Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Flaws raise red flag on Linux security
ComputerWorld ^ | JANUARY 09, 2004 | Jaikumar Vijayan

Posted on 01/10/2004 12:20:46 PM PST by Bush2000

Flaws raise red flag on Linux security

But many users remain confident about the security of the open-source environment

Story by Jaikumar Vijayan

JANUARY 09, 2004 ( COMPUTERWORLD ) - A report earlier this week about a critical flaw in the Linux kernel was the latest in a series of recently discovered security problems with the popular open-source operating system. But many users were unfazed by the report and said Linux remains a solid and secure environment for running enterprise applications.

Poland-based iSec Security Research on Monday said it had found a critical flaw in a function used to manage virtual memory on Linux systems (see story). The flaw affects the 2.2, 2.4 and 2.6 versions of the Linux kernel, according to iSec.

The vulnerability could allow attackers to take administrative control of compromised systems and run attack code of their choice, an iSec advisory stated. ISec claimed that it had developed and successfully tested code that was capable of exploiting the flaw, although it added that actually launching such an attack wouldn't be easy.

The news follows the discovery of a similar flaw in the Linux 2.4 kernel last fall. In November, unknown attackers used that flaw to take down several servers belonging to the Debian Project, which produces a noncommercial Linux distribution. And last month, an attack on the Gentoo Linux Project compromised a server that was being used to download copies of Gentoo's Linux source code by users.

The rise in such incidents can be attributed to Linux's growing popularity, which makes it a more attractive target for malicious attackers, said David Wreski, CEO of Linux security vendor Guardian Digital Inc. in Allendale, N.J.

"The underground hacker community is very interested in Linux as a potential target," he said. "Because of the accessibility of the source code to everyone, it provides an equal opportunity for malicious attackers to find vulnerabilities and ways to exploit them."

Even so, Linux remains a secure environment, said John Cahill, senior network security engineer at Piedmont Natural Gas in Charlotte, N.C.

"I would say it is more secure than Microsoft and other environments because the code is looked over by so many people and it's so widely available that any vulnerabilities can be quickly identified and patched," Cahill said. Piedmont uses Linux for several e-mail-related functions and is considering its use for antispam purposes.

"There's not very much we've needed to do to secure Linux [applications]," said Joe Poole, manager for technical support at Boscov's Department Stores LLC in Reading, Pa. The company runs several virtual Linux servers on its mainframes that are protected by network and internal firewalls. All nonessential services, such as file transfers and Telnet, have been disabled. But there has been no need for the kind of constant patching and maintenance required for Windows, Poole said.

Linux distributors in general are also doing a better job of shipping products that have nonessential services disabled by default, said Paul Schmel, adjunct information security officer at the University of Texas at Dallas.

"The biggest plus that Linux has is that it's designed to allow users to be users and not administrators," Schmel said. "What Linux has that Windows doesn't have is ease of configuration from an administrator's standpoint. Stopping and starting services, configuring services to only respond on certain ports and interfaces is dramatically easier than it is with Windows."


TOPICS: Business/Economy; Culture/Society; Front Page News; Technical
KEYWORDS: computersecurity; linux; lowqualitycrap
Navigation: use the links below to view more comments.
first previous 1-20 ... 121-140141-160161-180181-186 next last
To: IncPen
I mean... really. Bush2000 gets his (her?) undies in a bundle over software? And, Microsoft's, at that?

I believe it's his job. Look at his posting history. He doesn't post anything but pro-MS/anti-OSS. Can you imagine how much it would drive you crazy to have to astroturf for MS? I shudder to think of it.

161 posted on 01/13/2004 6:36:14 AM PST by zeugma (The Great Experiment is over.)
[ Post Reply | Private Reply | To 158 | View Replies]

To: steve-b
I'm trying to visualize some redneck Klan leader declaring "I'd still stand Debian, Mandrake, or RedHat against Microsoft." I really am. But I just keep dissolving into giggles....

KKKLinux, the command line has a white screen. Firewall preconfigured to filter out the NAACP and ADL, with preset links in Mozilla to all your favorite racist and holocause denial sites. Plus a custom-written panic button to the ACLU in case some city won't let you demonstrate. Prepackaged with desktop backgrounds of your favorite lynchings!

162 posted on 01/13/2004 6:55:57 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 146 | View Replies]

To: Bush2000
Nope, it's an OEM issue.

Are the millions of retail boxes sold an OEM issue too?

163 posted on 01/13/2004 7:44:20 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 154 | View Replies]

To: zeugma
Microsoft only produces the highest quality programs, which is easily shown by the fact that they only have to release patches 2 or 3 times a month on their core products.

No they don't. Microsoft proudly announced that they would have to release no security patches in December because they've gotten things down so good.

No, wait, they did end up having to release some anyway. Oops.

164 posted on 01/13/2004 7:50:21 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 159 | View Replies]

To: zeugma
He doesn't post anything but pro-MS/anti-OSS. Can you imagine how much it would drive you crazy to have to astroturf for MS? I shudder to think of it.

Maybe he works there. Maybe he's Bill Gates himself! Hey Bush/Bill, can I borrow some money?

165 posted on 01/13/2004 7:51:43 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 161 | View Replies]

To: Swordmaker
First of all, the hostile LDAP server has to be ALREADY present on the network when I connect my computer. It then has to connect to the hostile LDAP server in place of the intended LDAP server.

Which implies that someone has altered DNS and also disabled the real LDAP. Anyone know a network admin who is willing to take that kind of chance with his career?

166 posted on 01/13/2004 7:59:03 AM PST by TechJunkYard
[ Post Reply | Private Reply | To 148 | View Replies]

To: Bush2000
The news follows the discovery of a similar flaw in the Linux 2.4 kernel last fall.

Hmmm... Sounds like another one of those flaws that allows Root to root the machine. A very pesky fellow, that Root.

167 posted on 01/13/2004 8:15:36 AM PST by Redcloak (It's life, Jim, but not as we know it.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: zeugma
I believe it's his job. Look at his posting history. He doesn't post anything but pro-MS/anti-OSS. Can you imagine how much it would drive you crazy to have to astroturf for MS? I shudder to think of it.

Yes, there's that...

But with everything going on in the world... even without September 11th... the notion that anyone would hang around a forum like this and spout off about which flavor of software to use exposes a serious character defect.

It's absolutely moronic.

168 posted on 01/13/2004 8:26:14 AM PST by IncPen ( Liberalism: Working for you until all your money is spent.)
[ Post Reply | Private Reply | To 161 | View Replies]

To: antiRepublicrat
KKKLinux, the command line has a white screen. Firewall preconfigured to filter out the NAACP and ADL, with preset links in Mozilla to all your favorite racist and holocause denial sites. Plus a custom-written panic button to the ACLU in case some city won't let you demonstrate. Prepackaged with desktop backgrounds of your favorite lynchings!

The funny thing is, if you could get some KKK types to not drool into their keyboards long enough to put this together without starting an electrical fire, it would be entirely possible to create a distribution and theme exactly like what you describe.

169 posted on 01/13/2004 10:14:15 AM PST by zeugma (The Great Experiment is over.)
[ Post Reply | Private Reply | To 162 | View Replies]

To: IncPen
the notion that anyone would hang around a forum like this and spout off about which flavor of software to use exposes a serious character defect.

There's the deeper issue of proprietary vs. open source software, which affects they way that businesses can run, how open your government will be and how it will use your tax dollars. For example, the Navy is getting 300,000 seats of Windows/Office in a contract with EDS. If the total seat licensing is, say, $200 (really cheap estimate, and not counting Software Assurance three years down the road), that's $60 million of your tax dollars gone bye-bye that could have otherwise been saved.

170 posted on 01/13/2004 10:38:45 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 168 | View Replies]

To: antiRepublicrat
There's the deeper issue of proprietary vs. open source software, which affects they way that businesses can run, how open your government will be and how it will use your tax dollars. For example, the Navy is getting 300,000 seats of Windows/Office in a contract with EDS. If the total seat licensing is, say, $200 (really cheap estimate, and not counting Software Assurance three years down the road), that's $60 million of your tax dollars gone bye-bye that could have otherwise been saved.

Yes, all that waste plus a zealot like Bush2000 who has a vested interest in maintaining a flawed product.

171 posted on 01/13/2004 10:44:26 AM PST by IncPen ( Liberalism: Working for you until all your money is spent.)
[ Post Reply | Private Reply | To 170 | View Replies]

To: zeugma
I believe it's his job...

Said the Linux stooge.
172 posted on 01/13/2004 11:55:41 AM PST by Bush2000
[ Post Reply | Private Reply | To 161 | View Replies]

To: IncPen
But with everything going on in the world... even without September 11th... the notion that anyone would hang around a forum like this and spout off about which flavor of software to use exposes a serious character defect.

The thing that cracks me up about you guys is how ridiculously delusional you are: If anybody posts about Windows, it's "a serious character defect." And conversely, if they post about Linux, they walk on water. Get a clue. Everybody has their preferences, and talking about them -- whether you agree or not -- is a reasonable exercise of free speech rights. Don't like it? Don't read the thread. Nobody forces anybody's sorry butt to be here.
173 posted on 01/13/2004 11:59:45 AM PST by Bush2000
[ Post Reply | Private Reply | To 168 | View Replies]

To: IncPen
Yes, all that waste plus a zealot like Bush2000 who has a vested interest in maintaining a flawed product.

RRrrrrrrright. As if you trolls don't have vested interests in your own crappy software.
174 posted on 01/13/2004 12:00:44 PM PST by Bush2000
[ Post Reply | Private Reply | To 171 | View Replies]

To: Bush2000; antiRepublicrat; Swordmaker
RRrrrrrrright. As if you trolls don't have vested interests in your own crappy software.

You just admitted that Microsoft is crappy software.

That's the first of the 12 steps.

We're all pulling for you.

175 posted on 01/13/2004 12:05:49 PM PST by IncPen ( Liberalism: Working for you until all your money is spent.)
[ Post Reply | Private Reply | To 174 | View Replies]

To: IncPen
You just admitted that Microsoft is crappy software. That's the first of the 12 steps. We're all pulling for you

All Software Is Crap!!!
176 posted on 01/13/2004 12:49:35 PM PST by Bush2000
[ Post Reply | Private Reply | To 175 | View Replies]

To: zeugma
The funny thing is, if you could get some KKK types to not drool into their keyboards long enough to put this together without starting an electrical fire, it would be entirely possible to create a distribution and theme exactly like what you describe.

The beauty of OSS. Actually, others have proposed a FreepLinux.

177 posted on 01/13/2004 12:50:02 PM PST by antiRepublicrat
[ Post Reply | Private Reply | To 169 | View Replies]

To: Bush2000
All Software Is Crap!!!

Actually, I kind of like Photoshop. It's the most solid, capable application I've ever used. I also figure OS X will be just about OS perfection in 10.5 (or whenever all libraries are converted to 64-bit).

178 posted on 01/13/2004 12:55:46 PM PST by antiRepublicrat
[ Post Reply | Private Reply | To 176 | View Replies]

To: Bush2000
All Software Is Crap!!!

And you've made it clear that your goal and your job is to protect and perpetuate it.

I think that about wraps up our program, B2.

Toodles.

179 posted on 01/13/2004 1:22:23 PM PST by IncPen ( Liberalism: Working for you until all your money is spent.)
[ Post Reply | Private Reply | To 176 | View Replies]

To: Bush2000
I believe it's his job...

Said the Linux stooge.

Said the windows bigot.

Hey! This is fun. We could carry on with this all day long. Considering your posting history, it would be reasonable to guess that you are a paid astroturfer.

180 posted on 01/13/2004 1:30:54 PM PST by zeugma (The Great Experiment is over.)
[ Post Reply | Private Reply | To 172 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 121-140141-160161-180181-186 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson