[FreePaul]

Flaws raise red flag on Linux security

Well! I guess that settles that. I'd never use an operating system with flaws. I'm sticking with windows.

[Support Free Republic]

Did you do well in the market this year?

If so, then maybe you can afford to make a donation to Free Republic!

[antiRepublicrat]

Because of the accessibility of the source code to everyone, it provides an equal opportunity for malicious attackers to find vulnerabilities and ways to exploit them.

If this is true then why does Windows, where people can't see the source, have even more vulnerabilities?

[Gunslingr3]

The vulnerability could allow attackers to take administrative control of compromised systems and run attack code of their choice, an iSec advisory stated. ISec claimed that it had developed and successfully tested code that was capable of exploiting the flaw, although it added that actually launching such an attack wouldn't be easy.

Do you know of an article that actually details the flaw and how it can be exploited?

[kingu]

Ghads, that Linux must really scare people. We all must conform, we all must use the one true operating system, we all must have broken windows.

[E=MC²]

Just the tip of the iceberg. By the way, what will linus do when MSFT releases the next version of Windows? "Innovate" by trying to replicate it in open-source too???

[B Knotts]

There were a whole load of local root exploits in the BSDs, including the much-vaunted OpenBSD back in 2001. I haven't heard how insecure the BSDs are because of that, strangely.

These things do happen from time to time, in every operating system. They just don't tend to cause a massive net-slowing wormfest.

[zeugma]

What a content free post. I believe the "flaw" that is being discussed is a local exploit, unlike most of the recent hacks against windows that can be remotely executed, that requires the user to already have an account on the box.

The lack of specifics in this article are typical of what I expect from the microsofties. I didn't know you worked on saturday.

[Clara Lou]

My, my. A vulnerability to a "local attacker." This makes me love MS again. I certainly prefer remote attacks. /sarcasm

[antiRepublicrat]

I also liked this part:

"The rise in such incidents can be attributed to Linux's growing popularity, which makes it a more attractive target for malicious attackers"

Linux is already more popular in the server world, and didn't make many inroads on the desktop last year, so that doesn't make much sense.

[antiRepublicrat]

Bush, here's one you'll like. After Israel's finance ministry threatened to move to Linux because MS was far too expensive, MS brought out the big guns (and possibly the slush fund too) to get them to stay.

People are getting tired of Microsoft's normal terms, high prices and bundling, and they're looking to switch. Looks like all you need to get terms and prices amenable to you from Microsoft is to threaten to switch. Still, I wonder what's going to happen at the next Software Assurance cycle.

[Bush2000]

In case anyone is interested in learning more about security templates in Windows, here's a link:

Windows security templates

Follow the links to obtain pointers to tools that can edit the templates.

[the invisib1e hand]

But many users remain confident about the security of the open-source environment

in other news, the Titanic entered the frigid waters of the north Atlantic at full speed. Asked about the dangers of icebergs, the captain dismissed the subject with wave. "She's unsinkable," he said.

[Redcloak]

The news follows the discovery of a similar flaw in the Linux 2.4 kernel last fall.

Hmmm... Sounds like another one of those flaws that allows Root to root the machine. A very pesky fellow, that Root.