Torvalds dumps Kernel.org for Github after breach Linus Torvalds has released the most current build of Linux 3.1 via Github, rather than use kernel.org, which is still experiencing downtime. Torvalds said in a post to LKLM.org that the move was simply a way to put the new code out there, rather than an indictment of the situation at kernel.org, which is still suffering after …
Once again the trolls show their ignorance...
The issue is not about the safety of Linux - it is about the stupidity of sys-admins who fail up patch up their boxes... That problem is completely indpendant of OS...
For those interested there is an old post from Information Week on Phalanx here: http://www.informationweek.com/news/software/infrastructure/210201115
The inportant factoid to take away is the version of Linux affected by the rootkit.
"Phalanx is a self-injecting kernel rootkit designed for the Linux 2.6 branch that does not use the now-disabled /dev/kmem device,"
To blame Linus as it is today for lazy administratiion that could have prevented this attack years ago is like saying that Windows 2008 Server is completely insecure because someone out there is still running NT4...
May I conclude from what you are saying, that every OS is only as secure as it's next security update ?
That security is only based upon the fact that constant patching is necessary to keep the hackers/crackers out, since they will inevitably catch up with the code that is written ? In other words yesterday's code which was branded and touted secure is now insecure and hackable at will (by those that have the right skills)
I'm not judging here, just want to make sure that I understood correctly.
and security along with the basics of how SSH function are lost on you.
you can have one or the other or both so no redundancy, rather though and complete authentication reset at all levels.
a Sys-Admin you not be, me suspect you are the Troll from above calling OSX and Windows Not secure with no concept of Security-in-depth best practices.
I beleive thy requiereth a hat and coat
did you read the sshd_config file?
Don't you know one of the key parts of SSH is having to change your change your password? If you haven't changed your changed your password recently then you should change your change your password today or you will regret having not changed your changed your password when you are hacked by the insecurity department, who will have changed their changed their passwords every day.
It will never recover from this. The Linux kernel could now have all sorts of shit in it, since the repository was hacked.
Say what you like about Windows but at least its source respository has never been open to outsiders to stick whatever back doors they wanted into the core.
I'm starting a process at my place to get rid of all our Linux boxes - it's just way too risky to take any patches now the source has been compromised.
As you've never had any access to Windows source or any idea who has had access to it it could be littered with back doors, insecure security, simple coding errors leading to exploits.
You also have no way of checking for them even if you wanted to.
Seems to me all the kernel hackers have to do is diff the source between now and just prior to the breach. They can see all the changes. It takes time - but with many eyeballs on the job it's no big deal.
TBH I can see why Mr Stallman and friends dislike BLOBs in the kernel now.
One more crippling bombshell hit the already beleaguered Linux community when IDC confirmed that Linux market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent kernel.org security issue, this news serves to reinforce what we've known all along. Linux is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.
If that's a sarcastic joke, ease up on the sarcasm, it's a bit too hard to detect!
You're confusing Netcraft and IDC there by the way. One of them is a fairly respectable web metrics outfit. The other reports market share of a free operating system by sales in revenue.
Hashes need to start including more then one kind of check, problem is once this happens the government wouldnt be able to see all your dirty secrets which is probably why this has happened. All it takes is one person to learn the back door. Add a digital picture to the mix at random out of a database of hundreds of thousands of pictures, one side has half the other side has the other half, checks are done to see that the picture matches the original. Hack that hackzor boyz.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
