Jump to content


Linux Not As Safe As You Think? Read On...


  • Please log in to reply
25 replies to this topic

#1 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,025 posts

Posted 06 July 2017 - 02:02 PM

https://betanews.com.../05/linux-safe/

#2 OFFLINE   Dr. J

Dr. J

    Post Master

  • Members
  • PipPipPipPip
  • 243 posts

Posted 06 July 2017 - 02:47 PM

Interesting article there Eric. I'll be honest, I only flicked through it, but it seems to boil down to what I generally tell people when a security conversation pops up... there's no such thing as an "unhackable" system so if you think you're bullet proof you're just being a dufus.

If you run some random script as admin or root without checking what it does you're asking for trouble no matter what OS you're on.

The real plus on the security side for Linux the way I see it is is that you generally get patches as soon as they're available, without having to wait for "patch Tuesday" or the like, and with a community that cares reading the code flaws can't hide for long.
/usr/bin/drinking
~/hungover

#3 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,025 posts

Posted 06 July 2017 - 04:03 PM

This was my takeaway from that article:

Quote

As you can see, many of the increases in Linux attacks aren't aimed at workstations. Actually, it can largely be attributed to IoT and other devices, such as routers, which some manufacturers abandon from an update perspective. Linux is used for this type of hardware as it scales so well -- it shouldn't be blamed for the failures of companies that don't focus on security.


#4 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 22,795 posts

Posted 06 July 2017 - 04:36 PM

Well the problem is not that Linux is insecure, the problem is the manufacturers of these IoT devices are not updating them all and some are running really old libs and such. As discussed on another thread here, the problem is also the use of default username/passwords on these devices and not having the ability to change them from those defaults. Unless they start charging a subscription fee for the software, the problem will always be here. You cannot depend on a company to provide updates as they are done with you after the sale is complete. There has to be a monetary reason for them to provide updated.

And with physical access, there is no such thing as security no matter the device..
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#5 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,025 posts

Posted 06 July 2017 - 05:17 PM

That's right. If you want security for your data, secure the machine and the data.

#6 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 22,795 posts

Posted 06 July 2017 - 05:19 PM

Right :)
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#7 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,201 posts

Posted 06 July 2017 - 06:15 PM

The only IoT device I have here is my ISP supplied router/gateway and it gets regular firmware updates and has a pretty secure admin password changed from the default.
If my microwave or refrigerator is in danger of becoming a soldier in a bit army I'd just as soon have a dumb device to keep my beer cold or heat my tea.
Posted Image

Registered Linux User 445659

#8 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 22,795 posts

Posted 06 July 2017 - 06:47 PM

View Postraymac46, on 06 July 2017 - 06:15 PM, said:

The only IoT device I have here is my ISP supplied router/gateway and it gets regular firmware updates and has a pretty secure admin password changed from the default.

I am surprised that you do not use your own hardware, it's not that expensive and you will save money by not having to pay the rental fee every month.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#9 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,201 posts

Posted 07 July 2017 - 08:27 AM

View Postsecuritybreach, on 06 July 2017 - 06:47 PM, said:

View Postraymac46, on 06 July 2017 - 06:15 PM, said:

The only IoT device I have here is my ISP supplied router/gateway and it gets regular firmware updates and has a pretty secure admin password changed from the default.

I am surprised that you do not use your own hardware, it's not that expensive and you will save money by not having to pay the rental fee every month.
Welcome to the wonderful world of Canadian ISPs where Rogers will not certify/activate any third party modems so you have to use theirs. The cost is folded into your monthly package. You can use your own router and they'll bridge their modem for you but they must supply the modem. The other ISP (Bell) has a similar policy so there is no competition you can use to supply your own hardware.
Posted Image

Registered Linux User 445659

#10 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,201 posts

Posted 07 July 2017 - 08:30 AM

I forgot I do have a ROKU 3 box which is on my LAN but it is on a non routable IP of course and has a secure enough password.
Posted Image

Registered Linux User 445659

#11 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 22,795 posts

Posted 07 July 2017 - 08:53 AM

View Postraymac46, on 07 July 2017 - 08:27 AM, said:

Welcome to the wonderful world of Canadian ISPs where Rogers will not certify/activate any third party modems so you have to use theirs. The cost is folded into your monthly package. You can use your own router and they'll bridge their modem for you but they must supply the modem. The other ISP (Bell) has a similar policy so there is no competition you can use to supply your own hardware.

That is horrible :(
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#12 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,201 posts

Posted 07 July 2017 - 11:34 AM

Not to say the ISP is in the right, but it does make sense from their point of view. A wifi gateway is almost a necessity with all the smartphones, tablets and laptops connecting to the average home LAN, and there are a lot of clueless users out there trying to do wifi networking. The ISP wants to control the hardware so that the user can employ push button or wizard technology to set up their wifi and get connected. That way they only have to support one set of gateways. They'd prefer to have you use a combination router/modem too.
At first their gateways were so bad at wifi you needed to bridge them and have your own router. But their latest ones are pretty good as far as range and speeds go. Bell Canada is even worse than Rogers as some of their DSL gateways are so old they still use WEP security.
Posted Image

Registered Linux User 445659

#13 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 22,795 posts

Posted 07 July 2017 - 11:49 AM

Well I disagree as the only people that are buying their own hardware know how to hook it up in the first place. Your average person is fine with renting the hardware but a techie should be able to provide his/her own hardware. Most of the hardware that the ISPs provide is crappy, old and lacking features. Also most of them are insecure as well.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#14 OFFLINE   Robert

Robert

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 319 posts

Posted 07 July 2017 - 04:09 PM

It's just sensationalism, yellow journalism, fake news.

The Ubuntu, Mint, or Red Hat desktop is not vulnerable. Yet the title implies that to cause fear.

The article is all twisty, going in all directions, with "systems" and "devices," then eventually mentions routers.

That's why I prefer user forums like this. When something REALLY happens you guys will post when to update or fix it.

The news media just wants to scare people.

#15 OFFLINE   abarbarian

abarbarian

    Thread Kahuna

  • Forum MVP
  • 5,274 posts

Posted 07 July 2017 - 06:18 PM

View PostRobert, on 07 July 2017 - 04:09 PM, said:

It's just sensationalism, yellow journalism, fake news.
The news media just wants to scare people.

Talk like that could get you the job of president. :whistling:
Install ARCH
You'll never need to install it again
"I did and I'm really happy"

Posted Image~~~~~~~~~~~~~Posted Image

#16 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,201 posts

Posted 07 July 2017 - 07:49 PM

Actually the gateway Rogers supplied me is a Hitron CGNM-3552. Pretty good one actually - dual band and AC capable on the wifi side. Lots of bandwidth too. I'm getting 167 down via ethernet cabled to the LAN port on the router.
They simply don't want to take the chance that the average wifi dummy will screw up the installation and call on them to support hardware they didn't supply. As a long time customer they gave me a good deal that includes the gateway so I am OK with it.
Posted Image

Registered Linux User 445659

#17 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 22,795 posts

Posted 07 July 2017 - 07:52 PM

Well the modems are essentially dumb anyway. You give the ISP the mac address and they supply the connection, it's as easy as that. There is nothing more to it.

As far as the router, they just do not support them at all. If you are having problems, they tell you to plug your computer straight into the modem. They do not even offer to work on your router. That is all left up to you. You either rent theirs or figure it out on your own.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#18 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,201 posts

Posted 08 July 2017 - 08:03 AM

ISPs here do not supply a simple modem. Both of them give you a gateway which you can dumb down if you want your own router.
Posted Image

Registered Linux User 445659

#19 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 22,795 posts

Posted 08 July 2017 - 09:21 AM

View Postraymac46, on 08 July 2017 - 08:03 AM, said:

ISPs here do not supply a simple modem. Both of them give you a gateway which you can dumb down if you want your own router.

They do the same thing here by default.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#20 OFFLINE   abarbarian

abarbarian

    Thread Kahuna

  • Forum MVP
  • 5,274 posts

Posted 08 July 2017 - 10:25 AM

You guys are so technical over there. We just get a black box to plug into the phone line and pc. We can use any router we like but have to set it up ourselves. The balck box is included in the package and we get no discount if we use our own. :breakfast:
Install ARCH
You'll never need to install it again
"I did and I'm really happy"

Posted Image~~~~~~~~~~~~~Posted Image

#21 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,201 posts

Posted 09 July 2017 - 11:48 AM

View Postabarbarian, on 08 July 2017 - 10:25 AM, said:

You guys are so technical over there. We just get a black box to plug into the phone line and pc. We can use any router we like but have to set it up ourselves. The balck box is included in the package and we get no discount if we use our own. :breakfast:

Not technical at all. In fact I would argue that the UK folks have to be more technical to configure their own networks.
In Canada we have so many dummies who want to hook up laptops, tablets and smartphones that the ISPs had to come up with an idiot proof gateway. You can either push a button to connect or use the pre-configured password the gateway gives you on a label. Easy-peasy if you don't care about security.
Posted Image

Registered Linux User 445659

#22 OFFLINE   abarbarian

abarbarian

    Thread Kahuna

  • Forum MVP
  • 5,274 posts

Posted 10 July 2017 - 06:00 AM

View Postraymac46, on 09 July 2017 - 11:48 AM, said:

View Postabarbarian, on 08 July 2017 - 10:25 AM, said:

You guys are so technical over there. We just get a black box to plug into the phone line and pc. We can use any router we like but have to set it up ourselves. The balck box is included in the package and we get no discount if we use our own. :breakfast:

Not technical at all. In fact I would argue that the UK folks have to be more technical to configure their own networks.
In Canada we have so many dummies who want to hook up laptops, tablets and smartphones that the ISPs had to come up with an idiot proof gateway. You can either push a button to connect or use the pre-configured password the gateway gives you on a label. Easy-peasy if you don't care about security.

View Postraymac46, on 09 July 2017 - 11:48 AM, said:

View Postabarbarian, on 08 July 2017 - 10:25 AM, said:

You guys are so technical over there. We just get a black box to plug into the phone line and pc. We can use any router we like but have to set it up ourselves. The balck box is included in the package and we get no discount if we use our own. :breakfast:

Not technical at all. In fact I would argue that the UK folks have to be more technical to configure their own networks.
In Canada we have so many dummies who want to hook up laptops, tablets and smartphones that the ISPs had to come up with an idiot proof gateway. You can either push a button to connect or use the pre-configured password the gateway gives you on a label. Easy-peasy if you don't care about security.

Talk Talk supply me with a black box to which I have to plug in my pc and my phone line. If I want to connect to the internet I have to read the password from the label on the back of the box, commonly called a router here, and enter it my Windows/linux network software program, same thing for a wireless network.
There is also a button on the box which you press if you want to connect a suitable tv to the wireless connection from the box, you have to enter the password as before into the software running on the tv.
That seems pretty similar to what you are describing for your country.
We can open up the router web admin page in a browser and alter settings too. What settings are available differs from each ISP and which router they supply.
We are allowed to buy our own routers and set them up ourselves.
Here I am talking domestic stuff as I have no knowledge of business setups.
The average brit would have no idea about even opening up a web admin page let alone fiddling about with the settings.  I can and do understand a small amount with regard to fiddling with the settings but my knowledge is lets say hazy at best.
:breakfast:
Install ARCH
You'll never need to install it again
"I did and I'm really happy"

Posted Image~~~~~~~~~~~~~Posted Image

#23 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,201 posts

Posted 10 July 2017 - 07:21 AM

Yes sounds like you have the same sort of gateway (modem & router combination) that is provided here by the ISP.
This is not a bad idea for the majority of Internet users who want to have wifi at home. The problem with say, Rogers supplying this gateway was that the first ones were pretty awful as far as wifi speed and reliability were concerned. You had to put on your own router to get any sort of wifi signal in remote areas of the house. Now Rogers have learned their lesson and the latest gateway I have is a fine performer. I do not need a separate modem any longer.

Edited by raymac46, 10 July 2017 - 07:23 AM.

Posted Image

Registered Linux User 445659

#24 OFFLINE   sunrat

sunrat

    Thread Kahuna

  • Forum Moderators
  • 5,239 posts

Posted 10 July 2017 - 07:47 AM

View Postabarbarian, on 10 July 2017 - 06:00 AM, said:

Talk Talk supply me with a black box to which I have to plug in my pc and my phone line. If I want to connect to the internet I have to read the password from the label on the back of the box, commonly called a router here, and enter it my Windows/linux network software program, same thing for a wireless network.
Your ISP is called Talk Talk? That's blasphemy! How dare they steal the name of the legendary band (who I love).
I have same setup here, modem/router with wifi. Although I'm using the box I got from Optus for fibre connection even though I've changed to TPG ADSL2 in my new abode (no fibre here yet :( ). Somehow I managed to configure it even though it still has Optus custom software. :)
registered Linux user number 324659  || The importance of Reading The *Fine* Manual! :D
Posted ImagePosted ImagePosted ImagePosted ImageKXStudio
For the things we have to learn before we can do them, we learn by doing them.

#25 OFFLINE   abarbarian

abarbarian

    Thread Kahuna

  • Forum MVP
  • 5,274 posts

Posted 10 July 2017 - 11:12 AM

View Postsunrat, on 10 July 2017 - 07:47 AM, said:

View Postabarbarian, on 10 July 2017 - 06:00 AM, said:

Talk Talk supply me with a black box to which I have to plug in my pc and my phone line. If I want to connect to the internet I have to read the password from the label on the back of the box, commonly called a router here, and enter it my Windows/linux network software program, same thing for a wireless network.
Your ISP is called Talk Talk? That's blasphemy! How dare they steal the name of the legendary band (who I love).
I have same setup here, modem/router with wifi. Although I'm using the box I got from Optus for fibre connection even though I've changed to TPG ADSL2 in my new abode (no fibre here yet :( ). Somehow I managed to configure it even though it still has Optus custom software. :)

They used to be called AOL. Does that ring a bell :Laughing: In the early days you had to connect via their software /web page thingy and it took forever to load on a slow connection. It took me a fortnight to research and work out how to alter things in the router to just get a clean connection with no AOL h**l to contend with.
That sort of set me of on the path to change things to suit me not big corporations.
Install ARCH
You'll never need to install it again
"I did and I'm really happy"

Posted Image~~~~~~~~~~~~~Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users