LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 09-08-2021, 11:51 AM   #16
cynwulf
Senior Member
 
Registered: Apr 2005
Location: Walsall, UK
Posts: 2,656
Blog Entries: 7

Rep: Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192

The thread OP does not relate to a vulnerability in an OS.

"The vulnerability is in Microsoft Azure's flagship Cosmos DB database"
 
Old 09-17-2021, 02:54 PM   #17
SlowCoder
Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Ubuntu, Mint
Posts: 996

Rep: Reputation: 48
Quote:
Originally Posted by sundialsvcs View Post
Seriously, every operating system, specifically including Linux, is susceptible to security vulnerabilities ... ... All of these systems are internally so complex that it's not a matter of "whether" a new vulnerability exists.
This is a point lost on too many people.

To the comment about how many vulnerabilities MS has, there are a litany of them for Apple and Linux as well. Each one found and fixed is one less to worry about.
 
Old 09-18-2021, 09:39 AM   #18
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDo, tinycore, Q4OS,Manjaro
Posts: 3,955

Rep: Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824
I have not seen a successful OS/2, DOS (IBM or FREE), or CPM exploit in years, I have NEVER seen one for KOLIBRIOS. We are not talking about vulnerabilities, we are talking about actual breaches. At having breaches, Microsoft leads the pack by far. Part of that is that the environment is target rich for someone creating Microsoft breaches. More hardware that is vulnerable and poorly configured for security comes with Microsoft software than any other. Not that is is the only vulnerable target, but that it is the most COMMON most vulnerable target.

Of servers containing desirable data, the most vulnerable targets run on Microsoft systems. It is both the most common target, the easiest exploit, and the most tempting in general. All of this makes it likely to REMAIN the OS with the highest number of breaches for a good long time. Only in part because it is less secure than others, but mostly because it more successful at getting loaded onto machines that will hold data.
 
Old 09-18-2021, 11:55 AM   #19
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, RPi OS, Mint & Android
Posts: 13,111

Rep: Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753
The fact is, 20th century OSes had basdically no security, as programmers concentrated on 'boldly going where no one had gone before' and not hackage. Once it was realised people were being hacked, spammed & robbed, Unix (linux/bsd/whatever) reacted a whole lot faster and better than other OSes - Apple & M$. CP/M, Dos, & OS/2 were dead by this stage, so they didn't react at all. I built HLFS in the early 2000s which had patches to implement
  • Stack Overflow Protection
  • Position independent Code Segments
  • Position independent Executables.
  • Many buffer overflow problems.

GCC & the kernel have made huge strides in security. Vulnerabilities now lie less in the C/C++ code and server programs, and more in individual packages (e.g. javascript), weak passwords, poor encryption, and the like. All fixed I/O (e.g. ISA cards, or software addresses) are gone, and low memory is protected. That requires a much larger amount of work on the part of a hacker. It's a fact that attacking encryption was not thought worth the effort when single core CPUs ran at Mhz. But with multicore CPUs running at Ghz, This Little Beast boasts 160 Arm A-76 cores @ 3Ghz, and would certainly shorten tasks that could be suitably arranged. Much more so for password cracking. So the hacker is better armed. Exploits were discovered recently enough in wpa_supplicant and bash, and patches went up within a week. The best I've seen from M$ is 'Patch Tuesday.'

But a hacker doesn't have to bother cracking encryption to control a windows/Apple Box. In most cases, he can just use known exploits that have been reported to Apple or M$, and not fixed, or not fixed well enough. Apple have unpatched zero day exploits. Or they can grab a Google OS (Android, Chrome) or iOS, hack them and appear as legit in the eyes of some server. That's the way it's going: hack something soft, which is a trusted source.

In the hack of the Health Service Executive here in Ireland some months back, the backup servers were apparently on the same network as the boxes they were backing up. I have that from a tech insider.

An interesting search is: Unpatched zero day exploit +<OS>. I admit to not reading the search results.
  • Windows has bucketfuls
  • Apple has some, but seems to have patched more after years of neglect.
  • Linux has some, but most remark on how difficult the bug is to exploit.
  • Lastly, bug-hunters have noted many they found that are not patched yet, according to Slashdot. I remember reading it, but can't find the URL.

This link is interesting, though.
 
Old 09-19-2021, 07:29 AM   #20
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 17,788
Blog Entries: 11

Rep: Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384
Quote:
Originally Posted by wpeckham View Post
I have not seen a successful OS/2, DOS (IBM or FREE), or CPM exploit in years, I have NEVER seen one for KOLIBRIOS.
Doesn't mean there isn't one.
These things get reported in direct proportion to the popularity of the OS.

Also, hackers (the bad ones) aren't very interested in hacking any of these - no incentive.
 
Old 09-19-2021, 09:21 AM   #21
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDo, tinycore, Q4OS,Manjaro
Posts: 3,955

Rep: Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824
Quote:
Originally Posted by ondoho View Post
Doesn't mean there isn't one.
These things get reported in direct proportion to the popularity of the OS.

Also, hackers (the bad ones) aren't very interested in hacking any of these - no incentive.
Those were the points I hoped someone would take away. Advantage, the uncommon road: fewer highwaymen.
 
Old 09-19-2021, 04:01 PM   #22
rokytnji
LQ Veteran
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: AntiX 19
Posts: 6,356
Blog Entries: 21

Rep: Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199Reputation: 3199
Quote:
Originally Posted by ondoho View Post
Doesn't mean there isn't one.
These things get reported in direct proportion to the popularity of the OS.

Also, hackers (the bad ones) aren't very interested in hacking any of these - no incentive.

Kinda describes me in a pub. Being 6 foot 7 inches. I am usually guaranteed a interesting evening.

Being uniform does have it's advantages. No body notices you then. < except for Windows >

I get the same attention from the po po when on my motorcycle also.

Funny how folks look at this.

Run Windows and get hacked for being the norm.
Run Linux like a outlaw and nobody cares.

Kinda opposite?
 
Old 09-20-2021, 01:16 AM   #23
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 17,788
Blog Entries: 11

Rep: Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384Reputation: 5384
^ Wrong analogy. Linux isn't illegal.

Let's try this one:

You ride a standard off-the-shelf big brand motorcycle, you can get spare parts everywhere, but you're alo likely to get scammed, and even more likely to get your bike stolen (because big brand, big numbers, easier to resell).

Or

You ride a rare brand of motorcycle you had to put together yourself, possibly with customisations, you are going to have a hrader time getting spare parts, but when you do you can be sure they're the real deal, and also your bike is less likely to get stolen because it's much harder to resell.
 
Old 09-20-2021, 08:33 AM   #24
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, VSIDo, tinycore, Q4OS,Manjaro
Posts: 3,955

Rep: Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824Reputation: 1824
Another viewpoint on "Another Microsoft security breach! This is beginning to get boring.":
In 1980s this was shocking, in the 1990s it became boring.
Since 1999 this has just been normal and expected.
 
Old 09-20-2021, 01:02 PM   #25
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,291
Blog Entries: 4

Rep: Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318Reputation: 3318
Security is a process. As long as people are studying computer software in search of exploitable bugs, other people have to be fighting a counter-offensive. This of course will never, ever stop. And, every computer operating system and programming language will always be susceptible. This isn't exactly "boring," but it is also not exactly "news."
 
Old 09-20-2021, 01:29 PM   #26
maw_walker
Member
 
Registered: Jul 2021
Location: US
Distribution: FreeBSD, Kali
Posts: 79

Rep: Reputation: Disabled
sundialsvcs: very well said, thank you.
 
Old 09-21-2021, 05:06 AM   #27
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, RPi OS, Mint & Android
Posts: 13,111

Rep: Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753
Quote:
Originally Posted by sundialsvcs View Post
Security is a process. As long as people are studying computer software in search of exploitable bugs, other people have to be fighting a counter-offensive. This of course will never, ever stop. And, every computer operating system and programming language will always be susceptible. This isn't exactly "boring," but it is also not exactly "news."
Indeed. BSD "fortunes gave me this in a definition of 'bug':
Code:
Bug:    An elusive creature living in a program that makes it incorrect. The activity of "debugging," or 
removing bugs from a program, ends when people get tired of doing it, not when the bugs are removed.
The curse is that any server is a target, and the hacker can take as many shots at it as he likes. He only has to strike lucky once.
 
Old 09-22-2021, 07:33 AM   #28
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, RPi OS, Mint & Android
Posts: 13,111

Rep: Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753Reputation: 1753
As we'rer on bugs, here's interesting stuff on Chinese mobiles
https://www.bbc.com/news/technology-58652249
 
Old 09-22-2021, 07:47 AM   #29
hazel
LQ Guru
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 5,707

Original Poster
Blog Entries: 16

Rep: Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385Reputation: 3385
Quote:
Originally Posted by business_kid View Post
As we'rer on bugs, here's interesting stuff on Chinese mobiles
https://www.bbc.com/news/technology-58652249
That doesn't surprise me at all. The Chinese bug everything they make and all their social media channels spy on their users. That's why Huawei got kicked out of the UK 5G project.
 
Old 09-22-2021, 11:54 AM   #30
cynwulf
Senior Member
 
Registered: Apr 2005
Location: Walsall, UK
Posts: 2,656
Blog Entries: 7

Rep: Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192Reputation: 2192
Oh dear... Chinese competition are becoming such a big threat to "big tech"....

Last few paragraphs of the article quickly remind the reader of the recent tensions with regards to Taiwan. There is no mention of bugging - the Xiaomi devices apparently, according to the Lithuanians, have built in censorship, only relevant to China, which would obviously damage sales if it were enabled elsewhere... There is also some mention of usage stats being transmitted to somewhere in Singapore... so not so different to what Faecebook, Microsoft, Apple, google, Amazon, even Mozilla get up to...

The "Chinese phones" statement is also rather ironic considering all the big fabs for US, Japanese and Korean manufacturers are in China anyway.

It was actually the US - Trump - who threatened Johnson and the British over Huawei, prior to that the doors were wide open, for better or for worse.

Last edited by cynwulf; 09-22-2021 at 12:17 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Another Yahoo Security Breach Affects a Billion Accounts LXer Syndicated Linux News 0 12-15-2016 04:45 AM
Yet another thread about a security breach Fredde87 Linux - Security 19 10-16-2009 08:12 AM
LXer: From the End of the Beginning to the Beginning of the End LXer Syndicated Linux News 0 03-08-2009 12:12 AM
[Security Questions] Last Login, how good is this feature for security breach info? t3gah Linux - Security 2 06-14-2005 01:02 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 05:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration