On Tue, Aug 18, 2020 at 10:23 PM Tomas Kuchta <[email protected]> wrote:
> On Tue, Aug 18, 2020, 20:45 Russell Senior <[email protected]> > wrote: > > > Fwiw, my take when I saw the report was along the lines of "Oh, that's > > interesting, what was the infection vector, how do I discover if a box is > > infected, etc" and the supposed "technical details" were a bunch of > > handwaving and then a suggestion to not run a kernel before 3.6 or > > something. Who is still running a kernel as old as 3.6? > > > > You would be surprised - there are hundreds of servers (60 CPU 2+TB RAM) in > your typical enterprise running 2.6 kernel. The sadest thing - they are all > the cream of the IT/tech heap. > > > You are correct. The average consumer (aka "end user) often looks at security flaws in a very self-centered way. Phones, tables, laptops and desktop computers at home or in the office are routinely replaced and rarely last longer than 5 years. So who cares if kernel 3.x is affected? Military and government use cases often implement systems for 10 years at a minimum. The average lifespan for a typical helicopter is ~40 years (and yes, helicopters have computers too). For consumer and military airplanes this could be even longer. Banks are still running systems as part of their backend that are 20+ years old and maintain languages like COBOL for handling transactions. Some linux distros even maintain S/390 ports although I've never met anyone who knows where those machines are still in use. Many of the early "smart home" devices ran versions of android based on linux versions from that era. IIRC 3.4 was one of the kernel versions that saw an insane amount of use in the android world and was not limited to phones/tablets. So let's set aside our fancy 5.x kernels and ask a very serious question: Which kernel version is running the machines used to tally votes in November? -Ben > > > "To prevent a system from being susceptible to Drovorub’s hiding and > > persistence, system administrators should update to Linux Kernel 3.7 or > > later in order to take full advantage of kernel signing enforcement." ... > > like, when was this report written and why is it only now becoming > public? > > The last 3.6.x stable release was in December 2012. If the operating > system > > is hiding its parts from you, why not boot a live system to investigate? > It > > just reads like weird baffle-them-with-bs. > > > > On Tue, Aug 18, 2020 at 7:28 PM King Beowulf <[email protected]> > > wrote: > > > > > On 8/14/20 5:33 AM, Rich Shepard wrote: > > > > As a computer user and a non-professional I'd like your thoughts on > > this > > > > Ars > > > > Technica article, "NSA and FBI warn that new Linux malware threatens > > > > national security." > > > > > > > > < > > > > > > https://arstechnica.com/information-technology/2020/08/nsa-and-fbi-warn-that-new-linux-malware-threatens-national-security/ > > > > > > > > > > > > > > > > Rich > > > > > > > > > > The media hype this is hysterical...because RUSSIA! > > > > > > There have been numerous toolkits over the years with similar > > > functionality (rootkit + botnet + spyware etc), so I'm not surprised a > > > government spy agency cleans it up. Heck, UK probably has the same > > > thing called "007" or similar and USA's some sort of unpronounceable > > > acronym... > > > > > > From what I can tell, it is unlikely for this to be an issue without > > > local root privileges since is it MALWARE and not an EXPLOIT: > > > > > > 1. needs local access to computer OR > > > 2. trick user to installing the software via email or compromised > > > download (gee, does that STILL happen?) OR > > > 3. piggyback on existing remote access exploit to gain root access > > > (privilege escalation). > > > > > > Thus, the same rules apply to keeping this off your systems and servers > > > as have for decades: don't click random links, don't download random > > > executable files, etc. > > > > > > -Ed > > > > > > _______________________________________________ > > > PLUG: https://pdxlinux.org > > > PLUG mailing list > > > [email protected] > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > _______________________________________________ > > PLUG: https://pdxlinux.org > > PLUG mailing list > > [email protected] > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > _______________________________________________ > PLUG: https://pdxlinux.org > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG: https://pdxlinux.org PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
