securitybreach Posted August 27, 2020 Share Posted August 27, 2020 Quote Enough with the Linux security FUD By Steven J. Vaughan-Nichols for Linux and Open Source | August 24, 2020 -- 22:52 GMT (15:52 PDT) | Topic: Security Every few weeks, another security story appears saying how insecure Linux is. There's only one problem with most of them: They're fake news. The real problem is incompetent system administrators. Like all operating systems, Linux isn't perfectly secure. Nothing is. As security guru, Bruce Schneier said, "Security is a process, not a product." It's just that, generally speaking, Linux is more secure than its competitors. You couldn't tell that from recent headlines which harp on how insecure Linux is. But, if you take a closer look, you'll find most -- not all, but most -- of these stories are bogus. For instance, Boothole sounded downright scary. You could get root access on any system! Oh no! Look again. The group which discovered it comes right out and says an attacker needs admin access in order for their exploit to do its dirty work. Friends, if someone has root access to your system, you already have real trouble. Remember what I said about Linux not being perfect? Here's an example. The initial problem was real, albeit only really dangerous to an already hacked system. But several Linux distributors botched the initial fix so their systems wouldn't boot. That's bad. Sometimes fixing something in a hurry can make matters worse and that's what happened here. In another recent case, the FBI and NSA released a security alert about Russian malware, Drovorub. This program uses unsigned Linux kernel modules to attack systems. True, as McAfee CTO, Steve Grobman said, "The United States is a target-rich environment for potential cyber-attacks," but is production Linux run by anyone with a clue really in danger from it? I don't think so. First, this malware can only work on Linux distributions running the Linux 3.6.x kernel or earlier. Guess what? The Linux 3.6 kernel was released eight-years ago. I suppose if you're still running the obsolete Red Hat Enterprise Linux (RHEL) 6 you might have to worry. Of course, the fix for signing Linux kernel modules has been available for RHEL 6 since 2012. Besides, most people are using Linux distros that are a wee bit newer than that. In fact, let's make a little list of the top production Linux distros: CentOS/RHEL 7 started with kernel 3.10. Debian 8 started with kernel 3.16. Ubuntu 13.04 started with kernel 3.8. SUSE Linux 12.3 started with kernel 3.7.10. All these years-old distros started life immune to this attack. All recent Linux versions are invulnerable to this malware. But, wait! There's more. And this is the really annoying bit. Let's say you are still running the no longer supported Ubuntu 12.04, which is theoretically vulnerable. So what. As Red Hat's security team points out, "attackers [must] gain root privileges using another vulnerability before successful installation."...... https://www.zdnet.com/article/enough-with-the-linux-security-fud/ 1 1 2 Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.