If you want something to show to the guys on your next meeting, try this: http://falkvinge.net/2013/11/17/nsa-asked-linus-torvalds-to-install-backdoors-into-gnulinux/
http://www.techrepublic.com/article/how-munich-rejected-steve-ballmer-and-kicked-microsoft-out-of-the-city/ http://www.comparebusinessproducts.com/fyi/50-places-linux-running-you-might-not-expect http://www.gfi.com/blog/the-most-vulnerable-operating-systems-and-applications-in-2011/ http://www.gfi.com/blog/report-the-most-vulnerable-operating-systems-and-applications-in-2012/ http://www.gfi.com/blog/report-most-vulnerable-operating-systems-and-applications-in-2013/ 2014-10-08 22:26 GMT-03:00 Israel <[email protected]>: > Hi Marc, > I'd like to reiterate what Lars said. > The bug was patched almost as soon as the news broke. It was seemless. > However, Apple users had to wait a week or so for an update. We got it > MUCH faster, and they are 'known' for security. > > After the story broke I ran sudo apt-get update && sudo apt-get upgrade > and sure enough... bash was there > Then I saw bash appear again a couple of times when new vulnerabilities > were discovered. > > What this basically means is: > > LOTS of BIG companies are REALLY interested in keeping Linux secure. > > Examples of big companies that use Ubuntu, and rely on it: > > Google > Facebook > Wikipedia > IBM (released a new server with support ONLY for Ubuntu... not even RHEL > or Oracle) > Steam > > Nearly all of the supercomputers in the world run Linux. > Nearly all of the smartphones run Linux. > > There are* lots *of people who look for problems in the underlying > structure. Lots of people investing lots of money into making sure > everything gets fixed. > > But of course, this is mainly for the kernel and underlying mechanisms. > Not too many big companies invest in LXDE, or XFCE... though I suppose RHEL > invests in Gnome, so we get some trickle-down from the improved programs > there. > > > > On 10/08/2014 02:57 PM, Lars Noodén wrote: > > The Shellshock vulnerability. > > Desktops were largely unaffected. The machines that were vulnerable > were primarily servers that met three conditions: > > a. running publicly available scripts > > b. those scripts were shell scripts, which is in itself rare as perl, > python, php are common. > > c. those shell scripts were running bash instead of sh, ash or dash > (ubuntu's default for scripts), which is rare for even for public shell > scripts. > > However, given the large number of servers potentially affected, there > were some that turned out to be vulnerable. I'm not sure if the dhcp > client specific to (L)Ubuntu was potentially affected or not. But for > the most part, despite having bash, desktops are not vulnerable because > they are not set up to offer bash (or any other) scripts to outsiders. > > About the patching. Ubuntu patched quickly and a normal update fixes > the problem(s). > > http://www.ubuntu.com/usn/usn-2364-1/ > http://www.ubuntu.com/usn/usn-2363-2/ > http://www.ubuntu.com/usn/usn-2363-1/ > http://www.ubuntu.com/usn/usn-2362-1/ > > There's not a proper date-time stamp on Ubuntu's announcements above, > but the first one at least was right quick more or less concurrent with > the public announcement. Yes, CVE-2014-6271 and co were a big deal due > to a really unfortunate misfeature but part of the visibility is due to > media's enthusiasm for man-bites-dog stories combined with other > interested marketing the heck out of said bugs. > > Lastly, extreme bugs like this and the previous server bug have been > rare which is part of the reason antagonists go out and market the bugs > under a brand name. The other one even had a company go out and > register a web site and hire a web developer to prepare promotional > materials prior to announcing the bug. > > So given the visibility I understand the concern. > > Regards, > /Lars > > > > > -- > Regards > > > -- > Lubuntu-users mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/lubuntu-users > >
-- Lubuntu-users mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
