Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430032
To read all comments associated with this story, please click here.
Comment by flanque
by flanque on Tue 15th Jun 2010 01:27 UTC
flanque
Member since:
2005-12-15

Bloggers saying that this is a Windows 7 problem I think I can safely classify in one of three areas:

1. They want to create more hype than is actually there, thus bringing more attraction to their websites or their person
2. They really don't like Microsoft and/or closed-source
3. They don't know what the heck they're talking about

Reply Score: 2

RE: Comment by flanque
by kragil on Tue 15th Jun 2010 07:31 in reply to "Comment by flanque"
kragil Member since:
2006-01-04

Well this is neither a Windows 7 or a Linux problem. This is just a problem of a compromised web server and not securing the integrity of your sources PERIOD

Everything I read about this issue was very misinformed.
First of all they say that this only affected Linux. Not true. If you compiled the source on Windows you have the same problems. Only if you used the windows binaries you were safe.
The only way this affected Linux (distros) was that Gentoo used the source for its package. Other major distros were not affected.

What I see here is Windows people knowing (or pretending to know) very little about open source and trying to make it look bad.

Reply Parent Score: 3

RE[2]: Comment by flanque
by sakeniwefu on Tue 15th Jun 2010 10:26 in reply to "RE: Comment by flanque"
sakeniwefu Member since:
2008-02-26

It's not a security problem at all. At least not at the OS level.

If the people running the server had sent their tainted app to Apple, then you would be able to pay to have a Trojan in your iPhone. Until Apple took it down because it allows for extra functionality.

But still, Windows and Linux security are on the same league. In the case of Linux it is more aggravating if anything because the features are there somewhere, only disabled or enabled with holes. I am no elite hacker and I can still go from gets() to arbitrary command execution in my latest Ubuntu Karmic amd64 with the default options. All because of dubious GCC "optimizations".

Reply Parent Score: 3