Star New Security Holes Discovered
Linked by David Adams on Mon 26th May 2008 17:54 UTC
Humor The serious tech journalists at XKCD have uncovered some major new security holes in some popular Linux distributions. Note: Coincidentally, after fixing some major hardware issues, Focus Shift is back.
E-mail Print r 0   13 Comment(s)
Order by: Score:
Add Comment Post a Comment
Very Serious Discussion
by kjwaugh on Mon 26th May 2008 19:02 UTC
kjwaugh
Member since:
2007-11-08

It's all made very clear for me now. I know which Distro is the best. Thanks to those guys (people - in case there are any cool chicks there) for making it easy on all of us.

Reply Bookmark Score: 2

witty
by raver31 on Mon 26th May 2008 20:16 UTC
raver31
Member since:
2005-07-06

Just the remedy after a busy working day... on a bank holiday ;)

Reply Bookmark Score: 3

topic?
by xushi on Mon 26th May 2008 22:02 UTC
xushi
Member since:
2005-08-29

Is it just me, or is the topic a little too vague and confusing? I mean, it's bad enough the teaser is almost always copy/pasted from the source, but can't there be a shred more of effort put in anymore?

Reply Bookmark Score: 2

RE: topic?
by David on Mon 26th May 2008 22:45 UTC in reply to "topic?"
David Member since:
2005-06-29

Congratulations! You're the winner of this week's "missing the point" sweepstakes!

Reply Bookmark Score: 6

RE[2]: topic?
by raver31 on Mon 26th May 2008 23:17 UTC in reply to "RE: topic?"
raver31 Member since:
2005-07-06

take a +1 from me... I can't give it normally as I have already posted ;)

Reply Bookmark Score: 3

RE[3]: topic?
by holywood on Wed 28th May 2008 01:17 UTC in reply to "RE[2]: topic?"
holywood Member since:
2006-09-25

Did it for you, and you got a +1 too !

Reply Bookmark Score: 1

openSUSE FTW
by elsewhere on Tue 27th May 2008 01:02 UTC
elsewhere
Member since:
2005-07-13

It's gratifying to see that openSUSE managed to escape the list of glaring security problems. Congrats to the dev teams, I believe their holistic approach to assessing vulnerabilities gives them a clear advantage over the distros listed in the article.

FWIW, the bug with the decoder rings in Fedora was admittedly an issue with an earlier version of openSUSE, but it was very quickly identified and nixed with a security update. It's remarkable to see that other distros fail, even in this day and age, to take preventative measures against well known attack vectors. Don't even get me started on the root access vulnerability for slackware that was mentioned in the article, how has that not been addressed yet?

Security is a mindset, above all else.

;)

Reply Bookmark Score: 3

RE: openSUSE FTW
by Siamhie on Tue 27th May 2008 18:36 UTC in reply to "openSUSE FTW"
Siamhie Member since:
2007-02-05

Don't even get me started on the root access vulnerability for slackware that was mentioned in the article, how has that not been addressed yet?

Security is a mindset, above all else.

;)


Well, if your running Slackware 12.0, then yes, your most likely vulnerable, but it has been addressed with the release of 12.1, unless there is an issue with openssl-0.9.8g itself.

Reply Bookmark Score: 1

wannabe geek
Member since:
2006-09-27

when I've found myself wondering where that xkcd comic come from, and where the security article was.

Reply Bookmark Score: 4

April Fool's?
by patrick_ on Tue 27th May 2008 01:52 UTC
patrick_
Member since:
2006-03-02

Sorry, I thought today was Memorial Day?

For some reason this feels like a paid advertisement that was supposed to seem like a normal OSNews post... Didn't work for me, sorry. ;)

Reply Bookmark Score: 1

comic's inspiration
by MamiyaOtaru on Tue 27th May 2008 04:26 UTC
MamiyaOtaru
Member since:
2005-11-11

I'm a little surprised not to see a link on OSNews to the incident that inspired this comic. Maybe the editors knew it would turn into a flamefest. Seriously though, it's somewhat of a major story. I'm a Debian user myself, and I'm really horrified at the bug one of their developers introduced to their version of OpenSSL.

It's one of those things that makes one think about distros and their relationship to upstream, about whether one's distro choice is sound, about how easy it is to trust code, etc etc. Seems like something that should be addressed on OSNews, even if it might be a crapstorm. Apologies if I missed it somewhere..

Reply Bookmark Score: 3

RE: comic's inspiration
by bloodandsoil on Tue 27th May 2008 09:28 UTC in reply to "comic's inspiration"
bloodandsoil Member since:
2007-08-24

I'm also a Debian user and am horrified as well.

I'm considering switching to Arch linux due to their policy of not messing with the source that comes from the original maintainer.

Reply Bookmark Score: 1

RE[2]: comic's inspiration
by da_Chicken on Tue 27th May 2008 10:59 UTC in reply to "RE: comic's inspiration"
da_Chicken Member since:
2006-01-01

I'm considering switching to Arch linux due to their policy of not messing with the source that comes from the original maintainer.

Arch seems to currently add three patches to their openssl package.
http://repos.archlinux.org/viewvc.cgi/openssl/repos/core-i686/

Some Arch packages, like firefox, have more patches.
http://repos.archlinux.org/viewvc.cgi/firefox/repos/extra-i686/

Reply Bookmark Score: 3

Add Comment Post a Comment