Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Permalink for comment 430063
To read all comments associated with this story, please click here.
RE[4]: Comment by lemur2
by lemur2 on Tue 15th Jun 2010 07:28 UTC in reply to "RE[3]: Comment by lemur2"
Member since:

"For example, if you want a version of Firefox-3.7 that includes WebM, right now, today, then here you go: Open a terminal and enter: sudo add-apt-repository ppa:ubuntu-mozilla-daily/ppa sudo apt-get update sudo apt-get install firefox-3.7 This will install a GPG signed version of Mozilla 3.7 nightly build on your Ubuntu system, using the apt package manager, independent of Ubuntu's repositories. The end user does not have to know anything about GPG. The first command, add-apt-repository, gets a key for the ppa from a trusted keyserver.
No, but they'd have to know about sudo, apt-get, package managers, and key servers. Somehow, that doesn't seem a whole lot less complicated. "

Not at all. Users need to know only:
(1) How to "Open a terminal",
(2) How to highlight a line of text from this very web page as they are reading it,
(3) How to paste that copied text into the terminal application (hint: middle-click anywhere in the terminal window area)
(4) their password

They do that three times, once for each line (actually, they need to know their password only for the first line), and they are done.

It sin't hard. Select each line of text, one line at a time, in order, for the following three lines:
sudo add-apt-repository ppa:ubuntu-mozilla-daily/ppa
sudo apt-get update
sudo apt-get install firefox-3.7

Then middle-click anywhere in the terminal window after each selection has been made.

Users don't even need to know how to type (except for their password, once only).

There is also a GUI way to do the same thing using Synaptic, but that is actually harder to describe on a text-based web forum such as this, and harder for users to actually carry out.

Anyway, had the vendors of the app which is the subject of this thread simply opened a account and copied their source tree there, this trojan would have been avoided for Ubuntu/Kubuntu users.

Edited 2010-06-15 07:36 UTC

Reply Parent Score: 2