Language Selection

English French German Italian Portuguese Spanish

Linux is as secure as ever

Filed under
Linux
Security

There have been several stories proclaiming that a recent Linux infection proves Windows malware monopoly is over and that Think Linux is free from malware? Think again; it's been hacked. Much as it pains me to disagree with the good people, they're wrong.

Here's what really happened. UnrealIRCd, a rather obscure open-source IRC (Internet Relay Chat) server, wasn't so much hacked as the program it was letting people download has been replaced by one with a built-in security hole.

Let me spell it out for you. Even before this latest fiasco, no one who cares about security was letting IRC clients or servers run on their systems. It's always been too easy to abuse.

In this particular case, the group behind UnrealIRCd were just dumb about tracking their own program. Clearly, they never bothered to check their own code. The users, by virtue of the fact that they were running IRC in the first place, don't get any prizes for being bright either. After all, they were running IRC: Case closed.

Rest Here




How much more malware is lurking

zdnet.com: The revelation that the open-source Unreal IRC server download has been infected with malware for some eight months is pretty worrying. But the added discovery that this Trojan horse made its way into the Gentoo distro is real reason for the Linux community to re-examine how trusted repositories are handled.

Rest Here

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Real-time enabled Sitara SoC shows up on a COM

Variscite unveiled a Linux-friendly, SODIMM-style COM based on TI’s Sitara AM437x, supporting the updated SoC’s quad-core Programmable Real-time Unit (PRU). The VAR-SOM-AM43 is the first computer-on-module we’ve seen to use the Texas Instruments Sitara AM437x, a single-core Cortex-A9 system-on-chip that clocks to 1GHz. Last month, Adeneo announced an Android 4.4 BSP for TI’s Sitara AM437x development platform. Variscite is supporting its VAR-SOM-AM43 with a Yocto Linux, and soon, Android-ready hardware/software development kit of its own, which includes a VAR-AM43 CustomBoard development board, touchscreens, cables, and more Read more

High-end 'upstream' Linux laptop plans to ship in April

They said in working up hardware, they carefully designed the laptop "chip by chip" to work with open source software. The 4.4-pound laptop runs Linux. This is a GNU-based distribution, more specifically, the Trisquel GNU/Linux, "the strictest of distributions and strips all binary blobs from the Linux kernel." At the same time, they said laptop owners, if they want, can easily install anything less strict, such as Debian and Ubuntu. The machine has a 15.6" display in either 1920x1080 or 3840x2160 with a 60Hz refresh rate, 720p camera and HD Audio. It has a CD/DVD ROM drive. They used Intel Iris Pro Graphics 5200. It has a 48 Wh lithium polymer battery with about eight hours of usage. Read more

Android essentials: 13 apps I can't live without

We spend a lot of time talking about Lollipop and OS-level issues with Android -- but you know what's just as important as the operating system on your phone or tablet? The apps that surround it. The right apps can make your device easier and more enjoyable to use. They can give it powers you didn't know were possible. They can make it feel like your own custom-tailored gadget -- whether you've been using it for two minutes or for two years. Read more

GHOST, a critical Linux security hole, is revealed

Researchers at cloud security company Qualys have discovered a major security hole, GHOST (CVE-2015-0235), in the Linux GNU C Library (glbibc). This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords. Qualys alerted the major Linux distributors about the security hole quickly and most have now released patches for it. Josh Bressers, manager of the Red Hat product security team said in an interview that, "Red Hat got word of this about a week ago. Updates to fix GHOST on Red Hat Enterprise Linux (RHEL) 5, 6, and 7 are now available via the Red Hat Network." This hole exists in any Linux system that was built with glibc-2.2, which was released on November 10, 2000. Qualys found that the bug had actually been patched with a minor bug fix released on May 21, 2013 between the releases of glibc-2.17 and glibc-2.18. Read more