Tricky Linux Bug Hard to Squash

8

Comments

+ Add a Comment
avatar

PCLinuxguy

Wait.. so it's only for the local user, meaning someone at your workstation, not via the web like most hackers who send malware?  I'm just trying to figure that out as I'm still a Linux newb though not afraid to ask questions.

avatar

PCLinuxguy

Wait.. so it's only for the local user, meaning someone at your workstation, not via the web like most hackers who send malware?  I'm just trying to figure that out as I'm still a Linux newb though not afraid to ask questions.

avatar

dgrmouse

Pawbear,

No, you're not correct.

Every Tuesday, Windows Update asks me to download at least two patches to correct security holes that allow compromise from unauthenticated remote computers.  A single, soon to be patched, Linux flaw that allows privilidge escalation via an authenticated local host isn't newsworthy, it's simply a marketing opportunity.

avatar

whr4usa

dgrmouse it is in fact you whom are incorrect

UNauthenticated local user not authenticated & there are many ways to make remote users appear local or to gain legimate or socially-engineered access to real local user accounts via other means

also even with the record-setting patch releases from our beloved Microsoft over the summer only 1 dealt with an unauthenticated remote attacker on vista, none on 7, so you must still be using 32-bit XP & not keep your system well-hardened

avatar

BAMT

That really doesn't make sense unless there is a series of keystrokes that one can type in to a login prompt and gain root access, or a flash drive like device that can bypass a login prompt or lock screen (cough Windows + FireWire). It's authenticated unprivileged access that can be used to elevate to root, thus one must have a local account. So he is right.

  Edit: Plus, when you try to sound superior, it REALLY helps to use proper grammar. It should be, "who are correct." Sorry, I have grammar problems.

avatar

leo655

Has Linux become a main stream OS now that it has been attacked?

avatar

I Jedi

So, you're suggesting that in order for any OS to become a main-stream choice for users, it has to be first be hacked/exploited? Well, my friend, Linux has been a main-stream OS for a very long time now then, as well as that worthless excuse for an OS - OSX

avatar

PawBear

Am I correct in saying that this is not only a significant commercial issue but a serious infrastructure concern as well?

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.