GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Utter drivel. Pure FUD. We're all stupider because of these so-called reporters.
Just because an open source program contained a trojan doesn't mean open source sucks. A closed source, or Windows-only, program could be infected just the same. And it'd be harder to detect when you don't have the source.
Just because a primarily Unix program got compromised doesn't mean Linux sucks. This wasn't a Linux failure, it was a human failure. Unreal IRCd works just fine on Windows, by the way. Also, Windows users are human too.
Just because Unreal IRCd is sort of well-known doesn't mean that malware on Linux is new. Malicious scripts have been around forever (rm anyone? obfuscated perl?).
This also wasn't a Gentoo error. Gentoo doesn't have the resources to check every line of every program it ships, and should it even try?
The Unreal devs screwed up. They know it. They're taking steps to prevent this sort of thing from happening again. And they're being very open about it. Read the announcements, read the irc-security mailing list. Their transparency is commendable. Would you ever see Microsoft say "Sorry, due to human error, patch KB471289 contained a backdoor. In response, we'll tell you how to fix it: ABC. And we'll implement tighter security controls including XYZ. Really, our bad guys." No.
But this kind of crap isn't even worth reading.
Last edited by AlucardZero; 06-15-2010 at 09:44 PM.
My mother has always feared this type of FOSS infection: that which is distributed with the source code. I hope a fix for the Gentoo distribution to remove this Trojan can be released. Good thing I don't have to worry: I have Ubuntu.
This story has been out everywhere.
The debian team had mentioned this 15-16 months ago.
Anyone who has used IRC knows there is a chance of being rooted.
Its true the linux bashing is bull**** but the malware isn't too good.
Nobody's disputing that.
No system would ever be 100% safe from this kind of exploit, but the difficulty in successfully publishing this kind of attack in the world of open source software is highlighted by the fact that the attacker had to choose an obscure project for which there are a bazillion alternatives.
Most projects are GPG signed, or at least publish md5sums on their website to prevent this kind of thing from happening. Having freely viewable source code also helps.
Can the same be said for any freely downloadable Windows software? I mean, FFS, when this happens here it makes headlines... but it's an every day occurrence under Windows...
Again, I would like to apologize about this security breach.
We simply did not notice, but should have.
We did not check the files on all mirrors regularly, but should have.
We did not sign releases through PGP/GPG, but should have done so.
This story has been out everywhere.
The debian team had mentioned this 15-16 months ago.
Post your sources. If this trojan was known by Debian 15 months ago, they would have reported it to Unreal then.
Quote:
Originally Posted by Mr-Bisquit
Anyone who has used IRC knows there is a chance of being rooted.
IRC is no different then any other Internet-facing program. Run it as its own user to mitigate risks. IRC is not inherently more prone to "rooting." You're like that article on this very same subject that said IRC users deserved it because they were stupid to use IRC.
The Windows (SSL and non-ssl) versions are NOT affected.
Again, that’s right. A similarly infected Windows file in the wild would be detected within days if not hours after a routine virus scan by someone checking the download before installing it.
That settles it.
I'm going back to Windows then.........
I'm a gentoo user and I think the infection was not really that dangerous.. if you know what you're doing. It was said that:
Quote:
The Gentoo bug report (warning: Gentoo’s certificate does not resolve to a trusted Certifying Authority) reports that it is VERIFIED and CLOSED with this comment:
The unrealircd taball in the gentoo mirrors _is_ affected (
Unreal3.2.8.1.tar.gz ) but the Manifest file’s signatures match the
_unaffected_ tarball. This discrepancy is how the backdoor was discovered.
So the package will not really be built using the usual tool 'emerge'.
I think the effect of the malicious code to Gentoo is almost next to nothing.. thanks to Gentoo's verifications.
Last edited by konsolebox; 06-16-2010 at 08:40 AM.
I think the effect of the malicious code to Gentoo is almost next to nothing.. thanks to Gentoo's verifications.
Yeah, the fact that portage does 3 different checksums to verify downloads helps a lot. Did anyone on Gentoo actually successfully install the infected version? I'm just impressed that the backdoor compiled; the last time I had a piece of "malware" in a source build it wouldn't build with my version of GCC which was a laugh and a half. Especially since I was trying to build it intentionally to do some reseach!
Post your sources. If this trojan was known by Debian 15 months ago, they would have reported it to Unreal then.
IRC is no different then any other Internet-facing program. Run it as its own user to mitigate risks. IRC is not inherently more prone to "rooting." You're like that article on this very same subject that said IRC users deserved it because they were stupid to use IRC.
I don't see anything in there about malware, it just says the code violates GPL and is of very low quality with possible exploits and they don't wanna include it in Debian, and they're right.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.