SSH exploit == Kernel exploit??

Story: The issue with embedded Linux... and the solutionTotal Replies: 8
Author Content
AwesomeTux

Oct 01, 2015
11:09 AM EDT
So a botnet is going around taking advantage of servers with weak passwords and improperly setup SSH, using its newfound privileges to spread itself.

The solution... update your kernel??

That argument makes no sense.

I agree that firmware/software in embedded devices should update, or be update-able. However, I also think that any stable, tried-and-true Linux release doesn't need to be updated unless a specific problem has been found. That's kind of one of Linux's long standing selling points, its stability.

This botnet doesn't even take advantage of out-of-date software, let alone anything related to the kernel. If it was a bug in how Linux filesystems handle file permissions, I'd understand, if it was a bug in SSH, I'd understand, but it's not. It's just dumb users, using weak passwords, and allowing non-certificate SSH root login.
penguinist

Oct 01, 2015
1:34 PM EDT
User stupidity transcends all operating systems. Phishing exploits, weak passwords, and exploitation of the human factors (please reply to this email with your bank account access) are all attributes of the equation that lie outside the control of the operating system.

Linux continues to be the most secure choice out of all the available operating systems, even if there are also some stupid Linux users.
JaseP

Oct 01, 2015
3:53 PM EDT
Quoting: This botnet doesn't even take advantage of out-of-date software, let alone anything related to the kernel. If it was a bug in how Linux filesystems handle file permissions, I'd understand, if it was a bug in SSH, I'd understand, but it's not. It's just dumb users, using weak passwords, and allowing non-certificate SSH root login.


And yet, it will be paraded out as an example of how Linux is just as insecure as the next OS,... You have to realize that there is an advertising dollars agenda out there in the world of Tech reporting. On a Star Trek fan page, I was informed by another user that FTL communication is now possible and quantum entanglement allows for it to happen,... even though it clearly does not... But it's an example of tech reporters pandering to get clicks and sell ads. If either clicks or ads go down, the article gets pulled... or if they predict either would happen, it doesn't get run in the first place.
cybertao

Oct 01, 2015
5:01 PM EDT
Yeah if people could stop posting blog posts by Jack Wallen and Steven J. Vaughan-Nichols, that would be swell.
arm

Oct 01, 2015
10:07 PM EDT
Totally agree cybertao. Especially that Wallen character, I don't think I have ever read an article of his and not thought WTF. The part at the bottom of his articles saying he is 'an award winning writer' really makes me laugh.
the_doctor

Oct 01, 2015
11:38 PM EDT
cybertao wrote:
Quoting:Yeah if people could stop posting blog posts by Jack Wallen and Steven J. Vaughan-Nichols, that would be swell.


There is an app in the Goggle Play Store called Move to iOS. There is no app in the Apple Store called Move to Android, because Apple has a strict policy against promoting competing technologies.

This is why Linux is different and this is why Linux is better. Linux doesn't suppress or censer anything. Free and open are not just words. It's a philosophy.

Not everything that gets posted to this website is either true or accurate. That's why this forum exists. The free and open exchange of ideas is fundamental to the Linux way of thinking.

I have seen FUD and blatant lies from all sides posted on these pages. And it is good that these arguments are being exposed and scrutinized. We don't fear the truth.

But if we start arbitrarily banning writers then we become just like Microsoft and Apple. We're better than that. We're Linux!
BernardSwiss

Oct 02, 2015
3:05 AM EDT
Quoting:There is an app in the Goggle Play Store called Move to iOS. There is no app in the Apple Store called Move to Android, because Apple has a strict policy against promoting competing technologies.

This is why Linux is different and this is why Linux is better. Linux doesn't suppress or censer anything. Free and open are not just words. It's a philosophy.


QFT.

And the interesting thing is: that this sort of thing has come to seem awfully nebulous and theoretical... until one becomes a little accustomed to Linux (and FOSS in general) -- at which point one begins to wonder how this sort of influence over users has come to be taken as so normal, so natural, and as so unremarkable, rather than as the pressure, intrusion and insinuation (even imposition) of control that it actually is...

cybertao

Oct 02, 2015
4:56 AM EDT
the_doctor wrote:This is why Linux is different and this is why Linux is better. Linux doesn't suppress or censer anything. Free and open are not just words. It's a philosophy.
I come here because the posted topics are, generally, of quality and some are not as popular in mainstream feeds. Filtering, while seemingly similar to censorship, is not the same thing - lxer is an information filter by design.

There are plenty of other ways to see unfiltered Linux articles, crap and all, with clickbait by Wallen and SVJ ranking up the top of it.
jdixon

Oct 02, 2015
6:12 AM EDT
> Yeah if people could stop posting blog posts by Jack Wallen and Steven J. Vaughan-Nichols, that would be swell.

In general, I've found SJVN's articles to be worth reading.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!