Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430065
To read all comments associated with this story, please click here.
Zealot
by Mr.Manatane on Tue 15th Jun 2010 07:41 UTC
Mr.Manatane
Member since:
2010-03-19

And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.

Again, it's funny. When THIS happens with Mac OS X, everybody says that it is crap and full of security holes.

When it happens on Linux, everybody says "hey, it's a new security hole found, linux is more secure now. It doesn't change anything to the fact that it's still more secure than everything out there (windows, macos or BSD).

Just tired of this fanboyism.

Reply Score: 4

RE: Zealot
by lemur2 on Tue 15th Jun 2010 10:53 in reply to "Zealot"
lemur2 Member since:
2007-02-17

When it happens on Linux, everybody says "hey, it's a new security hole found, linux is more secure now.


Rubbish.

Distributing unsigned binary packages is a security hole that has been known about forever. This security hole is the entire reason package managers were designed written in the first place, over a decade ago.

Linux has been demonstrably more secure for the whole of that decade, but only for software distribution that utilises package managers. Like all trojans, this particular trojan relied on not being delivered via any package manager system.

Windows has no equivalent distribution system (although Windows Update does get part-way there, but that system applies only to Microsoft software). Consequently the security hole in Windows, wherein users routinely download and install unsigned binary packages, is absolutely enormous.

Edited 2010-06-15 10:55 UTC

Reply Parent Score: 3

RE[2]: Zealot
by Mr.Manatane on Tue 15th Jun 2010 14:32 in reply to "RE: Zealot"
Mr.Manatane Member since:
2010-03-19

Funny again how amnesic are Linux fanboy.

Your argumentation is just pointless when you see security holes like this:

http://www.informationweek.com/blog/main/archives/2008/05/a_black_e...

The problem involves Debian's version of the openssl package, which was changed back in 2006 in such a way that the encryption keys generated by the package could theoretically be guessed by an attacker. Bad. But what's worse, every encryption key generated with that edition of openssl since the change was made -- since 2006 -- now has to be dumped.


A single problems in the openssl debian package and BOOM all your genius stuff is doomed. now your genious deployement package tool - you are so proud of - is spreading the security holes on all OSes and it's worst than installing manually software YOU chose to install because you TRUST the repository of the linux distribution.

Reply Parent Score: 2

RE: Zealot
by Robert_Zenz on Tue 15th Jun 2010 19:55 in reply to "Zealot"
Robert_Zenz Member since:
2010-06-10

It's not even Linux fault...it's the fault of the admin who compiles and installs not signed packages. PEBCAK in this case.

Reply Parent Score: 1