.