Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430216
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Zealot
by lemur2 on Tue 15th Jun 2010 23:22 UTC in reply to "RE[2]: Zealot"
lemur2
Member since:
2007-02-17

A single problems in the openssl debian package and BOOM all your genius stuff is doomed. now your genious deployement package tool - you are so proud of - is spreading the security holes on all OSes and it's worst than installing manually software YOU chose to install because you TRUST the repository of the linux distribution.


Doomed?

No users system got any malware through the debian openssl error.

Security hole? No, the openssl error reduced the security of openssl on Debian systems for a time, but it was a weakness, not a hole. It meant taht an attacker, who knew about the weakness, would have required significantly less time for a brute force attack against openssl than should have been needed. No end user's system was ever breached because of it.

Spreading to all OSes? No. It was an error, that resulted in weaker openssl for some time on debian systems, and which was corrected when it was discovered in an audit at Debian.

Please stick to the facts, OK? No system can eliminate errors. This particular error resulted in no harm before it was fixed.

Zealot? Exactly who is spreading the lies and invictive here, hmmmm?

Edited 2010-06-15 23:25 UTC

Reply Parent Score: 2