Linked by Jordan Spencer Cunningham on Fri 14th Aug 2009 02:29 UTC
Linux It's the end of the world. Again. According to some Linux developers and security researchers, a bug in the Linux kernel has just been uncovered that makes just about every distribution utilizing kernel 2.4 and 2.6 on just about all architectures since May of 2001 vulnerable to a certain kind of attack.
Thread beginning with comment 378475
To view parent comment, click here.
To read all comments associated with this story, please click here.
by Jokel on Fri 14th Aug 2009 06:58 UTC in reply to "WinXP"
Member since:

Hmm.. You would be right if it was a bug that was KNOWN for 8 years. Fact is - this bug is only discovered a short while ago and is already being taken care of...

I am sure there are a LOT of yet undiscovered bugs in EVERY OS now at this moment! If you are using Windows, OSX, Beos, BSD or whatever there WILL be undiscovered bugs in it - waiting to be exploited. No OS will escape that.

The problem is - you cannot use undiscovered vulnerability because - its undiscovered. Simple. So saying Linux was vulnerable for 8 years is simply not true, because to use this as a exploit you have to know it exists. And nobody know about it until very recently.

To put it differently - if you are saying Linux was vulnerable for 8 years, I can safely claim ever OS on this planet is absolutely 100% unsafe because there are bugs in it that have been not discovered yet. Nobody knows about them or how they will work, but they are there, so they can be exploited right at this moment!

I am not saying Linux is more safe because it is perfect. No - Linux is safe because the moment something like this is discovered it is published and everybody is going to work on it to solve the problem as soon as possible.

Sorry - I had to react to this...

Reply Parent Score: 12

RE[2]: WinXP
by J.R. on Fri 14th Aug 2009 08:15 in reply to "RE: WinXP"
J.R. Member since:

Hmm.. You would be right if it was a bug that was KNOWN for 8 years. Fact is - this bug is only discovered a short while ago and is already being taken care of...

That is a valid point, however, the fact that it was just published does not mean that no one else have known about it for years.

But I do see your point.

Reply Parent Score: 4

RE[2]: WinXP
by _xmv on Fri 14th Aug 2009 09:43 in reply to "RE: WinXP"
_xmv Member since:

That's not quite true. Bugs that are not *public* might and are often already discovered and exploited by a few individuals only. It can stay like this for years.
There's not much you can do against it.
You can scratch your design and make one less bug-prone, or invent something no one else thought about that's 100% secure (good luck with that)
Meanwhile we patch and do our best to make things as secure as possible

edit: note that this is 100% true with Windows, MacOSX and what-not as well

Edited 2009-08-14 09:44 UTC

Reply Parent Score: 1

RE[3]: WinXP
by Lunitik on Sat 15th Aug 2009 22:47 in reply to "RE[2]: WinXP"
Lunitik Member since:

Since this flaw required local user access to exploit, I'm not sure it would have been very effective even before the patch?

Reply Parent Score: 2