Language Selection

English French German Italian Portuguese Spanish

Linux is as secure as ever

Filed under
Linux
Security

There have been several stories proclaiming that a recent Linux infection proves Windows malware monopoly is over and that Think Linux is free from malware? Think again; it's been hacked. Much as it pains me to disagree with the good people, they're wrong.

Here's what really happened. UnrealIRCd, a rather obscure open-source IRC (Internet Relay Chat) server, wasn't so much hacked as the program it was letting people download has been replaced by one with a built-in security hole.

Let me spell it out for you. Even before this latest fiasco, no one who cares about security was letting IRC clients or servers run on their systems. It's always been too easy to abuse.

In this particular case, the group behind UnrealIRCd were just dumb about tracking their own program. Clearly, they never bothered to check their own code. The users, by virtue of the fact that they were running IRC in the first place, don't get any prizes for being bright either. After all, they were running IRC: Case closed.

Rest Here




How much more malware is lurking

zdnet.com: The revelation that the open-source Unreal IRC server download has been infected with malware for some eight months is pretty worrying. But the added discovery that this Trojan horse made its way into the Gentoo distro is real reason for the Linux community to re-examine how trusted repositories are handled.

Rest Here

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Is Canonical the Victim of High Expectations?

When Ubuntu was new, those who questioned it were mostly Debian developers, disgruntled because they were not hired or because Ubuntu failed to acknowledge its debt to Debian. Today, however, a vocal minority seems to view Canonical Software, the company behind Ubuntu, as a Microsoft in the making. From being the uncritical darling of open source, Canonical is closely and cynically scrutinized, and its motives constantly questioned. So how did this transformation happen? Suspicion about corporations is hardly new in open source, yet Canonical seems singled out in a way that SUSE or Red Hat only occasionally are. Read more

Permabit offers deduplication to Linux masses – almost

Permabit has moved beyond OEMs, making the latest release of its dedupe technology available as a Linux software package so that ISVs, professional services folks and systems integrators in its Hybrid Cloud Professional Services partners programme can use it. Previously it was available to OEMs in Albireo (dedupe) and Virtual Data Optimizer or Virtual Data Optimizer, VDO (dedupe+compression+thin provisioning) form. VDO v6 is designed for the cloud service provider market, Permabit says, and the VDO for Hybrid Cloud package simplifies VDO installation and configuration in Red Hat Enterprise Linux (RHEL) data centres. Read more

Mozilla involves the community in its “open-source” rebrand

Mozilla is bending the terms of the rebrand with a “branding without walls” open-source initiative. Read more

RPi 3 add-on loads up on sensors, wireless radios

Matrix Labs’s FPGA-driven “Matrix Creator” IoT daughter board for the Raspberry Pi 3 is loaded with sensors, 802.15.4 radios, and a mic array. The disc-shaped Matrix Creator add-on for the Raspberry Pi is based on AdMobilize’s successfully Kickstartered Matrix home automation and surveillance hub. AdMobilize spun off Matrix Labs, which has now built this cheaper, board-level version of the product. Read more