Information Security with Occasional Forays into Other Realms
Via Dan Goodin, Security Editor at Ars Technica, comes news of OpenBSD, Debian, CentOS, Ubuntu and Red Hat Linux flaws - in existence for an estimated 23-months (and just discovered).
'An advisory X.org developers published Thursday disclosed the 23-month-old bug that, depending on how OS developers configure it, lets hackers or untrusted users elevate very limited system rights to unfettered root.' - via Dan Goodin, Security Editor at Ars Technica
Martin Brinkmann, writing at gHacks, illuminates the questionable data gathering efforts by Canonical, producers of Ubuntu Linux. Read Martin's concise examination of the issue, of which - most certainly - is Today's Must Read.
Well-wrought thought piece on the failure of Red Hat and Ubuntu to secure their respective distros utilizing standardization in the form of reproducible builds (and other means).
Damn kids apparently have forgotten their lessons whilst in kindergarten regarding safe and fair play. In this case, however, we have the added component of organizations, companies and individuals suffering due to the ineptitude of the big names in Linux... Astounding.
Via the eponymous Dan Goodin, writing at ArsTechnica, comes news of the latest flaw in Android, this time, based on DirtyCow code. Our take? Be prepared to mitigate this flaw ASAP. The timeline for exploit mitigation on Android? Unknown, due to the lack of established patch management planning by the major manufacturers.... Astonishing.
"Now that the Dirty Cow hole has been patched in the Linux kernel, it's only a matter of time until the fix makes its way into Android, too...." "Of course, that's not available for a large number of devices, mostly because of limitations set by manufacturers and carriers." - via ArsTechnica's Dan Goodin
J.M. Porup - an Ars Technica UK writer - examines the security posture of the Linux kernel, and finds it somewhat wanting...