Language Selection

English French German Italian Portuguese Spanish

A Tale of Two Root Exploits, and Why We Shouldn't Panic

Filed under
Security

There's no denying Linux is more secure than perpetually-patching Windows, but the past month or so has not provided an ideal demonstration.

In August, we saw the arrival of a long-overdue fix for a kernel bug that was six years old; now, in the last week or so, it's been not one but two root exploits causing a fuss.

"Running 64-bit Linux? Haven't updated yet? You're probably being rooted as I type this," was the introduction on Slashdot to CVE-2010-3081, the second such vulnerability to come to light in recent days.

Preceding it by just a few of those days, of course, was CVE-2010-3301, which had actually been discovered and fixed back in 2007 before the patch was inexplicably removed again the very next year, reintroducing the vulnerability.

Put it all together, and you'll see why more than a few Linux bloggers have been scratching their heads about security.

A Matter of Size?




More in Tux Machines

96Boards SBC showcases Mediatek’s deca-core Helio X20

MediaTek launched the fastest open-spec SBC to date with a 96Boards development board that runs Android on its deca-core Cortex-A53 and -A72 Helio X20 SoC. The “Helio X20 Development Board” is MediaTek’s first 96Boards form-factor single-board computer, and the most powerful open-spec hacker SBC to date. Although we’ve seen some fast 64-bit SoCs among 96Boards SBCs, such as the HiKey, based on an octa-core, Cortex-A53 HiSilicon Kirin 6220, the Helio X20 Development Board offers an even more powerful Helio X20 system-on-chip processor. Read more

Red Hat Financial News

Leftovers: OSS and Sharing

  • New projects, security, and more OpenStack news
  • LibreOffice 5.1.4 Released with Over 130 Fixes
    The first release candidate represented 123 fixes. Some include a fix for a crash in Impress when setting a background image. This occurred with several popular formats in Windows and Linux. Caolán McNamara submitted the patches to fix this in the 5.1 and 5.2 branches. David Tardon fixed a bug where certain presentations hung Impress for extended periods to indefinitely by checking for preconditions earlier. Laurent Balland-Poirier submitted the patches to fix a user-defined cell misinterpretation when using semicolon inside quotes.
  • Open source. Open science. Open Ocean. Oceanography for Everyone and the OpenCTD
    Nearly four years ago, Kersey Sturdivant and I launched a bold, ambitious, and, frankly, naive crowdfunding initiative to build the first low-cost, open-source CTD, a core scientific instrument that measures salinity, temperature, and depth in a water column. It was a dream born from the frustration of declining science funding, the expense of scientific equipment, and the promise of the Maker movement. After thousands of hours spent learning the skills necessary to build these devices, hundreds of conversations with experts, collaborators, and potential users around the world, dozens of iterations (some transformed into full prototypes, others that exist solely as software), and one research cruise on Lake Superior to test the housing and depth and temperature probes, the OpenCTD has arrived.
  • RuuviTag Open-Source Bluetooth Internet Of Things Sensor Beacon Hits Kickstarter (video)
  • Retro gaming on open source 2048 console
    Retro gaming in the open source vein could be on the upswing this season. Creoqode is the London-based technology design company behind 2048, the DIY game console with retro-style video games and visuals that is also supposed to help users learn coding.

Openwashing