securitybreach Posted August 27, 2020 Share Posted August 27, 2020 Quote Enough with the Linux security FUD By Steven J. Vaughan-Nichols for Linux and Open Source | August 24, 2020 -- 22:52 GMT (15:52 PDT) | Topic: Security Every few weeks, another security story appears saying how insecure Linux is. There's only one problem with most of them: They're fake news. The real problem is incompetent system administrators. Like all operating systems, Linux isn't perfectly secure. Nothing is. As security guru, Bruce Schneier said, "Security is a process, not a product." It's just that, generally speaking, Linux is more secure than its competitors. You couldn't tell that from recent headlines which harp on how insecure Linux is. But, if you take a closer look, you'll find most -- not all, but most -- of these stories are bogus. For instance, Boothole sounded downright scary. You could get root access on any system! Oh no! Look again. The group which discovered it comes right out and says an attacker needs admin access in order for their exploit to do its dirty work. Friends, if someone has root access to your system, you already have real trouble. Remember what I said about Linux not being perfect? Here's an example. The initial problem was real, albeit only really dangerous to an already hacked system. But several Linux distributors botched the initial fix so their systems wouldn't boot. That's bad. Sometimes fixing something in a hurry can make matters worse and that's what happened here. In another recent case, the FBI and NSA released a security alert about Russian malware, Drovorub. This program uses unsigned Linux kernel modules to attack systems. True, as McAfee CTO, Steve Grobman said, "The United States is a target-rich environment for potential cyber-attacks," but is production Linux run by anyone with a clue really in danger from it? I don't think so. First, this malware can only work on Linux distributions running the Linux 3.6.x kernel or earlier. Guess what? The Linux 3.6 kernel was released eight-years ago. I suppose if you're still running the obsolete Red Hat Enterprise Linux (RHEL) 6 you might have to worry. Of course, the fix for signing Linux kernel modules has been available for RHEL 6 since 2012. Besides, most people are using Linux distros that are a wee bit newer than that. In fact, let's make a little list of the top production Linux distros: CentOS/RHEL 7 started with kernel 3.10. Debian 8 started with kernel 3.16. Ubuntu 13.04 started with kernel 3.8. SUSE Linux 12.3 started with kernel 3.7.10. All these years-old distros started life immune to this attack. All recent Linux versions are invulnerable to this malware. But, wait! There's more. And this is the really annoying bit. Let's say you are still running the no longer supported Ubuntu 12.04, which is theoretically vulnerable. So what. As Red Hat's security team points out, "attackers [must] gain root privileges using another vulnerability before successful installation."...... https://www.zdnet.com/article/enough-with-the-linux-security-fud/ 1 1 2 Quote Link to comment Share on other sites More sharing options...
sunrat Posted August 27, 2020 Share Posted August 27, 2020 Yes almost every report has written somewhere obscure "needs root access" or "needs physical access" or both. Can't let facts get in the way of blatant clickbait! 1 2 1 Quote Link to comment Share on other sites More sharing options...
raymac46 Posted August 28, 2020 Share Posted August 28, 2020 As a former work colleague put it: There is no foolproof system that cannot be fooled by some fool. 1 1 Quote Link to comment Share on other sites More sharing options...
Hedon James Posted August 28, 2020 Share Posted August 28, 2020 53 minutes ago, raymac46 said: As a former work colleague put it: There is no foolproof system that cannot be fooled by some fool. Haha! I heard something similar. "It's only foolproof until a 'new & improved fool' comes along." LOL 1 1 Quote Link to comment Share on other sites More sharing options...
goretsky Posted September 1, 2020 Share Posted September 1, 2020 Hello, I did not see any mention of when Drovorub was released and the time period of in which it was actively used. It may have been roughly contemporaneous with the Linux 3.6.x kernel from eight years ago and only now is being publicly talked about. Regards, Aryeh Goretsky 1 1 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted September 24, 2020 Share Posted September 24, 2020 Wow! Glad I upgraded my 3.6 kernel a few days ago. Just kidding. Even Slackware's not that slow about kernel upgrades. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 24, 2020 Author Share Posted September 24, 2020 11 minutes ago, V.T. Eric Layton said: Wow! Glad I upgraded my 3.6 kernel a few days ago. Just kidding. Even Slackware's not that slow about kernel upgrades. v3.8 then 1 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted September 24, 2020 Share Posted September 24, 2020 Nah... I'm actually running one of them thar new-fangled v4.x.x kernels these days. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted September 24, 2020 Author Share Posted September 24, 2020 1 minute ago, V.T. Eric Layton said: Nah... I'm actually running one of them thar new-fangled v4.x.x kernels these days. Fancy 1 Quote Link to comment Share on other sites More sharing options...
Cluttermagnet Posted November 15, 2020 Share Posted November 15, 2020 Comforting to read that, on average, all things considered, Linux is still pretty darned safe. Clutter 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.